De-Identification Toolkit

This toolkit is intended for a broad audience of health officials, privacy officers, public health practitioners, data managers and their attorneys. It highlights traditional, non-traditional and emerging data sources that provide useful and actionable data regarding local health and well-being. These de-identified data may be freely published on the internet or disclosed to a trusted data recipient.

It also provides public health practitioners and others with the tools and resources to better understand de-identification for improved collection and use activities, and to more freely, safely and legally disclose de-identified data needed for the community’s information infrastructure. As de-identification is a delicate process involving a variety of statistical and scientific methods to balance data utility against the risk of breaching an individual’s privacy, leadership should both govern and manage data disclosure, and ensure that it is performed by appropriately trained and experienced individuals.

The toolkit below contains an issue brief which provides an overview of the importance of access to timely and relevant health and non-health de-identified data, de-identification and the law, de-identification methods, re-identification studies, risks of bad de-identification and a four-step approach to analyzing de-identified data sharing. It also provides a range of tools and resources to assist public health practitioners, privacy officers, data managers and their attorneys share de-identified data legally and safely.

Fact Sheet: De-identification is an Important Tool to Make Data Available to Communities

Generally, once public health removes or obscures personal identifying information within a data set, law does not constrain the use or disclosure of the remaining data. De-identification enables public health to collect and share data without violating individuals’ privacy or law.

Read More

Project Overview: Project Tycho

Project Tycho illustrates the power of the use of de-identified data to quantify the impact that vaccine licensure has on the spread of disease.

Read More

Project Overview: Robert Wood Johnson Foundation Culture of Health Sentinel Community Snapshots: Mobile, Alabama

This document is intended to provided a project overview of the Robert Wood Johnson Foundation Culture of Health Sentinel Community Snapshots: Mobile, Alabama.

Read More

Project Overview: The Memphis Community Health Record Project

The Community Health Record is a framework and tool for the community to simultaneously use, aggregate and integrate data and information. Importantly, this project’s leadership understood that privacy is a balance and that collaboration is essential for data sharing. 

Read More

Checklist of Review Criteria for Public Health Agencies to Evaluate Proposed Collection, Access and Sharing of De-identified Data

The checklist is intended to guide public health practitioners in identifying appropriate review criteria to analyze factual information concerning de-identified data collection, access and sharing.

Read More

Checklist of Factual Information Needed for Public Health Agencies to Address Proposed Data Collection, Access and Sharing

The tool is intended to assist public health practitioners in providing relevant factual information to resolve questions about proposed data collection, access and sharing.

Read More

De-Identification: As Described by Federal Statutes

Most laws either do not apply to de-identified information or permit disclosure of de-identified information. While de-identified information can usually be freely disclosed, how laws define whether information is sufficiently de-identified vary. This table sets out legal provisions that apply to disclosure of de-identified information under selected federal laws and provides definitions, criteria or standards that are relevant to determinations of whether information is de-identified.

Read More

De-Identification Table: Guidance from the Courts

This table describes a number of these cases in which courts have discussed de-identification and/or evaluated risk of re-identification in some level of depth. Depending on the law, de-identification may require removal of certain data elements and/or a case-by-case determination of the risk of re-identification.

Read More

HIPAA Privacy Rule’s Safe Harbor De-Identification Method

This document is intended to provided a quick reference for the HIPAA Privacy Rule’s Safe Harbor De-Identification Method.

Read More

HIPAA Expert Determination De-Identification Method

This document is intended to provide a quick reference for the HIPAA Privacy Rule’s Expert Determination de-identification method.

Read More

Statistical or Scientific De-Identification Fact Sheet

“Statistical or scientific de-identification” is an important tool to assist public health in negotiating its dual and sometimes conflicting missions – maintaining the privacy of the information it collects and sharing the information broadly with the community in a legal and privacy protective manner. This fact sheet provides an overview of statistical and scientific de-identification methods of structured data, such as lab values and patient demographics, where the data are entered utilizing pre-defined fields from within the record. 

Read More

De-Identification of Health Data: Law and Practice

This document is intended to provide a quick list of law and policy resources in regard to the de-identification of data.

Read More