More and more organizations are leveraging their health data for secondary purposes. They know just locking away their data in silos will no longer suffice. De-identification can solve a host of healthcare’s most challenging issues – but it needs to be done properly first.
Under HIPAA’s privacy rule are two arms – Safe Harbor and Expert Determination. Safe Harbor is prescriptive approach to de-identification; it can easily be set up and it ensures the organization stays HIPAA compliant. However, for those previously mentioned secondary purposes, the Expert Determination method offers the chance to review the nuances in the data and apply the right techniques.
Before applying de-identification, a key component is measuring risk. Measuring the risk in Protected Health Information (PHI) is essential for effective de-identification. Understanding re-identification risks from a financial, legal and reputational standpoint is crucial to the process. By measuring the risk, organizations can apply a risk-based de-identification strategy that simultaneously protects the individual but also enables the secure release of granular data.
You may have read our de-identification series (101, 201, 301, and 401) and are unsure where to go from there. Now that you have taken the first steps in the expert’s journey, it’s time to take it up a notch. The white paper, The Definitive Guide to De-Identification, authored by health data expert and Privacy Analytics’ founder, Khaled El Emam, offers graduate level education on the subject.
The Definitive Guide to De-Identification covers which organizations would benefit from solid de-identification strategies, the risks therein and reviews the standard approaches under the HIPAA privacy rule. It then outlines the right methodology to take and techniques that should be used to maximize use while minimizing privacy concerns
