<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=213807269037206&amp;ev=PageView&amp;noscript=1">
Compliance In Focus
Posted by John Lehmann on Fri, Dec 7, 2012

NEW: Guidance Regarding HIPAA and De-identification

Guidance Regarding HIPAA and De-identificationPublic trust is critical to ensure quality research, as research depends on volunteers who trust that their private information will not be inappropriately or unnecessarily disclosed. Trust encourages research participants to communicate honestly and openly with researchers. There are many specific topics that fall under the rubric of privacy and confidentiality that are essential to consider by those involved in any aspect of clinical research.

One of the cornerstones that safeguards patient information is The Health Insurance Portability and Accountability Act of 1996 (HIPAA). Recently the US Department of Health and Human Services (HHS) released a Guidance Regarding the Methods for De-Identification of HIPAA Privacy Rule.

 What kind of research data is protected by the HIPAA Privacy Rule?

  • All research data, regardless of funding source, that is involved or associated with treatment
  • Identifiable or coded data or human tissue, DNA, blood or organ samples
  • Health information in medical or billing records maintained by a covered entity

As stated by the news-release on HHS website, “The guidance explains and answers questions regarding the two methods that can be used to satisfy the Privacy Rule’s de-identification standard: Expert Determination and Safe Harbor.  This guidance is intended to assist covered entities to understand what is de-identification, the general process by which de-identified information is created, and the options available for performing de-identification.”

The guidance provides an in-depth look and guidance for what satisfies the expert determination method, as well as what satisfies the safe harbor method. A brief overview of the two methods by which health information can be designated as de-identified:

Expert Determination
• Apply statistical or scientific principles
• Very small risk that anticipated recipient could identify individual
Safe Harbor
• Removal of 18 types of identifiers
• No actual knowledge residual information can identify individual

With the protection of patient information there is one data set-back the guidance mentions. “Of course, de-identification leads to information loss which may limit the usefulness of the resulting health information in certain circumstances. As described in the forthcoming sections, covered entities may wish to select de-identification strategies that minimize such loss.”

Checkout the new guidance and let us know what you think. Does this clarify some of the questions you may have regarding what needs to be de-identified? Post your questions below.

Photo Credit: purpleslog

Documentation in Devices

Topics: HHS, De-identification, HIPAA


Posts by Topic: