When a patient's health information is "connected" to their demographic information (and other specifically enumerated identifying data) it is defined to be PHI and it's privacy and security is governed under HIPAA. When it is "disconnected" from their demographic information (and other specifically enumerated identifying data) it becomes de-identified (so long as it can pass certain tests) and can be treated differently.
Suppose in the process of de-identifying PHI we place patient health information into Bit Bucket A and patient demographic information (and other specifically enumerated identifying data) into Bit Bucket B. So long as there's no way to connect the information in Bit Buckets A and B, do we need to treat the contents of Bit Bucket B under HIPAA and differently than we treat the contents of Bit Bucket A? Jim ________________________________________ James E. McNamee, PhD Associate Dean of Information Services and CIO School of Medicine University of Maryland, Baltimore Information Services, Room 214 100 N. Greene St. Baltimore, MD 21201 voice: 410-706-2881 fax: 410-706-4871 e-mail: [EMAIL PROTECTED] ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address.
