HIPAA Security Rules
De-Identifying Protected Health Information

Learn more about HIPAA-mandated de-identification and IRI solutions for it
De-identification refers to processes that disassociate personally identifiable information (PII) within protected health information (PHI) repositories and other "data at risk."
PHI de-identification is a specific requirement in the healthcare industry, where for example, it is used in both "safe harbor" and "expert determination method" practices in medical research (to remove patient identities from study models). De-identification is also a blanket term referring to the anonymization or masking of PII in many other industries.
The most recent Security Rule in HIPAA regulations (45 CFR Parts 160 and 164) spell out the compliance requirements for those entities managing PHI. HIPAA rules apply to 18 specific identifiers:
Name |
Address |
Birthdate |
Phone # |
Fax # |
Email Address |
Social Security # |
Medical Record # |
Health Insurance Beneficiary # |
Account # |
Certificate # |
Vehicle ID # |
Device ID # |
Personal URL |
IP Address |
Biometric ID |
Facial Image |
Other Unique ID Code |
Each of the data masking software products in the IRI Data Protector suite helps you find and classify, and then protect PII, PAN, PHI, etc. in multiple data sources for Safe Harbor rule compliance. They also work hand-in-hand with free, advanced re-ID risk scoring technology for compliance with the Expert Determination Method rule.
HIPAA compliance requires either:
Redaction - Safe Harbour
Manipulating, masking, or removing these key identifiers so that it is difficult or impossible to identify an individual or restore the original data.
De-Identification - Expert Determination Method
Stripping the identifiers, and generalizing quasi-identifiers until an expert determines the statistical risk of re-identification is very low.
HIPAA Data Compliance Course
Learn More about a three-hour online course covering de-identification and risk scoring processes on structured PHI data. It also includes sessions related to compliance certification, breach insurance, and breach claim defense.
Blog Article
Other Resources