Summary: <a href="https://www.complianceandethics.org/wp-content/uploads/2015/02/turteltaub-adam-200x200.jpg"></a>By Adam Turteltaub<br> <br> These days it’s easy to identify people using technology and databases, and that’s a problem if you are trying to comply with HIPAA or even GDPR because a lot of sensitive data eventually needs to be de-identified in a proper manner.<br> <br> <a href="mailto:Thora.Johnson@Orrick.com)">Thora Johnson</a> (<a href="https://www.linkedin.com/in/thora-johnson/">LinkedIn</a>), <a href="https://www.orrick.com/en/People/D/B/3/Thora-Johnson">Partner</a> at Orrick and <a href="mailto:Mfox@acc.org">Mark Fox</a> (<a href="http://linkedin.com/in/mark-fox-chc-chpc-chrc-5376559">LinkedIn</a>), Privacy and Research Compliance Officer at the American College of Cardiology explain that there are two permissible methods of de-identification under HIPAA. Safe Harbor De-Identification is a process in which eighteen identifiers are removed. The second option is Expert Determination De-Identification, in which statistical principles are used to determine if there is low risk a person can be identified.<br> <br> It's not an easy process, either way. Information on the individual and family members likely needs to be removed. In addition many struggle with how to do de-identification right because the work is often done only periodically and not on a regular, frequent basis.<br> <br> One area of particular challenge is understanding the difference between de-identification and a limited data set. There are significant requirements with these limited data sets, too, including the need for a signed agreement with the data recipient and proper permissions to share the data.<br> <br> Adding to the complexity, under GDPR there are the concepts of anonymization and pseudo-anonymization to reckon with.<br> <br> What should you do? Listen in to understand the issues, and then plan on attending Thora and Mark’s session “It’s De-Identified, or Is It?” at the 2023 <a href="https://www.hcca-info.org/conferences/institutes/27th-annual-compliance-institute">HCCA Compliance Institute</a>.
