Methods for De-identification of Protected Health Information

“De-identification” means protecting an individual’s privacy by removing identifying information. For confidentiality, data collected from human subjects may be de-identified. It is possible to de-identify biological data to meet the Health Insurance Portability and Accountability Act (HIPAA) requirements, which sets up and specifies patient privacy legislation.

The need for production data for software development

While developing software for any healthcare entity, the development team requires real-world production data. However, the environments in which this data will be used are on vendor equipment, where clients have no direct oversight or control. Therefore, entities must first remove all protected health information (PHI) from any data utilized outside client-controlled systems. In addition, HHS regulations dictate how PHI can be de-identified.

De-identification authorization

An authorized person or group will ask for approval to begin de-identification procedures if data is shared with an off-site development team. A change control places this request in Salesforce, and three separate client contacts must approve it. The de-identification process can commence only when the change control is greenlit.

De-identification process

Following this approval, the production database is backed up and restored in a local QA environment. A script for de-identification then runs. First, it builds each table required to transition to a development environment. The script then hides all personally identifiable information. First initials replace all patient first and last names, along with extra obscured data. David, for instance, takes on the form Dlhh3#4ad, whereas Anderson adopts the form Aasdf3453@$. Additionally, the script substitutes arbitrary dates for the patient’s birthdates and changes all gender indicators to D.

Random characters substitute real patient address information in the Entity Address Table. These are provider, prescriber, and other address details. In addition, email addresses are changed to anonymous information, and passwords for portal log-ins are changed to random data.

Verification and delivery

A second technological resource will verify the de-identification once the file has been created. The second resource will note the completion and validation of this work in the change control. Data is then securely provided to the development team after successful de-identification.

Final thoughts

The potential of health information technology to support valuable research that incorporates enormous, complex data sets from various sources is being increased by the country’s growing adoption of these technologies. De-identification reduces privacy risks for individuals and allows the secondary use of data for comparative effectiveness studies, policy assessment, life sciences research, and other initiatives by removing identifiers from the health information.

Learn More about Encora

We are the software development company fiercely committed and uniquely equipped to enable companies to do what they can’t do now.

Learn More

Global Delivery

READ MORE

Careers

READ MORE

Industries

READ MORE

Related Insights

Exploring Digital Wallet Growth in Latin America: What's Next?

Digital wallets are transforming the global financial landscape, enabling individuals and ...

Read More

How AI Can Augment Telecom Network Management Capabilities

Digital connectivity is essential to our daily lives, and telecom operators face unprecedented ...

Read More

Unlock Profit: Data-Driven Hospitality Revenue Strategies

Have you ever wondered why hotel rates spike during festivals or drop midweek? The answer lies in a ...

Read More
Previous Previous
Next

Accelerate Your Path
to Market Leadership 

Encora logo

Santa Clara, CA

+1 669-236-2674

letstalk@encora.com

Innovation Acceleration

Speak With an Expert

Encora logo

Santa Clara, CA

+1 (480) 991 3635

letstalk@encora.com

Innovation Acceleration