Good point Michael, a tougher question to James, though. I'm struggling with the concept of placing demographic info in one 'bucket' and what is apparently de-identified health info in another without a discernable link (logical or physical) between the two. I'm assuming that the demographic data represents those elements you consider PHI. If that is the case, what value and uses of the de-identified health data do you perceive to be available? Don't want to start a holy war, I'm just trying to jump start my imagination - thx- b
Bill Bernath Blue Cross Blue Shield of North Carolina Privacy Office (919) 765-7006 [EMAIL PROTECTED] >>> ORTENBERG Michael <[EMAIL PROTECTED]> 02/14/02 10:01AM >>> Health information that is not identifiable is not protected under HIPAA. So, if you can truly de-identify information, you do not need to worry about protecting the information from a HIPAA perspective. "The requirements of [HIPAA] do not apply to information that has been de-identified..." 164.502(d)(2) Michael A Ortenberg, Esq. -----Original Message----- From: McNamee, James [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 14, 2002 9:36 AM To: [EMAIL PROTECTED] Subject: De-identified PHI When a patient's health information is "connected" to their demographic information (and other specifically enumerated identifying data) it is defined to be PHI and it's privacy and security is governed under HIPAA. When it is "disconnected" from their demographic information (and other specifically enumerated identifying data) it becomes de-identified (so long as it can pass certain tests) and can be treated differently. Suppose in the process of de-identifying PHI we place patient health information into Bit Bucket A and patient demographic information (and other specifically enumerated identifying data) into Bit Bucket B. So long as there's no way to connect the information in Bit Buckets A and B, do we need to treat the contents of Bit Bucket B under HIPAA and differently than we treat the contents of Bit Bucket A? Jim ________________________________________ James E. McNamee, PhD Associate Dean of Information Services and CIO School of Medicine University of Maryland, Baltimore Information Services, Room 214 100 N. Greene St. Baltimore, MD 21201 voice: 410-706-2881 fax: 410-706-4871 e-mail: [EMAIL PROTECTED] ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address.
