Fundamentals of De-Identification
You know why you need to de-identify, now get an idea of how
When it comes to de-identification, a risk-based approach wins hands down at safely mitigating risk of re-identification and allowing data granularity. The problem with this approach is that it requires an expert, an experienced data scientist who can review the data and understand the nuances of the data and its risk. These experts are in short supply, as discussed in our white paper, How to You Make a De-Identification Expert.
Understanding this topic requires a sound introduction into the fundamentals of de-identification. This includes looking at ways individuals can be re-identified once “masked.” Data masking is a prescriptive approach to de-identification – typically involving the installation of software that applies Safe Harbor standards to protected health information. Safe Harbor pinpoints 18 different types of identifiers that require redaction or removal. The problem is that many of these identifiers directly identify an individual – and are fields that will not be analyzed for secondary purposes. The purpose of HIPAA’s Privacy Rule is to allow for the sharing of PHI for uses other that which it was originally given. The real gold for secondary use lies in the indirect identifiers, fields that while not immediately identifying an individual can do so when combined with each other. Here data analysts can find insight and are able to open the doors of innovation.
Discussion around direct and indirect identifiers, HIPAA’s Privacy Rule and recognizing the differences between the two arms of its approach to de-identification are essential learning when permitting the use of PHI for secondary purposes. With this knowledge, IT, legal teams, and Privacy Officers are better equipped to manage the risks of releasing PHI while still allowing data utility.
This topic is discussed further in our white paper, De-Identification 201 – Fundamentals of De-Identification. Get your copy here.
- One Year In: How the Opening of Health Canada’s Portal Affects YouMay 4, 2020
- Turn Data Assets into Business Opportunity Under CCPADecember 19, 2019
- How does risk-based anonymization work?December 18, 2019
- Why should I use Expert Determination over Safe Harbor?December 18, 2019
- What do I need to know about GDPR, HIPAA and CCPA to meet our regulatory and privacy obligations?December 18, 2019
- Putting our passion into action against COVID-19April 15, 2020
- GDPR and The Future of Clinical Trials Data SharingMarch 18, 2019
- Advancing Principled Data Practices in Support of Emerging TechnologiesMarch 15, 2019
- “Zero Risk Does Not Exist”February 7, 2019
- Is Anonymization Possible with Current Technologies?January 9, 2019