Re: [CODE4LIB] Anonymizing address data
The great thing about compliance stuff like HIPPA/FERPA/PCI, etc. is that they're so open to interpretation... By lawyers. On Thursday, June 5, 2014, Thomas Kula tlk2...@columbia.edu wrote: The great thing about compliance stuff like HIPPA/FERPA/PCI, etc. is that they're so open to interpretation. My general rule when dealing with any compliance issue is to make sure my university general counsel's office is happy with whatever I do. Yes, it can be a pain to do that, but you'll be better off in the long run. If they're happy and a legal issue comes up, it's their problem, not mine, which is generally where I want to be when it comes to compliance issues On Thu, Jun 05, 2014 at 12:07:56AM +, Sam Kome wrote: I'm not up on HIPPA and I am not a lawyer. Years ago I created a system for anonymizing address data that passed muster with the FCC and US Census bureau. In a nutshell we had a third party create a unique hash to identify the record, and geocode to the US Census block group. We never handled let alone stored the name or address ourselves. We had an independent auditor audit our outsource party and our datasets. Block group is the US Census standard for protecting privacy - it really depends on what other data you retain though as to being able to reconstruct identity. Cheers! -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU javascript:;] On Behalf Of Simon Spero Sent: Monday, June 02, 2014 2:38 PM To: CODE4LIB@LISTSERV.ND.EDU javascript:; Subject: Re: [CODE4LIB] Anonymizing address data This book might be useful (it's a year old) Anonymizing Health Data http://shop.oreilly.com/product/0636920029229.do Case Studies and Methods to Get You Started By Khaled El Emam, Luk Arbuckle http://shop.oreilly.com/product/0636920029229.do#tab_03_0 Publisher: O'Reilly Media Released: December 2013 Pages: 212 On Mon, Jun 2, 2014 at 3:40 PM, Kyle Banerjee kyle.baner...@gmail.com javascript:; wrote: HIPPA compliant data cannot include personally identifiable information, a category which includes address. The safe harbor approach where geographic subdivisions smaller than states cannot be used frequently renders data useless. The expert determination method is always an option and precompiling can work in certain cases, but I was wondering what other methods people have successfully employed? Thanks, kyle -- Thomas L. Kula tlk...@columbia.edu javascript:; Senior Systems Engineeer, Unix Systems Group Library Information Technology Office Columbia University in the City of New York -- Cary Gordon The Cherry Hill Company http://chillco.com
Re: [CODE4LIB] Anonymizing address data
I'm not up on HIPPA and I am not a lawyer. Years ago I created a system for anonymizing address data that passed muster with the FCC and US Census bureau. In a nutshell we had a third party create a unique hash to identify the record, and geocode to the US Census block group. We never handled let alone stored the name or address ourselves. We had an independent auditor audit our outsource party and our datasets. Block group is the US Census standard for protecting privacy - it really depends on what other data you retain though as to being able to reconstruct identity. Cheers! -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Simon Spero Sent: Monday, June 02, 2014 2:38 PM To: CODE4LIB@LISTSERV.ND.EDU Subject: Re: [CODE4LIB] Anonymizing address data This book might be useful (it's a year old) Anonymizing Health Data http://shop.oreilly.com/product/0636920029229.do Case Studies and Methods to Get You Started By Khaled El Emam, Luk Arbuckle http://shop.oreilly.com/product/0636920029229.do#tab_03_0 Publisher: O'Reilly Media Released: December 2013 Pages: 212 On Mon, Jun 2, 2014 at 3:40 PM, Kyle Banerjee kyle.baner...@gmail.com wrote: HIPPA compliant data cannot include personally identifiable information, a category which includes address. The safe harbor approach where geographic subdivisions smaller than states cannot be used frequently renders data useless. The expert determination method is always an option and precompiling can work in certain cases, but I was wondering what other methods people have successfully employed? Thanks, kyle
Re: [CODE4LIB] Anonymizing address data
I would perhaps look at something like the MITRE Identification Scrubber Toolkit: http://mist-deid.sourceforge.net/ Mark -- Mark A. Matienzo m...@matienzo.org Director of Technology, Digital Public Library of America On Mon, Jun 2, 2014 at 3:40 PM, Kyle Banerjee kyle.baner...@gmail.com wrote: HIPPA compliant data cannot include personally identifiable information, a category which includes address. The safe harbor approach where geographic subdivisions smaller than states cannot be used frequently renders data useless. The expert determination method is always an option and precompiling can work in certain cases, but I was wondering what other methods people have successfully employed? Thanks, kyle
Re: [CODE4LIB] Anonymizing address data
This book might be useful (it's a year old) Anonymizing Health Data http://shop.oreilly.com/product/0636920029229.do Case Studies and Methods to Get You Started By Khaled El Emam, Luk Arbuckle http://shop.oreilly.com/product/0636920029229.do#tab_03_0 Publisher: O'Reilly Media Released: December 2013 Pages: 212 On Mon, Jun 2, 2014 at 3:40 PM, Kyle Banerjee kyle.baner...@gmail.com wrote: HIPPA compliant data cannot include personally identifiable information, a category which includes address. The safe harbor approach where geographic subdivisions smaller than states cannot be used frequently renders data useless. The expert determination method is always an option and precompiling can work in certain cases, but I was wondering what other methods people have successfully employed? Thanks, kyle