Healthcare data is an organization’s greatest strategic asset and when correctly used, it can deliver deep insights into an organization’s business operations and patient population. De-identification is a cornerstone of this process, enabling owners to unlock the full potential of their data for patient research and business insights, while ensuring data is secure, anonymous, and compliant.    

What is De-Identification?  

 De-identification is removing or masking personal identifiers from healthcare data, transforming it into a format that prevents the identification of individual patients, and preparing it for ‘secondary use’, i.e., for purposes other than the original reason it was collected, such as research, policy-making, analytics, and improving healthcare practices. 

“De-identification enables highly efficient data processing, with 70 million records able to be processed in under 20 minutes” 

Understanding HIPAA and PHI 

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) sets the foundations for patient privacy in the United States by ensuring that only authorized people can access a person’s data, healthcare workers are trained to protect it, and serious penalties exist for those who don’t comply. It’s designed to ensure that personal health information (PHI), i.e. a person’s name, address, birth date, Social Security number or medical record number, are handled with the utmost care and confidentiality. Knowing there are rules in place ensuring that their health information is safe and handled with care, makes it easier for individuals to share. 

HIPAA is not just about regulations, it’s about a patient’s peace of mind.   

HIPAA: Key rules and methods 

  • Privacy Rule: Sets standards ensuring that only people who need to see a patient’s information in relation to their care can access it, unless the patient gives permission for it to be used elsewhere. Only the minimum amount of information is shared.   
  • Security Rule: Ensures that electronic PHI (ePHI) is protected with secure systems to store and electronically share health information.   

HIPAA allows for two main techniques that strike a balance between protecting patient privacy and allowing valuable data to be used for advancements in treatment, policy-making, research and innovation.    

  • Safe Harbor Method: Removes 18 specific unique identifiers like name, full address etc, so that the data can’t be traced back to an individual, making it safe for secondary use.   
  • Expert Determination Method: A qualified expert applies statistical and scientific principles to ensure that the risk of re-identifying an individual from the data is very low.   

Correctly de-identified PHI is no longer subject to HIPAA Privacy Rule restrictions, and can therefore be used for myriad purposes.