Guide to the De-Identification of Personal Health Information
Offering compelling practical and legal reasons why de-identification should be one of the main approaches to protecting patients’ privacy, the Guide to the De-Identification of Personal Health Information outlines a proven, risk-based methodology for the de-identification of sensitive health information. It situates and contextualizes this risk-based methodology and provides a general overview of its steps.
The book supplies a detailed case for why de-identification is important as well as best practices to help you pin point when it is necessary to apply de-identification in the disclosure of personal health information. It also:
- Outlines practical methods for de-identification
- Describes how to measure re-identification risk
- Explains how to reduce the risk of re-identification
- Includes proofs and supporting reference material
- Focuses only on transformations proven to work on health information—rather than covering all possible approaches, whether they work in practice or not
Rated the top systems and software engineering scholar worldwide by The Journal of Systems and Software, Dr. El Emam is one of only a handful of individuals worldwide qualified to de-identify personal health information for secondary use under the HIPAA Privacy Rule Statistical Standard. In this book Dr. El Emam explains how we can make health data more accessible—while protecting patients’ privacy and complying with current regulations.
The Case for De-Identifying Personal Health Information. Permitted Disclosures, Consent, and De-identification of PHI. Permitted Uses and Disclosures of Health Information. The Impact of Consent. Data Breach Notifications. Peeping and Snooping. Unplanned but Legitimate Uses and Disclosures. Public Perception and Privacy Protective Behaviors. Alternative Methods for Data Access. Understanding Disclosure Risks. Scope, Terminology, and Definitions. Frequently Asked Questions about De-identification. A Methodology for Managing Re-identification Risk. Definitions of Identifiability. Data Masking Methods. Theoretical Re-identification Attacks. Measuring Re-Identification Risk. Measuring the Probability of Re-identification. Measures of Uniqueness. Modeling the Threat. Choosing Metric Thresholds. Practical Methods for De-Identification. De-identification Methods. Practical Tips. End Matter. An Analysis of Historical Breach Notification Trends. Methods of Attack for Maximum Journalist Risk. How Many Friends Do We Have? Cell Size Precedents. The Invasion of Privacy Construct. General Information on Mitigating Controls. Assessing Motives and Capacity. Invasion of Privacy.
By arguing persuasively for the use of de-identification as a privacy-enhancing tool, and setting out a practical methodology for the use of de-identification techniques and re-identification risk measurement tools, this book provides a valuable and much needed resource for all data custodians who use or disclose personal health information for secondary purposes. Doubly enabling, privacy-enhancing tools like these, that embrace privacy by design, will ensure the continued availability of personal health information for valuable secondary purposes that benefit us all.
—Dr. Ann Cavoukian, Information and Privacy Commissioner, Ontario, Canada