Health information that is not identifiable is not protected under HIPAA. So, if you can truly de-identify information, you do not need to worry about protecting the information from a HIPAA perspective.
"The requirements of [HIPAA] do not apply to information that has been de-identified..." 164.502(d)(2) Michael A Ortenberg, Esq. -----Original Message----- From: McNamee, James [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 14, 2002 9:36 AM To: [EMAIL PROTECTED] Subject: De-identified PHI When a patient's health information is "connected" to their demographic information (and other specifically enumerated identifying data) it is defined to be PHI and it's privacy and security is governed under HIPAA. When it is "disconnected" from their demographic information (and other specifically enumerated identifying data) it becomes de-identified (so long as it can pass certain tests) and can be treated differently. Suppose in the process of de-identifying PHI we place patient health information into Bit Bucket A and patient demographic information (and other specifically enumerated identifying data) into Bit Bucket B. So long as there's no way to connect the information in Bit Buckets A and B, do we need to treat the contents of Bit Bucket B under HIPAA and differently than we treat the contents of Bit Bucket A? Jim ________________________________________ James E. McNamee, PhD Associate Dean of Information Services and CIO School of Medicine University of Maryland, Baltimore Information Services, Room 214 100 N. Greene St. Baltimore, MD 21201 voice: 410-706-2881 fax: 410-706-4871 e-mail: [EMAIL PROTECTED] ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address.
