SNIA Developer Conference September 15-17, 2025 | Santa Clara, CA
Abstract
HIPAA Privacy Rules protect individually identifiable health information held by covered entities and gives patients’ rights with respect to that information. The Privacy Rule is balanced so that it allows disclosure of health information needed for patient care and other important purposes. Researchers and software developers can obtain valuable information from health data repositories. Analytics can determine correlations between variables that can improve patient care. Developers can integrate functionality into a electronic health record (EHR) systems if the data they use supports testing that functionality. PHI presents a unique challenge in that de-identification of data can invalidate the conclusions that may be drawn. Data may be de-identified based two standard methods; “Expert Determination” (statistical analysis) and “Safe Harbor” (removing data elements). The “Safe Harbor” method requires that 18 specific data elements be de-identified. Some of these have relevance to the value of the resulting data repository.
Learning Objectives
Examine the value of realistic information in research and software testing
Explore the challenges of de-identifying health data in accordance with HIPAA
Identify the 18 data elements that must be de-identified and the value they represent
Compare and contrast the two standard methods for de-identifying health data in accordance with HIPAA