15 49.0138 8.38624 1 1 4000 1 https://apcdjournal.com 300 true

The Road to De-Identification: How to Maintain Privacy with Publicly Released Data

Project Manager, Freedman HealthCare, LLC

Ms. Rourke uses her deep experience to provide communications, marketing, and general project support to clients and FHC staff. Ms. Rourke is FHC’s expert on social media content, shaping and implementing social media strategy for both internal and client use. Additionally, she manages various FHC digital platforms, including its Twitter page, Facebook page, LinkedIn page, newsletter, APCD Journal Blog, and website. In addition to her work creating content, Ms. Rourke has also been instrumental in designing and managing the creation of various internal and client websites.

How does data become de-identified and accessible to the public?

Our health histories, whether documented in claims or medical records, contain some of our most personal information. States and regional collaboratives think hard about patient privacy as they develop policies around public data sharing.

Most states utilize the “De-Identification Standard” set forth by the HIPAA Privacy Rule, which suggests the use of one of two tests to ensure publicly-released data does not jeopardize patient privacy.

One method, called Expert Determination, relies on statistics to de-identify data.
Here’s the criteria:
•    Data set is certified as de-identified by a person with appropriate knowledge of and experience with generally accepted statistical and scientific principles and methods for rendering information not individually identifiable;
•    Applying such principles and methods determines that the risk is very small that the information could be used, alone or in combination with other reasonably available information, by an anticipated recipient to identify an individual who is a subject of the information; and
•    Documents the methods and results of the analysis that justify such determination.

Another method, known as Safe Harbor, requires 18 identifiers to be removed from the data. They are listed below.
1.    Names
2.    Geographic subdivisions smaller than a state. One exception to this rule is the initial three digits of a ZIP Code if, Census data shows the geographic unit formed by combining all ZIP Codes with the same three initial digits contains more than 20,000 people and the initial three digits of smaller geographic units are changed to 000.
3.    All elements of dates, except year, related to an individual.
4.    Telephone numbers.
5.    Facsimile numbers.
6.    Electronic mail addresses.
7.    Social security numbers.
8.    Medical record numbers.
9.    Health plan beneficiary numbers.
10.    Account numbers.
11.    Certificate/license numbers.
12.    Vehicle identifiers and serial numbers, including license plate numbers.
13.    Device identifiers and serial numbers.
14.    Web universal resource locators (URLs).
15.    Internet protocol (IP) address numbers.
16.    Biometric identifiers, including fingerprints and voiceprints.
17.    Full-face photographic images and any comparable images.
18.    Any other unique identifying number, characteristic, or code, unless otherwise permitted by the Privacy Rule for re-identification.

Learn how various states are balancing important privacy information with the need for information at Freedman HealthCare’s White Paper Releasing APCD Data: How States Balance Privacy and Utility

Finding Non-NULL NULL Dates
International Classification of Diseases, Period!