Written by Julie K. Lappas
- Who is an “expert” for the purpose of rendering health information de-identified?
- How long is an expert determination valid for a given data set?
- How do experts assess the risk of identification of information?
- When can ZIP codes be included in de-identified information?
- What are examples of dates that are not permitted under the safe harbor standard?
- What constitutes “actual knowledge” in the context of the safe harbor standard?
The Guidance included a nice flow chart diagram that helps to demonstrate the two methods. (Source: HHS Guidance Regarding Methods for De-Identification of PHI in Accordance with the HIPAA Privacy Rule)
Member / Chair, Privacy & Cybersecurity Practice
Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.