Building Public Trust in Uses of Health Insurance Portability and Accountability Act De-identified Data

Overview

Journal J Am Med Inform Assoc

Publisher Oxford University Press

Specialty Medical Informatics

Date 2012 Jun 28

PMID 22735615

Citations 35

Authors

Deven McGraw

Affiliations

Soon will be listed here.

Abstract

Objectives: The aim of this paper is to summarize concerns with the de-identification standard and methodologies established under the Health Insurance Portability and Accountability Act (HIPAA) regulations, and report some potential policies to address those concerns that were discussed at a recent workshop attended by industry, consumer, academic and research stakeholders.

Target Audience: The target audience includes researchers, industry stakeholders, policy makers and consumer advocates concerned about preserving the ability to use HIPAA de-identified data for a range of important secondary uses.

Scope: HIPAA sets forth methodologies for de-identifying health data; once such data are de-identified, they are no longer subject to HIPAA regulations and can be used for any purpose. Concerns have been raised about the sufficiency of HIPAA de-identification methodologies, the lack of legal accountability for unauthorized re-identification of de-identified data, and insufficient public transparency about de-identified data uses. Although there is little published evidence of the re-identification of properly de-identified datasets, such concerns appear to be increasing. This article discusses policy proposals intended to address de-identification concerns while maintaining de-identification as an effective tool for protecting privacy and preserving the ability to leverage health data for secondary purposes.

Citing Articles

Security Implications of AI Chatbots in Health Care.

Li J J Med Internet Res. 2023; 25:e47551.

PMID: 38015597 PMC: 10716748. DOI: 10.2196/47551.

Report of the Medical Image De-Identification (MIDI) Task Group - Best Practices and Recommendations.

Clunie D, Flanders A, Taylor A, Erickson B, Bialecki B, Brundage D ArXiv. 2023; .

PMID: 37033463 PMC: 10081345.

US Residents' Preferences for Sharing of Electronic Health Record and Genetic Information: A Discrete Choice Experiment.

Wagner A, Zhang F, Ryan K, Xing E, Nong P, Kardia S Value Health. 2023; 26(9):1301-1307.

PMID: 36736697 PMC: 10956475. DOI: 10.1016/j.jval.2023.01.015.

Distributed learning for heterogeneous clinical data with application to integrating COVID-19 data across 230 sites.

Tong J, Luo C, Nazmul Islam M, Sheils N, Buresh J, Edmondson M NPJ Digit Med. 2022; 5(1):76.

PMID: 35701668 PMC: 9198031. DOI: 10.1038/s41746-022-00615-8.

An efficient and accurate distributed learning algorithm for modeling multi-site zero-inflated count outcomes.

Edmondson M, Luo C, Duan R, Maltenfort M, Chen Z, Locke Jr K Sci Rep. 2021; 11(1):19647.

PMID: 34608222 PMC: 8490431. DOI: 10.1038/s41598-021-99078-2.

References

Safran C, Bloomrosen M, Hammond W, Labkoff S, Markel-Fox S, Tang P . Toward a national framework for the secondary use of health data: an American Medical Informatics Association White Paper. J Am Med Inform Assoc. 2006; 14(1):1-9. PMC: 2329823. DOI: 10.1197/jamia.M2273. View

Benitez K, Malin B . Evaluating re-identification risks with respect to the HIPAA privacy rule. J Am Med Inform Assoc. 2010; 17(2):169-77. PMC: 3000773. DOI: 10.1136/jamia.2009.000026. View

El Emam K . Methods for the de-identification of electronic health records for genomic research. Genome Med. 2011; 3(4):25. PMC: 3129641. DOI: 10.1186/gm239. View

Sweeney L . Guaranteeing anonymity when sharing medical data, the Datafly System. Proc AMIA Annu Fall Symp. 1997; :51-5. PMC: 2233452. View

. Protection of human subjects. Code Fed Regul Public Welfare. 1995; Title 45(Sections 46-101 to 46-409):Unknown. View