Why Should You Attend:
Today health information needs to be shared more than ever, but how can that be done most easily within the limits of HIPAA? One way is to de-identify the information. Once PHI has been de-identified, it is no longer protected under HIPAA and may be shared freely without limitation. The problem is that it is not easy to truly de-identify information and if it is not done correctly, the sharing of the information may be considered a breach that requires reporting to HHS and the potential for penalties and corrective action plans.De-identification of Protected Health Information requires removing all eighteen of the listed identifiers, or anything else that might be used to identify the individual about whom the information exists. Or you can have an expert certify that the information is not identifiable. But neither of these is foolproof. You need to look more closely to be sure the data cannot be identified.
Sometimes you may need information for research that does not require specific identification of the individual, but does need some information listed in the eighteen identifiers, such as Zip code, dates of birth or death, or dates of treatment. In those cases, often partially de-identified data, known as a Limited Data Set, will suffice, and such data can be used without obtaining an Authorization or approval by a review board. The information must still be protected with HIPAA-quality security, but it can be used for research under a Data Use Agreement.
Agenda
- De-identification and its Rationale
- The De-identification Standard
- Preparation for De-identification
- Guidance on Satisfying the Expert Determination Method
- Who is an expert
- How do experts assess the risk of identification of information
- What are the approaches by which an expert assesses the risk that health information can be identified
- What are the approaches by which an expert mitigates the risk of identification of an individual in health information
- Guidance on Satisfying the Safe Harbor Method
- What are examples of dates that are not permitted according to the Safe Harbor Method
- What constitutes `any other unique identifying number, characteristic, or code` with respect to the Safe Harbor method of the Privacy Rule
- What is `actual knowledge that the remaining information could be used either alone or in combination with other information to identify an individual who is a subject of the information.`
Who Should Attend
This webinar will provide valuable assistance to all personnel in Medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). The titles are:- CEO
- HIPAA Privacy Officers
- HIPAA Security Officers
- Information Security Officers
- Risk Managers
- Compliance Officers
- Privacy Officers
- Health Information Managers
- Information Technology Managers
- Information Systems Managers
- Medical Office Managers
- Chief Financial Officers
- Systems Managers
- Chief Information Officer
- Healthcare Counsel/lawyer
- Operations Directors