Vaultara Blog

Data de-identification for patient privacy

By Amy Weaver In Data Security April 20, 2016 no comments

Healthcare data is information that is collected to keep track of a patient’s health, medical conditions, injuries, illnesses, and treatments. But there is actually a wider scope for medical information to benefit the community, beyond diagnosis. While data can be passed between medical professionals to cater to the needs of the patient, sharing that same data with a wider audience can enhance medical research and education. This kind of medical data is currently known as information for 'secondary use' - i.e. for additional research purposes that fall outside of the original intentions of use.

Data_de-identification_for_patient_privacy.jpgUnstructured medical data, such as lab results, imaging reports, clinical data, and the output from medical devices often gets stored and unused, creating more of a hindrance to medical facilities than an aid. Anonymizing this data can free up existing stores of information, effectively converting it into useful intelligence. A more in-depth understanding of individual patient ailments and large illness groups alike can lead to more efficient care practices, not to mention cheaper healthcare costs for both patients and medical facilities. Education and research are undoubtedly the biggest areas that can benefit from the use of de-identified data.

De-identifying pieces of patient information, such as medical images, will not only aid in the future diagnosis of patient illness, but they will also be able to assist in the production of clinical trials, to enhance the studies of certain conditions or injuries, and can even be used to teach aspiring specialist physicians in their respective fields (radiologists, cardiologists, etc.) how to properly view and interpret a wide range of images.

To comply with standard security measures, medical data must be subjected to de-identification processes to adhere to defined anonymity practices. This process is intended to prevent personal information from falling into the wrong hands. Removing traceable personal information from medical information not only allows for the protection of patient privacy, but it makes the data useable for medical studies without restriction.

As it stands, all medical information holds a number of 'subject identifiers' - key pieces of information that link our medical data to us as individuals. These specific points of information are outlined by the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, which also provides a standard for de-identification. The Safe Harbor method calls for the following pieces of information to be deleted for the information to no longer fall into the definition of Protected Health Information:

  • Full name
  • Address, with the exception of state
  • Notable dates relating to the individual, including birth date, admission date, discharge date, and death date (where applicable)
  • Phone numbers
  • Fax numbers
  • Email addresses
  • Social Security numbers
  • Medical record numbers
  • Health plan beneficiary numbers
  • Account numbers
  • Certificate/license numbers
  • Vehicle identifiers and serial numbers, including license plate information
  • Device identifiers and serial numbers
  • Web Universal Resource Locators (URLs)
  • Internet Protocol (IP) address numbers
  • Biometric identifiers, including finger prints and voice prints
  • Full face photographs and any comparable images that could identify the patient
  • Any other unique identifying number, characteristic, or code that denotes identity (apart from the unique code that is assigned to individuals by the investigator to code the data)

It is widely recognized that these 18 key pieces of information work both separately and together to confirm the identity of an individual, and therefore it is imperative to either obscure or remove each of these to fully secure patient information.

As medical records include sensitive information, it’s no surprise that patients and providers alike are concerned about confidentiality. Patient privacy is extremely important, as is the ability for medical organizations to obtain genuine medical data for the use of research and education materials. While extensive research into particular areas of human health is a necessary way to move healthcare forward for generations to come, protecting those whom the information relates to remains a top priority.

Get Updates by Email

Recent posts