Unlocking our Health Information: An Overview of De-identification under HIPAA

Summary

Many healthcare organizations seek to leverage the value of the vast amount of individually identifiable health data they have for a number of purposes (e.g., to improve patient outcomes, develop new treatments, study disease patterns, and train artificial or augmented intelligence algorithms). Often, health plans, healthcare clearinghouses, and healthcare providers subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) will de-identify patients' and health plans' identifiable health information by removing certain identifiers so they can use and disclose that data outside the restrictions of the HIPAA Privacy Rule while protecting individuals' privacy. This practice note discusses the issues associated with de-identifying protected health information (PHI) as permitted by HIPAA.