![]() ![]() the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual.the provision of health care to the individual, or.the individual’s past, present, or future physical or mental health or condition,. ![]() Protected health information is information, including demographic information, which relates to: The Privacy Rule calls this information protected health information (PHI) 2. The HIPAA Privacy Rule protects most “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, on paper, or oral. Glossary of Terms Protected Health Information Guidance on Satisfying the Safe Harbor Methodģ.1 When can ZIP codes be included in de-identified information?ģ.2 May parts or derivatives of any of the listed identifiers be disclosed consistent with the Safe Harbor Method?ģ.3 What are examples of dates that are not permitted according to the Safe Harbor Method?ģ.4 Can dates associated with test measures for a patient be reported in accordance with Safe Harbor?ģ.5 What constitutes “any other unique identifying number, characteristic, or code” with respect to the Safe Harbor method of the Privacy Rule?ģ.6 What is “actual knowledge” that the remaining information could be used either alone or in combination with other information to identify an individual who is a subject of the information?ģ.7 If a covered entity knows of specific studies about methods to re-identify health information or use de-identified health information alone or in combination with other information to identify an individual, does this necessarily mean a covered entity has actual knowledge under the Safe Harbor method?ģ.8 Must a covered entity suppress all personal names, such as physician names, from health information for it to be designated as de-identified?ģ.9 Must a covered entity use a data use agreement when sharing de-identified data to satisfy the Safe Harbor Method?ģ.10 Must a covered entity remove protected health information from free text fields to satisfy the Safe Harbor Method? Guidance on Satisfying the Expert Determination MethodĢ.1 Have expert determinations been applied outside of the health field?Ģ.3 What is an acceptable level of identification risk for an expert determination?Ģ.4 How long is an expert determination valid for a given data set?Ģ.5 Can an expert derive multiple solutions from the same data set for a recipient?Ģ.6 How do experts assess the risk of identification of information?Ģ.7 What are the approaches by which an expert assesses the risk that health information can be identified?Ģ.8 What are the approaches by which an expert mitigates the risk of identification of an individual in health information?Ģ.9 Can an Expert determine a code derived from PHI is de-identified?Ģ.10 Must a covered entity use a data use agreement when sharing de-identified data to satisfy the Expert Determination Method? Generalġ.2 Covered Entities, Business Associates, and PHI Read more on the Workshop on the HIPAA Privacy Rule's De-Identification Standard. The workshop was open to the public and each panel was followed by a question and answer period. Each panel addressed a specific topic related to the Privacy Rule’s de-identification methodologies and policies. ![]() OCR convened stakeholders at a workshop consisting of multiple panel sessions held March 8-9, 2010, in Washington, DC. In developing this guidance, the Office for Civil Rights (OCR) solicited input from stakeholders with practical, technical and policy experience in de-identification. This guidance is intended to assist covered entities to understand what is de-identification, the general process by which de-identified information is created, and the options available for performing de-identification. The guidance explains and answers questions regarding the two methods that can be used to satisfy the Privacy Rule’s de-identification standard: Expert Determination and Safe Harbor 1. This page provides guidance about methods and approaches to achieve de-identification in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |