|
|
 |
|
UTMB HANDBOOK OF OPERATING PROCEDURES
|
Section 3 Compliance Policies
Subject 6.2 Privacy Related
Policy 6.2.29 De-Identification of PHI
|
05/12/03 – Originated
10/08/07 - Reviewed w/ changes
Compliance -Author
|
De-Identification of PHI
Definitions
|
Institutional Review Board (IRB): A committee group comprised of UTMB personnel and community representatives with varying backgrounds and professional experience that review and approve the research protocol involving human subjects.
Authorized User: An individual that is granted access to Protected Health Information (PHI) through an authorization or IRB waiver or an individual who is performing an activity related to health care operations.
De-identification: Health information that does not identify an individual in any manner with no reasonable basis to believe that the information can be used to identify the individual.
Health Care Operations: Activities related to UTMB’s functions as a health care provider, including general administrative and business functions necessary for UTMB to remain a viable health care provider.
Limited Data Set: A compromise between protected health information (PHI) and de-identified information. For use only in public health, research, and health care operations.
Protected Health Information (PHI): Individually identifiable health information transmitted or maintained in any form or medium, including oral, written, and electronic communications. Individually identifiable health information relates to an individual’s health status or condition, furnishing health services to an individual or paying or administering health care benefits to an individual. Information is considered PHI where there is a reasonable basis to believe the information can be used to identify an individual.
|
Policy
|
UTMB has a duty to protect the confidentiality and integrity of PHI as required by law, professional ethics, and accreditation requirements. Whenever possible, de-identified PHI should be used. De-identified PHI is rendered anonymous when identifying characteristics are completely removed. PHI must be de-identified PHI prior to disclosure to non-authorized individuals. This policy defines the guidelines and procedures that must be followed for the de-identification of PHI.
Violation of this policy may result in disciplinary action up to and including termination for employees; a termination of employment relationship in the case of contractors or consultants; or suspension or
|
Policy, continued
|
expulsion in the case of a student. Additionally, individuals may be subject to loss of access privileges and civil and/or criminal prosecution.
|
Guidelines
|
All personnel must strictly observe the following guidelines relating to the de-identification of PHI:
1. De-identification requires the elimination not only of primary or obvious identifiers, such as the patient’s name, address, date of birth (DOB), and treating physician, but also of secondary identifiers through which a user could deduce the patient’s identity. For information to be de-identified the following identifiers of the individual (or of relatives, employers, or household members of the individual) must be removed:
a. Names
b. Address information smaller than a state, including street address, city, county, zip code (Except if by combining all zip codes with the same initial three digits, there are more than 20,000 peopleIf there is a question regarding the permissive use of a zip code, contact the IRB or the Institutional Privacy Office..
c. Names of relatives and employers
d. All elements of dates (except year), including DOB, admission date, discharge date, date of death; and all ages over 89 and all elements of dates including year indicative of such age except that such ages and elements may be aggregated into a single category of age 90 or older;
e. Telephone numbers;
f. Fax numbers;
g. Email addresses;
h. Social Security Number (SSN);
i. UH number (medical record number);
j. Health beneficiary plan number;
k. Account numbers;
l. Certificate/License Number;
m. Vehicle identifiers, including license plate numbers;
n. Device ID and serial number;
o. Universal Resource Locator (URL);
p. Identifier Protocol (IP) addresses;
|
Guidelines, continued
|
q. Biometric identifiers, including finger and voice prints;
r. Full face photographic images and comparable images; and
s. Any other unique identifying number characteristic, or code.
• Whenever possible, de-identified PHI should be used for quality assurance monitoring and routine utilization reporting. If de-identified PHI cannot be used, a limited data set should be used whenever possible. See IHOP 6.2.13, Uses and Disclosures of PHI for Limited Data Sets.
• PHI used for research, including public health research, should be de-identified at the point of data collection for research protocols approved by the IRB, unless the participant voluntarily and expressly consents to the use of his/her personally identifiable information or an IRB waiver of authorization is obtained. If de-identified PHI cannot be used for research, a limited data set should be used whenever possible. See IHOP 6.2.13, Uses and Disclosures PHI for Limited Data Sets.
• If an authorized user wishes to encrypt PHI when creating de-identified information the authorized user must ensure that:
a. The code or other means of record identification is not derived from or related to information about the individual and is not otherwise capable of being translated so as to identify the individual; and
b. UTMB does not use or disclose the code or other means of record identification for any purpose and does not disclose the mechanism for re-identification.
If removal of the identifiers outlined in section one above is not practical or does not meet a UTMB business need, approval must be obtained from the Institutional Privacy Office.
|
|
References
|
45 C.F.R. §164.502(d)
45 C.F.R. §164.514
45 C.F.R. §164.512(i)
|
|
|
