De-Identified Patient Data
De-identified patient data is patient data that has been removed of important identifiers such as birth date, gender, address, and age.
Introduction
There are 19 identifiers that are protected by the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.
- name
- address
- dates directly related to the individual
- all ages over 8#
- telephone number
- fax number
- email address
- Social Security number
- Medical Record number
- Health Plan number
- Account numbers
- Certificate or License numbers
- Vehicle Identification numbers
- Device Identification numbers
- Universal Resource Locators
- Internet protocol Address
- Biometric identifiers
- full face photographs and images
- any other unique identifying number, characteristic or code
HIPAA allows the use of such de-identified data without requiring special authorization, and its use or disclosure without restrictions
De-identified patient data is often used for research.
Information is de-identified when it is not possible to 'reasonable ascertain' the identity of a person from that data. The definition of Irreversible de-identification of data is context driven. The capacity of re-identify de-identified data may depend critically on particular resources( Intellectual, Information Technology, Access to multiple data sets).(1) Efforts are being made to automate the anonymization of health information by developing de-identifications models that can successfully remove personal health information. (2)
- Australian Government. Office of the Privacy Commissioner.
- State-of-the-art Anonymization of Medical Records Using an Iterative Machine Learning Framework; György Szarvas, Richárd Farkas, Róbert Busa-Fekete b J Am Med Inform Assoc. 2007 Sep–Oct; 14(5): 574–580.
Reference
Friedlin, F. J., McDonald, C. J. A Software Tool for Removing Patient Identifying Information from Clinical Documents. (2008) JAMIA, 15 (5); 601 – 610. PMCID: PMC2528047