Skip to Content

New Guidance from HHS Office of Civil Rights on De-Identifying Patient Information

The Office of Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) has just issued new guidance on how covered entities might meet the patient information de-identification standard under the Health Information Portability and Accountability Act (HIPAA). De-identification is the process by which personally identifiable information is stripped from health information so as not to allow its linkage to any individual person. In the guidance, OCR expands on examples of the two de-identification methods laid out in the Privacy Rule: the expert determination method and the safe harbor method. While neither is truly 100% failsafe according to OCR, any protected health information (PHI) that has been de-identified using one of those methods is deemed no longer protected under HIPAA. Click here to view the PDF. 

For more on the HIPAA privacy rule, click here