New 2019 HIPAA Guidance on De-Identifying Protected Health Information

The Office for Civil Rights — OCR has issued important guidance related to HIPAA termed as “de-identification.” This guidance is applicable to covered entities, which include physicians and business associates that perform certain services on behalf of the covered entity involving “protected health information” or PHI.

HIPAA is now fully enforced, and the government is not using kid gloves anymore. HIPAA’s Privacy Rule helps guard against the use or disclosure of an individual’s identifying health information or PHI by permitting its use in only certain instances, such as for treatment, payment, healthcare operations, or as authorized by the patient. PHI is information, including demographic information, which relates to the individual’s provision of healthcare, their physical or mental medical condition, and any payment for that care that identifies or can be used to identify the individual. De-identification mitigates privacy risks by removing health data that individually identifies the individual and with respect to which there is no reasonable basis to believe that the information can be used to identify the individual. However, the privacy rule permits a physician or its business associate to create information for secondary use in comparative studies, policy assessments, and life science research that is not individually identifiable by following its de-identification standards.

De-identification occurs either by:

1. Meeting the safe harbor in removing identifiers and verifying there is no actual knowledge that the residual information can identify the individual; or

2. An expert has documented its statistical or scientific analysis determining that there is a very small risk of an anticipated recipient using such health information with other reasonably available information to identify an individual who is a subject of the information.

It’s absolutely a good idea to attend HIPAA Conferences and Seminars to where the presenters like Mr. Brian Tuttle discuss few of the live court room cases.

HIPAA Ijona has organized a Live Seminar at Chicago, USA on New 2019 HIPAA Guidance on De-Identifying Protected Health Information. The event is happening on 12th April 2019 at DoubleTree Hilton Hotel.

Compliance Key

About the Author
 Compliance Key creates and delivers comprehensive industry relevant training sessions. These sessions are simple, interactive and cost effective. We are a predominantly web based information exchange forum. Live interactions on compliance training make the process holistic and effective.