OCR to Offer Guidance (Someday) on De-Identifying PHI

Wed, Apr 7, 2010

Fact Finder

While no one – including HHS – seems to know yet what de-identification of PHI under the HIPAA Privacy Rule is, one good rule of thumb at this point is to be careful what you post publicly now because it might provide a way to reverse engineer de-identified PHI later.

Last week, we noted that the HHS OCR held a workshop on de-identifying protected health information under the HIPAA Privacy Rule. If you de-identify PHI, as we also recently noted, the Privacy Rule and its penalties for disclosure don’t apply – you can enter a “safe harbor” if you remove the 18 identifiers in PHI or use a “statistical standard” to de-identify your patient data.

Avoiding HIPAA penalties sounds pretty good…but how exactly do you go about de-identifying PHI? HHS OCR, which is responsible for enforcing the Privacy Rule, is not sure yet. Under ARRA, HHS…

Click here to login and get access to this article if you already receive the HIT News Wire
If you've already signed in and are still seeing this screen, click here to refresh the page.
HIT News Wire
Free registration required for full access to articles.
You will also receive
  • Free updates on the latest developments affecting healthcare IT.
  • Discounts on 3rd party offers.
Join now
You must have javascript enabled to use this form
Bookmark and Share
, , , ,