De-Identification of PHI for use in DU Classroom or Internal Web-based Medical Education
Drexel University Clinical Covered Entities
Privacy Program Policies and Procedures
Policy Title: De-Identification of PHI for use in DU Classroom or Internal Web-based Medical Education
Policy Number: PPS-27
Effective Date: September 23, 2013
Last Revision: September 1, 2017
Responsible Officer: Executive Vice President, Treasurer and Chief Operating Officer
Table of Contents
Applicability
This policy applies to all Covered Entities within Drexel University.
Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards.
I. Purpose
It is the policy of Drexel University (DU) to encourage the use and/or disclosure of de-identified health information whenever feasible, and de-identification shall be required for classroom purposes unless a patient has authorized the use of his or her protected health information (PHI) in the classroom or education setting. DU will not use codes to re-identify data that are created as a derivation of protected health information and could possibly be used to identify individuals by persons using the de-identified data. If a code is used to re-identify the data it will be kept by the student in a safe and secure location, and will not be shared with those using the de-identified data. Re-identification will require the same protection as individually identifiable data.
II. Definitions
De-identified data is defined as protected health information that has been stripped of the identifiers set forth in the Safe Harbor Method described below and as required by the Privacy Rule 45 CFR §164.514(a).
III. Process for De-Identifying Data
PHI may be de-identified only by using methods for de-identification approved by the Department of Health and Human Services. By using these methods, DU may reasonably believe that health information is not individually identifiable health information.
Safe Harbor Method to De-Identify Data
De-identified data is defined as protected health information that has been stripped of the following identifiers as required by the Privacy Rule 45 CFR §164.514(a):
- Names;
- All geographic subdivisions smaller than a State including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census:
- The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and
- The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000;
- All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older;
- Telephone numbers;
- Fax numbers;
- Electronic mail addresses;
- Social security numbers;
- Medical record numbers;
- Health plan beneficiary numbers;
- Account numbers;
- Certificate/license numbers;
- Vehicle identifiers and serial numbers, including license plate numbers
- Device identifiers and serial numbers;
- Web Universal Resource Locators (URL's);
- Internet Protocol (IP) address numbers;
- Biometric identifiers, including finger and voice prints;
- Full face photographic images and any comparable images; and
- Any other unique identifying number, characteristic, or code except as permitted to re-identify the data as defined in "Specifications for Re-identification".
De-identified data may contain:
- Age with dates limited to the year;
- Ages over 90 must be aggregated to 90+;
- Aggregated zip codes in the form of initial 3-digit zip codes to include at least 20,000 people;
- Gender;
- Race;
- Ethnicity; and
- Marital status.
The covered entity does not have actual knowledge that information could be used alone or in combination with other information to identify an individual.
Statistical Method
In the alternative, if it is not possible or practical to satisfy the Safe Harbor Method requirements, the following Statistical Method may be used to de-identify data.
A qualified statistician with appropriate knowledge and expertise:
- Applies generally accepted statistical and scientific principles and methods for rendering information not individually identifiable;
- Makes a determination the risk is very small that the information could be used by itself or in combination with other available information by the anticipated recipients; and
- Documents the analysis and results in making determination.
For the name and contact information of a qualified statistician, please contact Executive Director, Privacy Services at 267.359.5799 or designee.
IV. Procedure
De-Identification
- Create de-identified reports using the Safe Harbor Method, or the Statistical Method. If DU uses specialized software to de-identify PHI or re-identify information, access by workforce members to the software will be governed by DU policies and procedures on information security and privacy.
- If the Statistical Method is used, the student (or other holder of PHI) must obtain from the statistician written documentation of the methods and results of the analysis that justify a determination that the risk is very small that the information could be used, alone or in combination with other reasonably available information, by an anticipated recipient to identify an individual who is a subject of the information. The documentation should be filed with the original copies of the information in a secure location. If the information is in electronic form or consists of biological materials, the documentation should be filed in the student’s files in a secure location.
- Review data before designating it as de-identified.
Re-identification
DU and/or the student may wish to re-identify information previously de-identified, but is not required to do so. This re-identification may be accomplished through the use of a unique code, key or other means of record identification, provided that the following specifications are met:
- Assign a code or other means of record identification to allow de-identified information to be re-identified. The code or other means of record identification cannot be derived from or related to information about the individual and cannot be otherwise capable of being translated so as to identify the individual.
- Secure any code developed to re-identify the data. The code or other means of record identification may not be used or disclosed for any other purpose, other than for re-identification by DU and/or the student. Neither DU nor the student shall disclose the mechanism for re-identification.
Back to Top