Fundamentals of De-Identification
You know why you need to de-identify, now get an idea of how
When it comes to de-identification, a risk-based approach wins hands down at safely mitigating risk of re-identification and allowing data granularity. The problem with this approach is that it requires an expert, an experienced data scientist who can review the data and understand the nuances of the data and its risk. These experts are in short supply, as discussed in our white paper, How to You Make a De-Identification Expert.
Understanding this topic requires a sound introduction into the fundamentals of de-identification. This includes looking at ways individuals can be re-identified once “masked.” Data masking is a prescriptive approach to de-identification – typically involving the installation of software that applies Safe Harbor standards to protected health information. Safe Harbor pinpoints 18 different types of identifiers that require redaction or removal. The problem is that many of these identifiers directly identify an individual – and are fields that will not be analyzed for secondary purposes. The purpose of HIPAA’s Privacy Rule is to allow for the sharing of PHI for uses other that which it was originally given. The real gold for secondary use lies in the indirect identifiers, fields that while not immediately identifying an individual can do so when combined with each other. Here data analysts can find insight and are able to open the doors of innovation.
Discussion around direct and indirect identifiers, HIPAA’s Privacy Rule and recognizing the differences between the two arms of its approach to de-identification are essential learning when permitting the use of PHI for secondary purposes. With this knowledge, IT, legal teams, and Privacy Officers are better equipped to manage the risks of releasing PHI while still allowing data utility.
This topic is discussed further in our white paper, De-Identification 201 – Fundamentals of De-Identification. Get your copy here.
- Turn Data Assets into Business Opportunity Under CCPADecember 19, 2019
- Can you comply your way to greatness?November 21, 2019
- When to Integrate Anonymization of Documents and DataSeptember 26, 2019
- Deep-Diving into Re-identification: Perspectives On An Article In Nature CommunicationsSeptember 26, 2019
- Learning at Scale: Anonymizing Unstructured Data using AI/MLSeptember 26, 2019
- GDPR and The Future of Clinical Trials Data SharingMarch 18, 2019
- Advancing Principled Data Practices in Support of Emerging TechnologiesMarch 15, 2019
- “Zero Risk Does Not Exist”February 7, 2019
- Is Anonymization Possible with Current Technologies?January 9, 2019
- Comparing the benefits of pseudonymisation and anonymisation under the GDPRDecember 20, 2018