Data de-identification is the process used to separate someone’s identity from their personal information. In an age where everything is stored online, data de-identification is becoming increasingly important.
What do you need to know about data de-identification? How do you actually de-identify data? Keep reading to find out.
It’s Required Under HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule requires organizations to de-identify their data to remain in accordance with the law.
HIPAA outlines two specific methods that satisfy the de-identification standard, including Expert Determination and Safe Harbor.
That’s why so many healthcare organizations invest a considerable amount of time and money into data de-identification.
However, as you’ll learn below, data de-identification is useful for more than just healthcare information.
Data De-Identification Is Useful for More Than Just Personal Data
When you think of data de-identification, you probably think of personal records: someone’s data is separated from their other data. This prevents them from being personally identified.
That’s the case with a lot of data de-identification processes. However, it’s not the case with all of them.
The truth is, data de-identification can be useful for more than just personal data, including some of the following circumstances:
- Businesses involved in statistical surveys (like industry surveys) may wish to have their data de-identified
- Mining companies may wish to de-identify the spatial location of mineral deposits
- Environmental protection agencies may want to de-identify data linked to endangered species
There are countless other examples where de-identified data can be useful. In short, it’s a valuable way to protect more than just individual healthcare patients – it can be used across industries for all different types of benefits.
How to De-Identify Data
You know why data de-identification is important. But how do you actually de-identify data?
Typically, data de-identification involves removing identifiers, names, addresses, gender, date of birth, and other identifying information from datasets.
Sometimes, that data is removed entirely. In other cases, the data is coded or encrypted. Some de-identification services also change data values or aggregate data to remove the personal connection.
But what if you want to reuse that data at a future point – like for inclusion in a future study?
That’s where data de-identification can get tricky. In this situation, researchers need to walk through a minefield of legislation, policies, and ethical guidelines to ensure they’re doing everything the right way.
HIPAA’s Expert Determination Versus Safe Harbor Method
Expert Determination involves applying statistical or scientific principles to the data, which ultimately leads to a very small risk that the anticipated recipient could identify the individual.
Safe Harbor, on the other hand, requires the removal of 18 types of identifiers (like all geographic subdivisions below the state level). With Safe Harbor, there’s no chance that the residual information can be used to identify the individual.
A Better Solution: How to De-Identify Data with Grooper Smart Data Management Software
BIS offers a solution called Grooper that can help companies like yours with data de-identification.
The technology is particularly helpful for healthcare companies (HIPAA compliance), colleges and universities (FERPA compliance), financial institutions (PCI standards), and government/public records (SSNs).
Grooper is an information processing platform that offers the following benefits for your business:
- Improves workflow
- Saves time
- Saves money
- Reengineers capture technology
Grooper has the same functionality offered by legacy document capture platforms – but with new features that make it even more useful.