CDT paper on de-identification of personal health data
The Health Privacy Project at the Center for Democracy & Technology today released a major paper advocating the need for stronger standards for “de-identified” personal health information when used for medical research, to promote public health, or other specialized purposes. Stronger standards are needed to ensure that â€œde-identifiedâ€ data cannot be re-identified in order to maintain patient privacy and build trust in the health care system.
â€œWe can promote greater protections for patient privacy â€“ and increase how data is accessed and used in our health care system â€“ through strong de-identification standards and policies,â€ said Deven McGraw, Director of CDTâ€™s Health Privacy Project.
However, technological advances have made it more difficult to ensure that data remains de-identified. In addition, current law may not provide sufficient incentives to use anonymized instead of fully identifiable data. CDT’s paper makes several policy recommendations on how to strengthen the current de-identification standard found in the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and increase the use of anonymized data for many health care purposes.
“This paper raises issues that we hope will spark additional discussions,â€ said CDT President Leslie Harris. “It is intended to be the beginning, and not the end, of a very important public dialogue.â€
The recommendations in the paper are based in part on a one-day workshop held by CDTâ€™s Health Privacy Project in September 2008, in which some of the nationâ€™s best thinkers on data security and policy explored issues associated with the de-identification of health data.
Health Privacy Project De-identification Paper [PDF] June 25, 2009