When it comes to protecting patient privacy in healthcare, a possible safeguard is the process of "de-identification." This means taking information that could be compromising and removing the specific identifiers from it to make a breach less likely. However, there are specific rules practices need to follow to avoid accidentally being responsible for HIPAA violations.
The HIPAA-approved de-identification methods most useful for medical practices are examined in a recent piece for Healthcare Info Security. This process has to fit in with what HIPAA considers safe: either a set of 18 different factors need to be removed, or an expert consultant must come up with the proper method based on the context of the information.
The advantages of the latter approach is that it doesn't necessarily remove any value that the information possesses and stays close to the medical practice's goals.The source interviewed Dr. Khaled El Emam of the Children's Hospital of Eastern Ontario Research Institute, who said that following the HIPAA standards is vital to protecting patients when their data is being used.
"If you do a poor job with de-identification not based on standards, then it's easy for someone to reverse that," he said. "But if you do a good job, it's really hard to re-identify the data."
There are different levels of anonymization when it comes to digital information: some can be done successfully and some can be easily reversed, rendering the personal data still vulnerable. There might also be legal specifications that pertain to the use of particular data sets. HIPAA compliance consulting can evaluate the procedures your practitioners are following and help eliminate any discrepancies in your current performance.