iCure. eHealth Solutions
  • Developer Documentation
  • iCure Software Modules
  • Get Started
    • Create your own Database
      • Receive an invitation
      • Create new User
      • Create a new Healthcare Party
    • Structure your Database
    • Access your database
    • Use the Console
  • Data Stack Module
    • The Data Stack
      • Install iCure
      • Get Started with a Database
    • iCure Data Model
      • Overview
      • User
        • Permission
      • Healthcare Party
      • Patient
        • Insurability
        • Relationship
        • Patient Hcp care period
          • Referral period
      • Contact
        • Service
          • Content
            • Medication
              • Regimen item
            • Measure
        • SubContact
      • Healthcare Element
        • Care team member
        • Healthcare approach
      • Form
      • Additional Classes
        • AccessLog
        • Address
          • Telecom
        • Message
        • Document
        • FilterChain
          • Filter
          • Predicate
        • Group
        • Insurance
        • Invoice
          • Invoicing code
        • Tarification
          • Valorisation
    • Hybrid Cloud Storage
    • Mobile/Web SDKs
      • JavaScript/Typescript
        • Setting up your environment
        • Logging in
        • Managing patients
        • iCure for MedTech: Getting Started
          • Exchange data using FHIR model
          • Exchange data using iCure SDK
      • Java/Kotlin
      • Swift/Objective C
    • REST API calls
      • User
      • Patient
      • HealthcareParty
      • Contact
      • HealthcareElement
      • Form
      • Document
      • Message
      • Invoice
      • Additional endpoints
        • AccessLog
        • Authentication
        • Codification
        • Document template
        • Entity reference
        • Entity template
        • Insurance
        • Receipt
        • Tarification
    • Access Rights management
    • End-to-End-Encryption
    • ATNA Audit Records
  • Interoperability Module
    • IHE XDS calls
      • The XDS Concept
      • ITI-18 get associations api call
      • ITI-41 provide and register document set api call
      • Iti-42 register document set api call
    • IHE IPS call
      • The IPS Concept
    • FHIR API Data Exchange
      • The FHIR Concept
    • Freehealth Connector 🇧🇪
    • Encrypted Data Exchange
      • Internal
      • External
  • Customizable Features Module
    • Input Forms
    • Medical Records
    • Data Dashboards
    • Custom Connectors
    • Secure Log-in App
  • Support
    • Download
    • Contact Us
  • Advanced topics
    • Healthcare Data
      • Business intelligence
      • Anonymized Data
    • Encryption Key Creation and Storage
    • Multi-Master database replication
    • Cross Databases Sharing
    • Complex queries
Powered by GitBook
On this page
  • HIPAA definition of anonymized Data
  • Individually identifiable health information (eponymous Data)
  • De-identified Information (anonymized Data)

Was this helpful?

  1. Advanced topics
  2. Healthcare Data

Anonymized Data

PreviousBusiness intelligenceNextEncryption Key Creation and Storage

Last updated 3 years ago

Was this helpful?

HIPAA definition of anonymized Data

HIPAA refers to a US legislation that stipulates how personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage.

On top of the act of 1996 several other legislation has taken into effect and

Individually identifiable health information (eponymous Data)

§ 160.102 Applicability

is information that is a subset of health information, including demographic information collected from an individual, and: (1) Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and (2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and (i) That identifies the individual; or (ii) With respect to which there is a reasonable basis to believe the information can be used to identify the individual.

De-identified Information (anonymized Data)

§ 164.514 Other requirements relating to uses and disclosures of protected health information

Other requirements relating to uses and disclosures of protected health information.

(a) Standard: De-identification of protected health information. Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual is not individually identifiable health information.

(b) Implementation specifications: Requirements for de-identification of protected health information. A covered entity may determine that health information is not individually identifiable health information only if: (1) A person with appropriate knowledge of and experience with generally accepted statistical and scientific principles and methods for rendering information not individually identifiable: (i) Applying such principles and methods, determines that the risk is very small that the information could be used, alone or in combination with HIPAA Administrative Simplification Regulation Text March 2013 97 other reasonably available information, by an anticipated recipient to identify an individual who is a subject of the information; and (ii) Documents the methods and results of the analysis that justify such determination; or (2)(i) The following identifiers of the individual or of relatives, employers, or household members of the individual, are removed: (A) Names (B) All geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census: (1) The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and (2) The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000. (C) All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older; (D) Telephone numbers; (E) Fax numbers; (F) Electronic mail addresses; (G) Social security numbers; (H) Medical record numbers; (I) Health plan beneficiary numbers; (J) Account numbers; (K) Certificate/license numbers; (L) Vehicle identifiers and serial numbers, including license plate numbers; (M) Device identifiers and serial numbers; (N) Web Universal Resource Locators (URLs); (O) Internet Protocol (IP) address numbers; (P) Biometric identifiers, including finger and voice prints; (Q) Full face photographic images and any comparable images; and (R) Any other unique identifying number, characteristic, or code, except as permitted by paragraph (c) of this section; and (ii) The covered entity does not have actual knowledge that the information could be used alone or in combination with other information to identify an individual who is a subject of the information.

(c) Implementation specifications: Re-identification. A covered entity may assign a code or other means of record identification to allow information de-identified under this section to be re-identified by the covered entity, provided that: (1) Derivation. The code or other means of record identification is not derived from or related to information about the individual and is not otherwise capable of being translated so as to identify the individual; and (2) Security. The covered entity does not use or disclose the code or other means of record identification for any other purpose, and does not disclose the mechanism for reidentification.

the combined text may be found here.