De-Identification of PHI under HIPAA – Follow the Guidance to Avoid Penalties

By Visited 1 times , 1 Visits today

Start Date: 2020-09-18
End Date: 2020-09-18
Time: 10:00 am to 11:30 am

Phone: 1-800-385-1607

Location: 39658 Mission Boulevard, Fremont, CA 94539, USA.


Get Direction View Large Map



Today health information needs to be shared more than ever, but how can that be done most easily within the limits of HIPAA? One way is to de-identify the information. Once PHI has been de-identified, it is no longer protected under HIPAA and may be shared freely without limitation. The problem is that it is not easy to truly de-identify information and if it is not done correctly, the sharing of the information may be considered a breach that requires reporting to HHS and the potential for penalties and corrective action plans.

De-identification of Protected Health Information requires removing all eighteen of the listed identifiers, or anything else that might be used to identify the individual about whom the information exists. Or you can have an expert certify that the information is not identifiable. But neither of these is foolproof. You need to look more closely to be sure the data cannot be identified. You may wish to communicate with another provider, or with an agency that is not covered under HIPAA, using plain e-mail, but you want to strip out the name and use a code that both parties understand. Is that sufficient to allow the use of plain e-mail? You need to run though some examples and some tests to make sure before you go ahead.

The necessity to consider the context of information is essential, especially when the information is unique. A staff member may think a photo of an injury has no identification on it and by itself is not PHI, but if the photo is posted on the staff member’s Facebook page shortly after the incident and it’s a small town and everyone knows whose injury it is, it’s been identified by the context. Sometimes you may need information for research that does not require specific identification of the individual, but does need some information listed in the eighteen identifiers, such as Zip code, dates of birth or death, or dates of treatment. In those cases, often partially de-identified data, known as a Limited Data Set, will suffice, and such data can be used without obtaining an Authorization or approval by a review board. The information must still be protected with HIPAA-quality security, but it can be used for research under a Data Use Agreement.

There are specific steps that you must go through to ensure that if you want to de-identify PHI, you actually do so properly, and that the resulting information is truly de-identified and its use or disclosure will not result in a reportable breach under HIPAA. If you create a Limited Data Set, you need to ensure the proper agreements are in place and the information is transmitted securely. If de-identification or a Limited Data Set are not possible, the appropriate Authorizations or approvals must be in place before sharing the data. This session will explore the concepts and methods of de-identification and many of the typical questions that arise. Attendees will be able to go forward with de-identification with greater confidence, and better sharing of information will be possible.

Registration Information

Click the link for registration or ticketing information:

Registration URL


Organized by :  Webinarhealth Organizer's Address : 39658 Mission Boulevard, Fremont, CA 94539, USA. Tel : 1-800-385-1607 Website :

About the Organizers :

WebinarHealth is a comprehensive training source for healthcare professionals. Our trainings are high on value, but not on cost. WebinarHealth is the right training solution for healthcare professionals. With WebinarHealth, healthcare professionals can make use of the best benefits relating to their professional training.