04. Storing and Accessing PHI Data

Storing and Accessing PHI Data

ND320 AIHCND C01 L01 A04 Storing And Accessing PHI Data

De-identifying a Dataset

De-identifying a dataset refers to the removal of identifying fields like name, address from a dataset. De-Identification is done to reduce privacy risks to individuals and support the secondary use of data for research and such.

This is not something you should be doing on your own. HIPAA has two ways that you can use to de-identify a dataset.

The first method is the Expert Determination Method and this is done by a statistician that determines there is a small risk that an individual could be identified.

The second method is called Safe Harbor and it refers to the removal of 18 identifiers like name, zip code, etc.

Limited Latitude: Very limited scope of work. EHR Data can only be used for the purpose granted.

Additional Resources

De-Identification Rationale

Scenario for compliant services

A coworker is excited about a new cloud service that just came out and wants to build a model. What are some key things in regard to storing and accessing PHI data that you might ask them?

SOLUTION:
  • Ask about whether the cloud service is an approved BAA service
  • Ask about if the data for the model is being stored in an encrypted storage location such as a cloud bucket.

Reflect on PHI

QUESTION:

Take a moment and reflect on what are the key takeaways that you have so far from the course and also think about what are areas that you would like to explore further. This first part is intended to give you a general context on the data security and privacy landscape surrounding EHR data and there is much more information to learn as you get deeper into the field.

ANSWER:

Thanks for your response and hopefully this moment to reflect helps you think deeper about how data privacy and security form an important foundation for allowing us to use EHR data.