Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2013 Jan 1;20(1):29-34.
doi: 10.1136/amiajnl-2012-000936. Epub 2012 Jun 26.

Building public trust in uses of Health Insurance Portability and Accountability Act de-identified data

Deven McGraw  1
Affiliations

Building public trust in uses of Health Insurance Portability and Accountability Act de-identified data

Deven McGraw. J Am Med Inform Assoc. .

Abstract

Objectives: The aim of this paper is to summarize concerns with the de-identification standard and methodologies established under the Health Insurance Portability and Accountability Act (HIPAA) regulations, and report some potential policies to address those concerns that were discussed at a recent workshop attended by industry, consumer, academic and research stakeholders.

Target audience: The target audience includes researchers, industry stakeholders, policy makers and consumer advocates concerned about preserving the ability to use HIPAA de-identified data for a range of important secondary uses.

Scope: HIPAA sets forth methodologies for de-identifying health data; once such data are de-identified, they are no longer subject to HIPAA regulations and can be used for any purpose. Concerns have been raised about the sufficiency of HIPAA de-identification methodologies, the lack of legal accountability for unauthorized re-identification of de-identified data, and insufficient public transparency about de-identified data uses. Although there is little published evidence of the re-identification of properly de-identified datasets, such concerns appear to be increasing. This article discusses policy proposals intended to address de-identification concerns while maintaining de-identification as an effective tool for protecting privacy and preserving the ability to leverage health data for secondary purposes.

PubMed Disclaimer

Conflict of interest statement

Competing interests: None.

References

    1. Safran C, Bloomrosen M, Hammond WE, et al. ; Expert Panel Toward a national framework for the secondary use of health data: an American medical Informatics Association white paper. J Am Med Inform Assoc 2007;14:1–9 - PMC - PubMed
    1. PricewaterhouseCoopers LLP Transforming Healthcare Through Secondary Use of Health Data. 2009. http://www.pwc.com/us/en/healthcare/publications/secondary-health-data.j... (accessed 4 Mar 2012).
    1. Code of Federal Regulations Title 45 Subpart E (Sections 164.500-534). Washington, DC: Office of the Federal Register.
    1. Code of Federal Regulations Title 45 Section 164.502(d)(2). Washington, DC: Office of the Federal Register.
    1. U.S. Code Title 42 Section 17954(c). Washington, DC: Office of Law Revision Counsel of the U.S. House of Representatives.

MeSH terms