De-identification Versus Anonymization
Anonymization is a process in which PHI elements are eliminated or manipulated with the purpose of hindering the possibility of going back to the original data set. This involves removing all identifying data to create unlinkable data. De-identification under the Health Insurance Portability and Accountability Act Privacy rule occurs when data has been stripped of common identifiers by two methods:
- The removal of 18 specific identifiers (Safe Harbor Method):
-
-
- Names
- Geographic data
- All elements of dates
- Telephone numbers
- FAX numbers
- Email addresses
- Social Security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers including license plates
- Device identifiers and serial numbers
- Web URLs
- Internet protocol addresses
- Biometric identifiers (i.e. retinal scan, fingerprints)
- Full face photos and comparable images
- Any unique identifying number, characteristic or code
-
- 2. Obtain the expertise of an experienced statistical expert to validate and document the statistical risk of re-identification is very small (Statistical Method).
De-identified data is coded and there is still a link to the original, fully identified data set remains and is kept by an honest broker. Links exist in coded de-identified data making the data considered indirectly identifiable and not anonymized. Coded de-identified data is not protected by the HIPAA Privacy Rule, but is protected under the Common Rule. The purpose of de-identification and anonymization is to use health care data in larger increments, for research purposes. Universities, government agencies, and private health care entities use such data for research, development and marketing purposes.
Read more about this topic: Protected Health Information