Webinar ID: # 1026
Recorded Webinar @ All Day
Duration: 90 minutes
Description:
Once PHI has been de-identified, it is no longer protected under HIPAA and may be shared freely without limitation. The problem is that it takes work to truly de-identify information. If it is not done correctly, sharing the information may be considered a breach that requires reporting to HHS and the potential for penalties and corrective action plans.
The Health Insurance Portability and Accountability Act (HIPAA) includes provisions related to de-identifying Protected Health Information (PHI). De-identification removes or alters specific identifiers in PHI to reduce the risk of re-identification.
The De-Identification of Protected Health Information enables HIPAA-covered entities to share health data for large-scale medical research studies, policy assessments, comparative effectiveness studies, and other studies and assessments without violating patients' privacy or requiring authorization to be obtained from each patient before data is closed.
The webinar will review guidance from the HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) about properly de-identifying health information. The various needs for de-identified data will be discussed to provide a sound, defensible basis for an organization's decisions and processes surrounding de-identifying PHI.
Two Methods of De-Identification:
- Remove all eighteen personal identifiers of the subject, relatives, employer, or household members.
- Biostatistician confirms that an individual cannot be identified.
Webinar Highlights:
- De-identification and its Rationale.
- The De-identification Standard.
- Preparation and methods for De-identification.
- Guidance on Satisfying the Expert Determination Method
- Who is an expert?
- How do experts assess the risk of identification of information?
- What are the approaches by which an expert assesses the risk that health information can be identified?
- What are the approaches by which an expert mitigates the risk of identification of an individual in health information?
- Guidance on Satisfying the Safe Harbor Method
- What are examples of dates that are not permitted according to the Safe Harbor Method?
- What constitutes "any other unique identifying number, characteristic, or code" concerning the Safe Harbor method of the Privacy Rule?
- What is "actual knowledge that the remaining information could be used alone or in combination with other information to identify an individual who is a subject of the information."
- Challenges in De-identification of Medical Text.
- Appropriate controls on de-identification and make sure they are correctly used to protect PHI and prevent Breaches.
Why Should You Attend:
The HIPAA and its provisions for de-identifying Protected Health Information (PHI) are essential in balancing the scales, allowing for the utilization of healthcare data for research analysis and innovation while safeguarding individual privacy rights. The correct process must be followed to ensure that data is shared appropriately, either as identifiable information, partially de-identified Limited Data Set, or as correctly de-identified information.
Who Should Attend:
- CEO
- HIPAA Privacy Officers
- HIPAA Security Officers
- Information Security Officers
- Risk Managers
- Compliance Officers
- Privacy Officers
- Health Information Managers
- Information Technology Managers
- Information Systems Managers
- Medical Office Managers
- Chief Financial Officers
- Systems Managers
- Chief Information Officer
- Healthcare Counsel/lawyer
- Operations Directors
Presenter Information:
Name: Jim Sheldon-Dean
Short Bio:Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.
Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.
Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.