De-identification

Biological data may be de-identified in order to comply with HIPAA regulations that define and stipulate patient privacy laws.

Pseudonymization is the main technique used to mask personal identifiers from data records, and k-anonymization is usually adopted for generalizing quasi-identifiers.

New combination of QI values prevents the individual from being identified and also avoid destroying data records.

[11] In May 2014, the United States President's Council of Advisors on Science and Technology found de-identification "somewhat useful as an added safeguard" but not "a useful basis for policy" as "it is not robust against near‐term future re‐identification methods".

These mechanisms center on two HIPAA de-identification standards – Safe Harbor and the Expert Determination Method.

Safe harbor relies on the removal of specific patient identifiers (e.g. name, phone number, email address, etc.

[22] The safe harbor method uses a list approach to de-identification and has two requirements: Expert Determination takes a risk-based approach to de-identification that applies current standards and best practices from the research to determine the likelihood that a person could be identified from their protected health information.

It requires: The key law about research in electronic health record data is HIPAA Privacy Rule.

This law allows use of electronic health record of deceased subjects for research (HIPAA Privacy Rule (section 164.512(i)(1)(iii))).

While a person can usually be readily identified from a picture taken directly of them, the task of identifying them on the basis of limited data is harder, yet sometimes possible.