Learning about the HIPAA Privacy Rule
Understanding the differences between the two veins of the Privacy Rule
Initially proposed in November 1999, the U.S. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule created a national standard to protect individuals’ medical records and other personal health information. It applies to health plans, health care providers, and health care clearinghouses who could share PHI. While privacy advocates would be firm in their belief that PHI should not be shared, that is not realistic with the needs of today. The healthcare industry requires the sharing of sensitive information for advancement and innovation. HIPAA permits sharing of PHI by requiring safeguards to protect the privacy of PHI and sets limits and conditions on the use of this information without patient authorization. The HIPAA Privacy Rule also gives patients’ further rights over their health information, including rights to view their records, obtain a copy, and to request corrections.
Under the Privacy Rule, there are two mechanisms for de-identification – the only acceptable means to share health data without patients’ consent. Safe Harbor offers a prescriptive approach to de-identification, whereas Expert Determination, or the Statistical Method, is far more multi-dimensional. Using either method has its own advantages and disadvantages. Regardless of the method taken, the use of PHI for secondary purposes is never taken lightly. It’s always a risk to an organization to release data – however, taking the right steps and right precautions can ensure minimal risk while permitting maximum utility.
In order to leverage PHI properly for secondary purposes, an understanding of the different de-identification mechanisms is required. The white paper, Safe Harbor vs the Statistical Method, discusses what each of these methods entail in terms of protecting your organization and how they can enable better data for analytics, research or monetization.
Make sure you download it today to learn more!
- Turn Data Assets into Business Opportunity Under CCPADecember 19, 2019
- How does risk-based anonymization work?December 18, 2019
- Why should I use Expert Determination over Safe Harbor?December 18, 2019
- What do I need to know about GDPR, HIPAA and CCPA to meet our regulatory and privacy obligations?December 18, 2019
- Should we invest in building our own de-identification capability?December 17, 2019
- GDPR and The Future of Clinical Trials Data SharingMarch 18, 2019
- Advancing Principled Data Practices in Support of Emerging TechnologiesMarch 15, 2019
- “Zero Risk Does Not Exist”February 7, 2019
- Is Anonymization Possible with Current Technologies?January 9, 2019
- Comparing the benefits of pseudonymisation and anonymisation under the GDPRDecember 20, 2018