News Feature | July 23, 2014

Protect Patient Data With De-Identification

Christine Kern

By Christine Kern, contributing writer

EHR Cuts Admission At Hospital

Study shows de-identification highly effective in protecting patient privacy.

With the new emphasis on EHRs and sharing of patient records, healthcare providers’ need to protect privacy becomes more important than ever. Strong de-identification of data, prior to its use or disclosure for secondary purposes, is one of the most effective ways to protect the privacy of individuals.

Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian, and Canada Research Chair in Electronic Health Information, Dr. Khaled El Emam, have issued a new white paper, “De-identification Protocols: Essential for Protecting Privacy.”

This study concludes there can be far-reaching implications for both parties if organizations do not strongly protect the privacy of individuals in the information being sought for secondary uses. When individuals lose their trust and confidence in the ability of an organization to protect their privacy, the reputation of that organization will be irreparably damaged in the process.

"De-identification remains one of our strongest and most important tools for protecting privacy," said Dr. Cavoukian. "To suggest that information may only be de-identified at the expense of data quality is based on an outdated zero-sum paradigm.

Challenging recent reports that suggest that call into question the usefulness of de-identification, Cavoukian wrote, “We need to continue working towards perfecting de-identification techniques and re-identification risk management frameworks, thereby ensuring that de-identification remains an essential tool in protecting privacy, both now, and well into the future."

Clarifying what it means to properly de-identify personal information, the study argues that the vast majority of information may be de-identified in a manner that provides for both a high degree of privacy protection and ensures a strong level of data quality. This high level of quality is critical for leveraging data and getting meaningful value out of it. There are many data uses that are vital to the public interest and that have significant commercial benefits. Existing evidence suggests that proper de-identification is difficult to reverse; it is important to use de-identification best practices.

"De-identification enables organizations to confidently share data for secondary purposes. As these organizations, in healthcare and other industries, look to drive greater efficiencies, solve societal problems and encourage innovation, de-identification best practices can make the essential fuel, data, available in a responsible way," said Dr. Khaled El Emam. "Additionally, these greater uses of de-identified information are possible since it falls outside the scope of privacy legislation and is not subject to the same limitations that are imposed on the collection, use and disclosure of personally identifiable information."

The full article may be downloaded here.