Identifiable Health Data

From Clinfowiki
Revision as of 07:54, 21 February 2015 by Annathehybrid (Talk | contribs)

Jump to: navigation, search

Identifiable Health Data (or Personally identifiable Health Data) refers to any information that can be used, either alone or in combination with other information, to uniquely identify, contact, or locate a single person.

Introduction

There are 19 identifiers that are protected by the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.

  1. name
  2. address
  3. dates directly related to the individual
  4. all ages over 8#
  5. telephone number
  6. fax number
  7. email address
  8. Social Security number
  9. Medical Record number
  10. Health Plan number
  11. Account numbers
  12. Certificate or License numbers
  13. Vehicle Identification numbers
  14. Device Identification numbers
  15. Universal Resource Locators
  16. Internet protocol Address
  17. Biometric identifiers
  18. full face photographs and images
  19. any other unique identifying number, characteristic or code


Data are considered “individually identifiable” if they include any of the 18 types of identifiers, listed below:

  • Name
  • Address (all geographic subdivisions smaller than state, including street address, city, county, ZIP code)
  • All elements (except years) of dates related to an individual (including birth date, admission date, discharge date, date of death and exact age if over 89)
  • Telephone numbers
  • FAX number
  • E-mail address
  • Social Security number
  • Medical record number
  • Health plan beneficiary number
  • Account number
  • Certificate/license number
  • Any vehicle or other device serial number
  • Device identifiers or serial numbers
  • Web URL
  • Internet Protocol (IP) address numbers
  • Finger or voice prints
  • Photographic images
  • Any other characteristic that could uniquely identify the individual

Source: http://hipaa.yale.edu/guidance/index.html#phi

De-identified patient data

De-identified patient data is patient data that has been removed of important identifiers such as birth date, gender, address, and age.

De-identified patient data is often used for research. The Health Insurance Portability and Accountability Act (HIPAA) allows the use of such de-identified data without requiring special authorization, and its use or disclosure without restrictions

Information is de-identified when it is not possible to 'reasonable ascertain' the identity of a person from that data.

The definition of Irreversible de-identification of data is context driven. The capacity of re-identify de-identified data may depend critically on particular resources( Intellectual, Information Technology, Access to multiple data sets).(1) Efforts are being made to automate the anonymization of health information by developing de-identifications models that can successfully remove personal health information. (2)


  1. Australian Government. Office of the Privacy Commissioner.
  2. State-of-the-art Anonymization of Medical Records Using an Iterative Machine Learning Framework; György Szarvas, Richárd Farkas, Róbert Busa-Fekete b J Am Med Inform Assoc. 2007 Sep–Oct; 14(5): 574–580.


Reference


Friedlin, F. J., McDonald, C. J. A Software Tool for Removing Patient Identifying Information from Clinical Documents. (2008) JAMIA, 15 (5); 601 – 610. PMCID: PMC2528047