Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be.

Slides:

Advertisements

Similar presentations

Tracking Meeting Khaled El Emam, CHEO RI & uOttawa.

Advertisements

1 The ATHNdataset: Why should I opt in?. 2 ATHNdataset: A Community Resource Brings together standardized demographic and clinical data into one national.

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *

DIMACS Working Group on Privacy / Confidentiality of Health Data Rutgers University Center Piscataway, New Jersey December 10-12, 2003.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

HIPAA Requirements for Patient Oriented Research

Informed Consent.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Protecting Client Data HIPAA, HITECH and PIPA Part 1A

HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.

Training In HIPAA Privacy Regulations for Researchers and Research Staff Adapted from a presentation prepared by Human Subjects Division, University of.

Privacy and Information Security Essentials

Nora B. McCann Privacy Manager Corporate Compliance Fox Chase Cancer Center

What does this form mean? HIPAA Authorization means prior written permission for use and disclosure of protected health information (PHI) from the information’s.

1 HIPAA, Researchers and the IRB: Part Two Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.

SPECIAL DIABETES PROGRAM FOR INDIANS Competitive Grant Program Special Diabetes Program for Indians Competitive Grant Program SPECIAL DIABETES PROGRAM.

HIPAA, Researchers and the IRB Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.

Public Aggregate Reporting – DHCS Business Reports Overview

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

Health Insurance Portability and Accountability Act of 1996

HIPAA Health Insurance Portability & Accountability Act of 1996.

Health Insurance Portability and Accountability Act (HIPAA)

2012 VA Human Research Protection Program Patricia L. Christensen, MS, RHIA, CIPP/G, CHPS, CHPC VHA Privacy Office Common Privacy Findings in Research.

Data Security and Research 101 Completing Required Forms Kimberly Summers, PharmD Assistant Chief for Clinical Research South Texas Veterans Health Care.

Protected Health Information (PHI). Privileged Communication An exchange of information between two individuals in a confidential relationship. (Examples:

Paula Peyrani, MD Medical/Project Director, HIV Program at the 550 Clinic Assistant Director, Research Design and Development Clinical and Translational.

HIPAA Business Associates Leadership Group Meeting June 28, 2001.

1 Research & Accounting for Disclosures March 12, 2008 Leslie J. Pfeffer, BS, CHP Office of the Vice President for Research Administration Office of Compliance.

Example of Medical Record Elements

Revised February 4, Health Insurance Portability and Accountability Act (HIPAA) HIPAA Privacy Rule: UCSF Education Module for Researchers, Research.

1 HIPAA OVERVIEW ETSU. 2 What is HIPAA? Health Insurance Portability and Accountability Act.

14 May Privacy Requirements Phoenix Ambulatory Blood Pressure Monitoring System © 2006 Christopher J. Adams Copying and distribution of this document.

HIPAA Privacy and Research August 21, 2015

De-identifying Pathology Reports for Pathology Informatics

Standards & Vocabulary

PwC Tissue Banking and Repositories – Human Subject Protections Privacy Protections Medical Research Summit Tom Puglisi, Ph.D. Friday March 7 – 9:15 am.

HIPAA – How Will the Regulations Impact Research?.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.

University of Pennsylvania Health System 1 Session 3.02: Case Studies in Clinical Research Compliance Russell M. Opland, M.P.H., EMT-P Chief Privacy Officer.

Office of Human Research (OHR) Quality Improvement Program Patrick Herbison Heather Krupinski.

EHR & BIG DATA – RISKS AND ADVANTAGES OF AMASSING MEDICAL DATABASES Sandra Gardiner Technology Law Section October 24, 2014.

Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.

1 The Impact of HIPAA on US Biomedical Research Presented To The: HIPAA SUMMIT Washington, DC March 28, 2003 Oliver Johnson, Chief Privacy Officer Merck.

PwC Issues in HIPAA Research Compliance William R. Braithwaite, MD, PhD “Dr. HIPAA” HIPAA Summit 6 Washington, DC 27 March 2003.

Office of Human Research (OHR) Quality Improvement Program Patrick Herbison Heather Krupinski.

Teaching & POEMs and DOEs in an Online Classroom Jacob Reider, MD David C Ross Albany Medical College.

Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:

Privacy: HIPAA Emerson Murphy-Hill. Rosie Callender, RHIA, web.msm.edu/hipaa/An%20Introduction%20to%20HIPAA.ppt What is HIPAA? A Federal Law Created in.

HIPAA and RESEARCH 5 th Thursday May 31, Page 2.

Reviewed by: Gunther Kohn Chief Information Officer, UB School of Dental Medicine Date: October 20, 2015 Approved by: Sarah L. Augustynek Compliance Officer,

De-Identified Data: Ethics and Regulation Translational Research Ethics – Applied Topics (TREATs) Bioethics and Subjects Advocacy Program Indiana Clinical.

Understanding and Applying New HIPAA Policy Requirements

HIPAA PRIVACY & SECURITY TRAINING

HIPAA Definitions What Does PHI Include?

Protecting our members, our company, and our selves

No No, Yes Yes: Simple Privacy & Information Security Tips Krista Barnes, J.D. Senior Legal Officer and Director, Privacy & Information Security, Institutional.

Transfer of Materials, Confidential Information, and Data

How to Secure will secure s when the word secure is inserted anywhere in the subject line. Secure in the subject line:

HIPAA Overview.

HIPAA Privacy & Security: Medical Research Context

HIPAA & PHI TRAINING & AWARENESS

Issues in HIPAA Research Compliance

The Health Insurance Portability and Accountability Act

Case Study Template Kerecis Aurora Awards

Office of the Vice President for Research Human Subjects Protection Program IRB Submission Process Module 4 - Health Insurance Portability and Accountability.

The Health Insurance Portability and Accountability Act

Presentation transcript:

Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual is not individually identifiable health information. Definition of De-identified Data

Direct Identifiers Fields that would uniquely identify individuals in a database Name, address, telephone number, fax number, MRN, health card number, health plan beneficiary number, license plate number, address, photograph, biometrics, SSN, SIN, implanted device number

Quasi-Identifiers sex, date of birth or age, geographic locations (such as postal codes, census geography, information about proximity to known or unique landmarks), language spoken at home, ethnic origin, aboriginal identity, total years of schooling, marital status, criminal history, total income, visible minority status, activity difficulties/reductions, profession, event dates (such as admission, discharge, procedure, death, specimen collection, visit/encounter), codes (such as diagnosis codes, procedure codes, and adverse event codes), country of birth, birth weight, and birth plurality

De-identification Standards The HIPAA Privacy Rule specifies two de- identification standards (45 CFR ): –Safe Harbor –Statistical method (also known as the expert statistician method)

Safe Harbor Direct Identifiers and Quasi-identifiers 1.Names 2.ZIP Codes (except first three) 3.All elements of dates (except year) 4.Telephone numbers 5.Fax numbers 6.Electronic mail addresses 7.Social security numbers 8.Medical record numbers 9.Health plan beneficiary numbers 10.Account numbers 11.Certificate/license numbers HIPAA Safe Harbor 12.Vehicle identifiers and serial numbers, including license plate numbers 13.Device identifiers and serial numbers 14.Web Universal Resource Locators (URLs) 15.Internet Protocol (IP) address numbers 16.Biometric identifiers, including finger and voice prints 17.Full face photographic images and any comparable images; 18. Any other unique identifying number, characteristic, or code

Statistical Method (HIPAA) A person with appropriate knowledge of and experience with generally accepted statistical and scientific principles and methods for rendering information not individually identifiable: I.Applying such principles and methods, determines that the risk is very small that the information could be used, alone or in combination with other reasonably available information, by an anticipated recipient to identify an individual who is a subject of the information; and II.Documents the methods and results of the analysis that justify such determination

Re-identification Risk Spectrum

Managing Re-identification Risk

Example – CA Hospital Discharges Context: data release to a data analytics company who will sign a data use agreement, good practices for managing sensitive health information There were ~2.1m patients who had ~3m visits Risk threshold = 0.2; use average risk across all patients Variables: –Year of birth –Gender –Year of admission –Days since last visit –Length of stay

Risk Level

Hierarchy

De-identified Data

More