No single universal solution solves all privacy and identifiability issues. On the contrary, a combination of technical and political procedures is often applied to the task of de-identification. OCR does not require a specific process that an expert must use to determine that the risk of identification is very low. However, the rule requires that the methods and results of the analysis justifying the determination be documented and made available to the OCR upon request. The following information is intended to provide covered companies with a general understanding of the de-identification process used by an expert. It does not contain enough detail on statistical or scientific methods to replace working with an identification expert. The minimum requirement shall not be imposed in any of the following circumstances: (a) disclosure or request for treatment by a health care provider; (b) disclosure to a person who is the subject of the information or to his or her personal representative; (c) use or disclosure on the basis of an authorisation; (d) disclosure to HHS to investigate complaints, verify compliance, or enforce; (e) the use or disclosure required by law; or (f) the use or disclosure necessary to comply with the HIPAA Transaction Rule or other HIPAA administrative simplification rules. There has been confusion about what constitutes a code and how it relates to PSR. For the avoidance of doubt, our guidelines are similar to those of the National Institutes of Standards and Technology (NIST),29 which state: Sample scenario An expert is asked to assess the identifiability of a patient`s demographics. First, the expert will determine whether the demographic data is reproducible independently. Characteristics such as date of birth and gender are reproducible very independently – the person will always have the same date of birth – while the postal code of residence is lower because a person can move. Second, the expert will determine which data sources that contain the person`s identification also contain the demographic data in question. In this case, the expert may find that public documents such as birth, death and marriage certificates are the most likely data sources that can be used for identification.
Third, the expert will determine whether the specific information to be disclosed is distinguishable. At this point, the expert may note that some combinations of values (for example. B, Asian men born in January 1915 and living in a certain 5-digit zip code) are unique, while others (e.g. B, white women born in March 1972 and living in another 5-digit zip code) are never unique. Finally, the expert will determine whether the data sources that could be used in the identification process are easily accessible, which may differ by region. For example, voter registration records in the state of North Carolina are free, but cost more than $15,000 in the state of Wisconsin. Therefore, data shared in the first state may be considered riskier than data shared in the second.12 In the next two sections, we address questions about the expert discovery method (section 2) and the safe harbor method (section 3). A general workflow for expert discovery is shown in Figure 2. Stakeholder comments suggest that determining the identification risk may be a process that consists of a series of steps. First, the expert will assess the extent to which health information can (or cannot) be identified by the expected recipients. Second, the expert will often provide the relevant company or business partner with advice on statistical or scientific methods that can be applied to health information to mitigate the expected risk. The expert then executes the methods deemed acceptable by the data managers of the registered company or business partners, i.e.
the officials responsible for the design and operation of the information systems of the registered company. Finally, the expert assesses the identifiability of the resulting health information to confirm that the risk is only very low when communicated to the intended recipients. Stakeholder feedback suggests that a process may require multiple iterations until the expert and data stewards agree on an acceptable solution. Regardless of the process or methods used, the information must meet the very low risk specification requirement. A covered entity has the right, but not the obligation, to use and disclose protected health information without an individual`s permission for the following purposes or in the following situations: There is no explicit numerical level of identification risk that is generally believed to meet the “very low” level specified by the method. The ability of a recipient of information to identify an individual (i.e., the purpose of the information) depends on many factors that an expert must consider when assessing the risk arising from a data set. This is because the identification risk identified for a particular record in the context of a particular environment may not be appropriate for the same record in another environment or for a different record in the same environment. Therefore, an expert defines an acceptable risk as “very low” based on an expected beneficiary`s ability to identify an individual. This issue is discussed in more detail in Section 2.6. § 164.514 Other requirements for the use and disclosure of protected health information. a) Standard: Anonymization of protected health information. Health information that does not identify an individual and has no reasonable basis to believe that the information can be used to identify an individual is not individually identifiable health information.
The confidentiality rule, as well as any administrative simplification rules, apply to health plans, health care clearinghouses, and any health care provider who submits health information in electronic form in transactions for which the HHS Secretary has adopted STANDARDS under HIPAA (the “Covered Companies”). To determine if you are insured, use the CMS decision tool. An important aspect of identification risk assessment is therefore how health information can be linked to nominative sources or sensitive knowledge can be derived. A higher-risk “feature” is one that can be found in many locations and is accessible to the public. These are features that can be exploited by anyone who receives the information. For example, patient demographics could be classified as high-risk characteristics. In contrast, low-risk features are those that do not appear in public records or are less readily available. For example, clinical features such as blood pressure or temporal dependencies between events within a hospital (e.g. B minutes between drug administration) may uniquely characterize a patient in a hospital population, but the data sources with which this information could be linked to identify a patient are accessible to a much smaller group of people. Research.. .
