New Federal Guidance on De-Identifying Patient Information

The HHS Office for Civil Rights has issued lengthy and detailed guidance on two methods for de-identifying protected health information under the HIPAA privacy rule.

Get access to this article and thousands more...

All Health Data Management articles are archived after 7 days. REGISTER NOW for unlimited access to all recently archived articles, as well as thousands of searchable stories. Registered Members also gain access to exclusive industry white paper downloads, web seminars, podcasts, e-books, and conference discounts. Qualified members may also choose to receive our free monthly magazine and any of our e-newsletters covering the latest breaking news, opinions from industry leaders, developing trends and specialized topics like EHR's, revenue cycle management, health insurance exchanges, analytics, and more!

Already Registered?

Forgot Password/Need Help?
Comments (2)
Have a national database and let the lawyers and govt remove any identifers they want so it can be shared without HIPPA problems. Then allow the data to be accessed to improve healthcare by all parties. Data is KING to solving waste.
Posted by mackley | Saturday, December 01 2012 at 9:47AM ET
OCR's 'guidance' for "de-identifying" health data is totally inadequate to protect sensitive health information.

- There are no penalties for not following the 'guidance'.

- The 'guidance' allows easy 're-identification' of health data. Publically available data bases of other personal information can be quickly compared electronically with 'de-identified' health data bases, so can be names re-attached, creating valuable, identifiable health data sets.

- The HIPAA "Safe-Harbor" method allows re-identification: even if 18 specific identifiers are removed.04% of the data can still be 're-identified'.

- Certification by a statistical "expert" that the re-identification risk is "small" allows release of data bases without patient consent.

- There are no requirements to be an "expert"

- There is no definition of "small risk"

- The OCR guidance ignores computer science, which has demonstrated 'de-identification' methods can't prevent re-identification. No single method or approach can work because more and more 'personally identifiable information' is becoming publically available, making it easier and easier to re-identify health data. See: the "Myths and Fallacies of "Personally Identifiable Information" by Narayanan and Shmatikov, June 2010 at: Key quotes from the article:
- "Powerful re-identification algorithms demonstrate not just a flaw in a specific anonymization technique(s), but the fundamental inadequacy of the entire privacy protection paradigm based on "de-identifying" the data."
- "Any information that distinguishes one person from another can be used for re-identifying data."
- "Privacy protection has to be built and reasoned about on a case-by-case basis."

OCR should have recommended case-by-case 'adversarial testing' by comparing a "de-identified" health data base to multiple publically available data bases to determine which data fields must be removed to prevent re-identification.

See PPR's paper on "adversarial testing" at:

Simplest, cheapest, and best of all would be to use the stimulus billions to build electronic systems so patients can electronically consent to data use for research and other uses they approve of. Complex, expensive contracts and difficult 'work-arounds' (like 'adversarial testing') are needed to protect patient privacy because institutions, not patients, control who can use health data. This is not what the public expects and prevents us from exercising our individual rights to decide who can see and use personal health information.
Posted by DEBORAH P | Wednesday, December 19 2012 at 11:58AM ET
Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.


Slide Shows

Already a subscriber? Log in here
Please note you must now log in with your email address and password.