Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in Health Privacy/HIPAA

OCR Releases Guidance on PHI De-Identification in Accordance with HIPAA

On November 26, the U.S. Department of Health and Human Services’ Office for Civil Rights released guidance on methods for de-identification of protected health information in keeping with the HIPAA Privacy Rule (as required under the HITECH Act).   The guidance answers questions related to each of the permissible de-identification methods – the expert determination (statistician) method and safe harbor method.  It incorporates comments and stakeholder feedback received during a March 2010 workshop.

The guidance does not contain any surprises, but does confirm many commonly-accepted interpretations of the Privacy Rule related to de-identification and also provides helpful additional detail concerning some of the technical aspects of the two de-identification methodologies.

The full text of the guidance can be found at: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/De-identification/hhs_deid_guidance.pdf.