What is De-Identified PHI?

Posted by Thomas Davon on

Not every data is considered a Protected Health Information (PHI). The HIPAA provides what is known as De-identified Health Information (DHI).  This De-identified Health Information (DHI) is not used to identify and individual and it also does not provide any reasonable grounds for identifying an individual. Because of this, there is provision for the restriction of the use of De-identified Health Information (DHI) and neither does it make any provision for its disclosure as well. However, the Health Insurance Portability and Accountability Act (HIPAA) stipulates explicitly manners an information can be de-identified, and if the method stated is followed and used to de-identify an information, that information will longer be considered a Protected Health Information (PHI).

 

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule grants permissions to Covered Entities (CEs) and Business Associates (BAs) to use the Privacy Rule’s required method to de-identifying information. They can freely create and disclose such information that is not individually identifiable using the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule provides two methods that can be used by CEs and BAs to de-identify information, they are:

  • A formal determination by an expert that is qualified
  • The removal of specified individual identifiers and the absence of actual knowledge by the Covered Entities (CEs) that the remaining information could be used alone or in combination with other information to identify the individual.

 

A Covered Entity (CE) may decide to use a Business (BA) to de-identify a Protected Health Information (PHI). It is important to know that you sometimes need more than just removing the identifiers that are stipulated in the HIPAA Privacy Rule to de-identify information. But once any information has been de-identified, it seizes to become a Protected Health Information (PHI) and as such may be used or disclosed by a Covered Entity (CE) or its Business Associate (BA) as long as it is also not violating any other law.


← Older Post Newer Post →


Leave a comment

Please note, comments must be approved before they are published.