The Privacy Officer’s Dilemma

When it comes to using data for secondary purposes, privacy implications, legal implications, and public relations’ ramifications are all major concerns for providers, payers, and the pharma industries. Privacy Officers know that leveraging protected health information (PHI) or personally identifiable information (PII) requires them to tread carefully. Safeguarding patient privacy is of paramount importance and the repercussions for a breach or HIPAA violation can be costly, both in dollars and reputation. Look at St. Joseph’s Health – they paid over two million dollars for a HIPAA violation.

The adoption of electronic medical records (EMRs) and increased use of medical monitoring devices, patient imaging, and mobile technologies means that the amount of patient data is growing exponentially. Consequently, the demand to share this data with other groups is growing along with projections that the healthcare analytics market will reach between $18 billion and $21 billion by 2020, up from $5.8 billion in 2015.

Enter the Privacy Officer’s Dilemma: managing privacy when sharing data for secondary use. It is no easy feat to navigate the legal frameworks around safely and securing sharing data. Often facing budget constraints or a lack of expertise, Privacy Officers may feel trapped. They are either compromising with the IT or Security and not releasing data, or being forced to use methods which put privacy at risk.

The regulatory environment for health information is a complex one. It is easy to get lost. Long-standing legislation like HIPAA has been modified and updated by the HITECH Act and other changes, like the amended versions of the 2015 21st Century Cures Act, are waiting in the wings. When you add the various national and international standards and guidelines (like HITRUST and PhUSE, to name a few), it can become challenging to determine if your data sharing practices meet regulatory compliance.

These recent changes have made the role of Privacy Officers in healthcare organizations more important than ever before. Privacy Officers must now help their organizations navigate the regulatory landscape and manage risk to minimize damages – be they financial, legal or reputational.

To make it easier, Privacy Analytics offers services in HIPAA-compliant data sharing. Ensure your organization is sharing data that demonstrates a low risk of re-identification with our Re-identification Risk Determination service. We measure the risk contained in datasets that have already been de-identified and create the expert reporting needed to meet regulatory compliance. Learn more here, or download the data sheet.


Don’t forget: we are still collecting responses to our State of Data Sharing for Healthcare Analytics 2016-2017 report. Take 5 minutes to complete our survey and you could win one of 20 $50 Starbucks gift cards! Take the survey here.

Free Webinar: De-Identification 101

Join Privacy Analytics for a high level introduction of de-identification and data masking.
Watch now

Free Download: De-Id 101

You have Successfully Subscribed!