Statistical De-identification of Confidential Health Data

Event Detail

General Information
Tuesday, October 18, 2005 - Thursday, October 20, 2005
Days of Week:
Target Audience:
Academic and Practice
DIMACS Center, CoRE Building, Rutgers University
Event Details/Other Comments:

Workshop Announcement:
This DIMACS short course will provide researchers, analysts and managers with an overview of the federal HIPAA Privacy regulations and an introduction to the principles and methods of statistical disclosure limitation that can be used to statistically de-identify healthcare data to meet privacy regulations.
The Health Insurance Portability and Accountability Act of 1996
(HIPAA) established the Standards for the Privacy of Individually Identifiable Health Information (i.e., HIPAA Privacy Rule), which provides privacy protections for the personal health information (PHI) of individuals. These federal regulations became effective April 14,
2003 and have wide reaching implications for many important uses of healthcare information.
Prior to the implementation of the privacy rule, epidemiologic, healthcare systems and other types of biomedical research had been routinely conducted with administrative healthcare data, with such analyses demonstrating considerable utility and value. The recent implementation of the HIPAA privacy standards, however, has necessitated dramatic changes in the process of conducting many analyses with administrative data. The privacy rule "safe-harbor"
provision requires the removal of 18 types of identifying information before the resulting "de-identified" data can be used without restriction. This safe-harbor approach necessitates the removal of specific dates of patient care and lower level geographic information (such as 5 digit zip codes), which can greatly diminish the utility of such data for many analytic purposes. An alternative approach permitted under the privacy rule is the "statistical de-identification" of PHI certified by an expert statistician. Conducting analyses with statistically de-identified healthcare data is an attractive option because such data can be used without privacy rule restrictions.
In order for data to be considered statistically de-identified, "statistical disclosure" analyses must be conducted and documented which determine that the re-identification risks for the data are "very small". The principles and methods of statistical disclosure analysis and disclosure limitation address the risk that persons might be identifiable from information about them in data sets and provide a variety of methods by which risks of disclosure can be measured and reduced to acceptably low levels.
Course Objectives
This two-and-a-half day short course will provide participants with a detailed overview of the HIPAA privacy regulations, theory and methods for statistical disclosure limitation, and applied experience with disclosure limitation methods. Participants completing the course should be able to: 1) understand the permissible uses of healthcare data for various purposes under the HIPAA regulations; 2) conceptualize and document data intrusion scenarios; 3) conduct and document statistical disclosur