deid years

DE-IDENTIFICATION

De-identification developments through recent decades (from the 2000’s to date) require a more effective method of ongoing validation.

  • As the amount of available data and demand for data increases, organizations require effective processes, techniques and governance to remove and protect personal information. The tool that best provides this protection is called “de-identification”.
  • De-identification is the process of removing identifying information from a data set so that an individual’s data cannot be linked to the specific individual. The de-identification reduces the privacy risk associated with collecting, processing, maintaining, analyzing, distributing or publishing information.
  • De-identification balances the goal to share personal identifiable information with or without health information while protecting the privacy of the person. De-identification standards include data tokenization and HIPAA Privacy Rule to govern protected health information.
Picture57

DATA TOKENIZATION

Data Tokenization is the method by which sensitive data is substituted, masked, redacted or algorithm generated to name a few.

  • Each has its benefits, however, the most efficient and widely used is algorithm generated tokenization with an integrator. The integrator’s role maintains the tokenization key firewalled from all parties to assure no tokenized data can be re-engineered. Essentially without the token identifier key no personal information can be directly linked.
  • Albeit data tokenization sounds full-proof, almost all companies, legal advisors, statisticians, require a further step to assure privacy is upheld as well as to meet or exceed Privacy & FTC Act and HIPAA Privacy Rule. These rules govern both Personal Identifiable Information (PII) and Protected Health Information (PHI).
expoertprocess

HIPAA EXPERT DETERMINATION and

STATISTICAL RISK ASSESSMENT  of PHI and PII

Expert determination methods require that the covered entity document the methods and results of the analysis to justify that the risk for re-identification of PHI is very small alone or in combination with other information.

As information and demand for information increases, organizations need to consider de-identification and expert determination where any PII or PHI data exists. Best practice recommendations for de-identification include: 

  • Patient Tokenization & Integration Management,
  • Expert Determination with Methods & Results Documentation, and
  • Privacy Training.
deid1

De-Identification, 3rd Party, Expert Determination Analytics Impact Cycle and Training Products & Services

INTEGRATION MANAGEMENT OF PATIENT TOKENIZATION:
We become the third (3rd) party integrator to assure no one organization has the key or can re-engineer to re-identify.
EXPERT DETERMINATION WITH METHODS AND RESULTS DOCUMENTATION:
We offer expert determination recommendations including consultation, statistical analysis ensuring very small risk of re-identification, final report based on the data, and repeatable platform processes to output expert determination documentation for each future deliverable. Expert determination service available for data PHI and PII governed by HIPAA and Privacy Act.
PRIVACY TRAINING:
Privacy training is offered to ensure your entire employee and extended team is aware of all privacy guidelines set forth by applicable Privacy laws in USA, EU and other world regions. Training provides an understanding of privacy principles and law, de-identification principles and process, and risk.
ANALYTICS IMPACT CYCLE:
Analytics impact cycle enables the measurement and impact analysis where PII and PHI is required and necessary to understand the behaviors.

 

Submit this form to access our HIPAA Expert Determination Methodology