What is a HIPAA approved method of de-identification?
HIPAA-compliant de-identification of protected health information is possible using two methods: Safe Harbor and Expert Determination. Use either of the two methods below and PHI will no longer be considered ‘protected health information’ and will therefore not be subject to HIPAA Privacy Rule restrictions.
What is expert determination HIPAA?
The Expert Determination method provides for an individual to be determined an expert in de-identification through professional experience, academic or other training and actual experience, using health information de- identification methodologies.
What is the expert determination method?
Expert determination is a procedure in which a dispute or a difference between the parties is submitted, by agreement of the parties, to one [or more] experts who make a determination on the matter referred to it [them]. The determination is binding, unless the parties agreed otherwise.
What PHI can be disclosed if de-identified?
PHI excludes health information that is de-identified according to specific standards. Health information that is de-identified can be used and disclosed by a covered entity, including a researcher who is a covered entity, without Authorization or any other permission specified in the Privacy Rule.
Which is not a form of PHI?
Examples of health data that is not considered PHI: Number of steps in a pedometer. Number of calories burned. Blood sugar readings w/out personally identifiable user information (PII) (such as an account or user name)
What are the 2 methods of de identification?
As discussed below, the Privacy Rule provides two de-identification methods: 1) a formal determination by a qualified expert; or 2) the removal of specified individual identifiers as well as absence of actual knowledge by the covered entity that the remaining information could be used alone or in combination with other …
How do you de identify an individual?
Common strategies include deleting or masking personal identifiers, such as personal name, and suppressing or generalizing quasi-identifiers, such as date of birth. The reverse process of using de-identified data to identify individuals is known as data re-identification.
Is the Expert Determination Method covered by HIPAA?
Expert Determination The expert determination method carries a small risk that an individual could be identified, although the risk is so low that it meets HIPAA Privacy Rule requirements.
What is the de-identification standard in HIPAA?
4. The De-identification Standard . Section 164.514(a) of the HIPAA Privacy Rule provides the standard for de-identification of protected health information. Under this standard, health information is not individually identifiable if it does not identify an individual and if the covered entity has no
How to de-identify protected health information by Expert Determination?
For further information on de-identification of protected health information by expert determination see 45 CFR § 164.514 (b) (1). The U.S. Department of Health and Human Services’ Office for Civil Rights has issued guidance on de-identification of protected health information which can be viewed on this link.
What is de-identification of protected health information ( PHI )?
Under the HIPAA Privacy Rule, de-identification of protected health information (PHI) is the removal of specific information about a patient that can be used alone or in combination with other information to identify that patient.