That's a loaded question. I would still say "No" they should still be treated the same. Somehow, you (within your purview) would want (nee, have to have) some kind of "identifier" to be able to link back to the patient, on your end. Suppose you send out aggregate data to a benchmarking entity, and benchmark results are then made available to you which might necessitate you getting back to the individual patient record...for conformance purposes. How would you ever do that, without having created some other identifier for your own use, in both Bit Buckets A & B? And, it's my understanding that even that list of identifiers, must be kept confidential as well.
I'm not really answering the question am I? I'm just saying, it doesn't seem like there would ever be a "truly de-identified" PHI ... so your Bit Buckets should be treated the same. Thanks, Scott Supman Information Security Director OhioHealth ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address.
