Presentation is loading. Please wait.

Presentation is loading. Please wait.

Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be.

Published byWinfred Miller Modified over 8 years ago

Similar presentations

Presentation on theme: "Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be."— Presentation transcript:

1

2 Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual is not individually identifiable health information. Definition of De-identified Data

3 Direct Identifiers Fields that would uniquely identify individuals in a database Name, address, telephone number, fax number, MRN, health card number, health plan beneficiary number, license plate number, email address, photograph, biometrics, SSN, SIN, implanted device number

4 Quasi-Identifiers sex, date of birth or age, geographic locations (such as postal codes, census geography, information about proximity to known or unique landmarks), language spoken at home, ethnic origin, aboriginal identity, total years of schooling, marital status, criminal history, total income, visible minority status, activity difficulties/reductions, profession, event dates (such as admission, discharge, procedure, death, specimen collection, visit/encounter), codes (such as diagnosis codes, procedure codes, and adverse event codes), country of birth, birth weight, and birth plurality

5 De-identification Standards The HIPAA Privacy Rule specifies two de- identification standards (45 CFR 164.514): –Safe Harbor –Statistical method (also known as the expert statistician method)

6 Safe Harbor Direct Identifiers and Quasi-identifiers 1.Names 2.ZIP Codes (except first three) 3.All elements of dates (except year) 4.Telephone numbers 5.Fax numbers 6.Electronic mail addresses 7.Social security numbers 8.Medical record numbers 9.Health plan beneficiary numbers 10.Account numbers 11.Certificate/license numbers HIPAA Safe Harbor 12.Vehicle identifiers and serial numbers, including license plate numbers 13.Device identifiers and serial numbers 14.Web Universal Resource Locators (URLs) 15.Internet Protocol (IP) address numbers 16.Biometric identifiers, including finger and voice prints 17.Full face photographic images and any comparable images; 18. Any other unique identifying number, characteristic, or code

7

8

9

10

11

12 Statistical Method (HIPAA) A person with appropriate knowledge of and experience with generally accepted statistical and scientific principles and methods for rendering information not individually identifiable: I.Applying such principles and methods, determines that the risk is very small that the information could be used, alone or in combination with other reasonably available information, by an anticipated recipient to identify an individual who is a subject of the information; and II.Documents the methods and results of the analysis that justify such determination

13 Re-identification Risk Spectrum

14 Managing Re-identification Risk

15 Example – CA Hospital Discharges Context: data release to a data analytics company who will sign a data use agreement, good practices for managing sensitive health information There were ~2.1m patients who had ~3m visits Risk threshold = 0.2; use average risk across all patients Variables: –Year of birth –Gender –Year of admission –Days since last visit –Length of stay

16 Risk Level

17 Hierarchy

18 De-identified Data

19 www.privacyanalytics.ca More Information @PrivacyAnalytic

Download ppt "Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be."

Similar presentations

Tracking Meeting Khaled El Emam, CHEO RI & uOttawa.

Tracking Meeting Khaled El Emam, CHEO RI & uOttawa.
1 The ATHNdataset: Why should I opt in?. 2 ATHNdataset: A Community Resource Brings together standardized demographic and clinical data into one national.

1 The ATHNdataset: Why should I opt in?. 2 ATHNdataset: A Community Resource Brings together standardized demographic and clinical data into one national.
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *http://www.hhs.gov/ocr/combinedregtext.pdf.

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
DIMACS Working Group on Privacy / Confidentiality of Health Data Rutgers University Center Piscataway, New Jersey December 10-12, 2003.

DIMACS Working Group on Privacy / Confidentiality of Health Data Rutgers University Center Piscataway, New Jersey December 10-12, 2003.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA Requirements for Patient Oriented Research

HIPAA Requirements for Patient Oriented Research
Informed Consent.

Informed Consent.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Protecting Client Data HIPAA, HITECH and PIPA Part 1A

Protecting Client Data HIPAA, HITECH and PIPA Part 1A
HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.

HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.
Training In HIPAA Privacy Regulations for Researchers and Research Staff Adapted from a presentation prepared by Human Subjects Division, University of.

Training In HIPAA Privacy Regulations for Researchers and Research Staff Adapted from a presentation prepared by Human Subjects Division, University of.
Privacy and Information Security Essentials

Privacy and Information Security Essentials
Nora B. McCann Privacy Manager Corporate Compliance Fox Chase Cancer Center

Nora B. McCann Privacy Manager Corporate Compliance Fox Chase Cancer Center
What does this form mean? HIPAA Authorization means prior written permission for use and disclosure of protected health information (PHI) from the information’s.

What does this form mean? HIPAA Authorization means prior written permission for use and disclosure of protected health information (PHI) from the information’s.
1 HIPAA, Researchers and the IRB: Part Two Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.

1 HIPAA, Researchers and the IRB: Part Two Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.
SPECIAL DIABETES PROGRAM FOR INDIANS Competitive Grant Program Special Diabetes Program for Indians Competitive Grant Program SPECIAL DIABETES PROGRAM.

SPECIAL DIABETES PROGRAM FOR INDIANS Competitive Grant Program Special Diabetes Program for Indians Competitive Grant Program SPECIAL DIABETES PROGRAM.

Similar presentations

Ads by Google