Methods for De-identification of Protected Health Information

“De-identification” means protecting an individual’s privacy by removing identifying information. For confidentiality, data collected from human subjects may be de-identified. It is possible to de-identify biological data to meet the Health Insurance Portability and Accountability Act (HIPAA) requirements, which sets up and specifies patient privacy legislation.

The need for production data for software development

While developing software for any healthcare entity, the development team requires real-world production data. However, the environments in which this data will be used are on vendor equipment, where clients have no direct oversight or control. Therefore, entities must first remove all protected health information (PHI) from any data utilized outside client-controlled systems. In addition, HHS regulations dictate how PHI can be de-identified.

De-identification authorization

An authorized person or group will ask for approval to begin de-identification procedures if data is shared with an off-site development team. A change control places this request in Salesforce, and three separate client contacts must approve it. The de-identification process can commence only when the change control is greenlit.

De-identification process

Following this approval, the production database is backed up and restored in a local QA environment. A script for de-identification then runs. First, it builds each table required to transition to a development environment. The script then hides all personally identifiable information. First initials replace all patient first and last names, along with extra obscured data. David, for instance, takes on the form Dlhh3#4ad, whereas Anderson adopts the form Aasdf3453@$. Additionally, the script substitutes arbitrary dates for the patient’s birthdates and changes all gender indicators to D.

Random characters substitute real patient address information in the Entity Address Table. These are provider, prescriber, and other address details. In addition, email addresses are changed to anonymous information, and passwords for portal log-ins are changed to random data.

Verification and delivery

A second technological resource will verify the de-identification once the file has been created. The second resource will note the completion and validation of this work in the change control. Data is then securely provided to the development team after successful de-identification.

Final thoughts

The potential of health information technology to support valuable research that incorporates enormous, complex data sets from various sources is being increased by the country’s growing adoption of these technologies. De-identification reduces privacy risks for individuals and allows the secondary use of data for comparative effectiveness studies, policy assessment, life sciences research, and other initiatives by removing identifiers from the health information.

Learn More about Encora

We are the software development company fiercely committed and uniquely equipped to enable companies to do what they can’t do now.

Learn More

Global Delivery

READ MORE

Careers

READ MORE

Industries

READ MORE

Related Insights

Online Travel Agencies: Some Solutions to changes in booking and commission attributions

Discover how we can simplify travel changes for both travelers and OTAs using blockchain and ...

Read More

The AI-Powered Journey: How AI is Changing the Face of Travel

As travel elevates itself into an experience where every journey is as unique as the travelers ...

Read More

Enhancing Operational Excellence with AI: A Game-Changer for the Hospitality Industry

By AI, the hospitality industry can offer the best of both worlds: the efficiency and ...

Read More
Previous Previous
Next

Accelerate Your Path
to Market Leadership 

Encora logo

Santa Clara, CA

+1 669-236-2674

letstalk@encora.com

Innovation Acceleration

Speak With an Expert

Encora logo

Santa Clara, CA

+1 (480) 991 3635

letstalk@encora.com

Innovation Acceleration