OCR releases HIPAA privacy rule guidance on de-identifying PHI

more+
less-

Just two and a half years after hosting a workshop on the HIPAA Privacy Rule's de-identification standard, OCR has issued its "Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule." Like they say, it's not rocket surgery -- and there are few surprises here. One area worth reviewing is the expert determination section -- for those of you using, or considering the use of, expert opinions to guide your de-identification programs.

When it comes to HIPAA compliance, these guidelines provide a greater measure of certainty regarding the privacy rule for folks in the secondary use of health data market. It remains to be seen whether the market has anticipated the content of these guidelines or whether there will be an uptick in the secondary use market, and further growth of "big data" in health care and/or an increase in the proliferation of health management tools (including mHealth apps using this population health data), as a result of the guidelines' release.

LOADING PDF: If there are any problems, click here to download the file.