Quick Guide to Data De-Identification

Quick Guide to Data De-Identification

Administration

How to update your profile information? How to update your profile information? How to Manage Your Billing Details?How to Manage Your Billing Details?

Research Projects

What are Research Projects?What are Research Projects?How to set up a Research ProjectHow to set up a Research ProjectHow to add a new participant?How to add a new participant?How to edit a participant?How to edit a participant?Can I add other Researchers to my account?Can I add other Researchers to my account?Team Roles Team Roles

Transcription

Can I send a personalized template?Can I send a personalized template?Do you have any examples of transcriptions in Spanish?Do you have any examples of transcriptions in Spanish?Do you transcribe and/or translate in other languages?Do you transcribe and/or translate in other languages?Accepted  File Formats for TranscriptionAccepted File Formats for TranscriptionWhat is speaker tracking?What is speaker tracking?What are timestamps?What are timestamps?What is the difference between non-verbatim and strict verbatim?What is the difference between non-verbatim and strict verbatim?What is your standard turnaround time?What is your standard turnaround time?What is your rush turnaround time?What is your rush turnaround time?What is de-identification?What is de-identification?

Translation

How much do you charge for a translation service?How much do you charge for a translation service?How do you guarantee translation accuracy?How do you guarantee translation accuracy?What languages do you translate?What languages do you translate?If I need a certificate, can you provide one?If I need a certificate, can you provide one?How to request a translation? Step-by-step guideHow to request a translation? Step-by-step guideHow to download a translation? - Step by step guideHow to download a translation? - Step by step guide

Platform Navigation

How do I set up an account?How do I set up an account?I forgot my password, can you help?I forgot my password, can you help?Should I create a separate request for each file or can I upload multiple files at once?Should I create a separate request for each file or can I upload multiple files at once?How to request a Transcript - Step-by-Step GuideHow to request a Transcript - Step-by-Step GuideHow to download a Transcription- Step-by-Step GuideHow to download a Transcription- Step-by-Step Guide

Security and Confidentiality

Is Landmark secure?Is Landmark secure?Can you sign a Confidentiality Agreement?Can you sign a Confidentiality Agreement?I need a Non-Disclosure Agreement, do you have one?I need a Non-Disclosure Agreement, do you have one?Are you HIPAA compliant?Are you HIPAA compliant?How can I delete my files from your platform?How can I delete my files from your platform?

Pricing and Payment

I need a custom quote for my research projectI need a custom quote for my research projectDo you have volume discounts?Do you have volume discounts?Where do I pay my invoice?Where do I pay my invoice?Selecting a Payment MethodSelecting a Payment MethodRequesting an InvoiceRequesting an InvoiceHow to Pay OnlineHow to Pay Online

Helpful Articles

Protecting Human Research Participants (PHRP)Protecting Human Research Participants (PHRP)Importing Documents in Nvivo10 in 3 minutesImporting Documents in Nvivo10 in 3 minutesUsing AtlasTI for qualitative data analysisUsing AtlasTI for qualitative data analysisQuick Guide to Data De-IdentificationQuick Guide to Data De-IdentificationHow to create an account?How to create an account?

Quick Guide to Data De-Identification

De-identification involves the removal of personally identifying information in order to protect personal privacy.

In terms of health information, data is considered de-identified under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule when a number of specified data elements are removed.

What is De-Identified Data?

Data is de-identified when

●  All 18 HIPAA-specific direct and indirect identifiers have been removed (Safe Harbor method)

●  Data is determined by expert opinion to have a low probability of re-identification.

Example

Interviewer:  When was the first time you heard about the [Organization]?

Interviewee:   Ten years ago. I was a student at [University] and one of my professors told us about [Organization] and their work.

To view a complete example click on the link below.

De-identification-Sample.doc29.0KB

What is PHI?

Individually identifiable health information, including demographic information, that is created or received by a covered entity and that relates to the past, present, or future physical or mental health of an individual, provision of healthcare to an individual, or past, present, or future payment for the provision of healthcare to an individual.

The presence of at least one of 18 HIPAA-designated direct and indirect identifiers in a data set makes the whole data set Protected Health Information.

1. Name

2. Social Security numbers

3. Telephone numbers

4. Addresses and all geographic information smaller than a state

5. All elements of dates (except year), including date of: birth, admission, discharge, and death; and all ages over 89

6. Fax numbers

7. E-mail addresses

8. Medical record numbers

9. Health Plan Beneficiary numbers

10. Account numbers

11. Certificate/license numbers

12. Vehicle identifiers and serial numbers, including license plate numbers

13. Device identifiers and serial numbers

14. Web Universal Resource Locators (URLs)

15. Internet Protocol (IP) addresses

16. Biometric identifiers, including finger and voice prints

17. Full face photographic images and comparable images

18. Any other unique identifying number, characteristic, or code: Any code or other means of record identification that is derived from PHI that must be removed in order for the data to be considered de-identified per the Safe Harbor method.

My research involves the use of PHI, what steps do I take?

Entities covered by HIPAA may share a limited data set for research purposes permitted by the Privacy Rule under one indisputable condition. All recipients must bound by a data use agreement with the originator of the data.

If you are a researcher seeking to access, obtain, or use PHI from a HIPAA covered entity for research purposes, then you may require  a signed authorization for that use from the patient/participant, or otherwise justify an exception from that requirement.

In either case, you will be required to have an IRB-approved protocol.

Tips for de-identifying participants

  • Plan or apply editing at time of transcription except: longitudinal studies – de-identify when data collection complete (linkages)
  • Avoid blanking out: use pseudonyms or replacements • Avoid over-anonymising: removing / aggregating information in text can distort data, make them unusable, unreliable or misleading
  • Consistency within research team and throughout project
  • Show replacements, e.g. with [brackets]
  • Keep a log of all replacements, aggregations or removals made – keep separate from de-identified data files
  • Text anonymisation helper tool can help you find disclosive information to remove or pseudonymise in text files
  • MS Word macro to find and highlight numbers and words starting with capital letters in text, which are often disclosive, e.g. as names, companies, birth dates, addresses, educational institutions and countries

Regulatory Resources

Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub. L. No. 104-191, § 264 (1996), codified at 42 U.S.C. § 1320d; Standards for Privacy of Individually Identifiable Health Information, 45 C.F.R. § 160 (2002), 45 C.F.R. § 164 subpts. A, E (2002).

← Previous
Next →