CDT’s Health Privacy Project: Encouraging Use of, and Rethinking Protections for “Anonimized” Health Data
Washington–The Health Privacy Project at the Center for Democracy & Technology today released a major paper advocating the need for stronger standards for “de-identified” personal health information when used for medical research, to promote public health, or other specialized purposes. Stronger standards are needed to ensure that “de-identifiedâ€? data cannot be re-identified in order to maintain patient privacy and build trust in the health care system.
“We can promote greater protections for patient privacy – and increase how data is accessed and used in our health care system – through strong de-identification standards and policies,” said Deven McGraw, Director of CDT’s Health Privacy Project.
However, technological advances have made it more difficult to ensure that data remains de-identified. In addition, current law may not provide sufficient incentives to use anonymized instead of fully identifiable data. CDT’s paper makes several policy recommendations on how to strengthen the current de-identification standard found in the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and increase the use of anonymized data for many health care purposes.
“This paper raises issues that we hope will spark additional discussions,” said CDT President Leslie Harris. “It is intended to be the beginning, and not the end, of a very important public dialogue.â€?
The recommendations in the paper are based in part on a one-day workshop held by CDT’s Health Privacy Project in September 2008, in which some of the nation’s best thinkers on data security and policy explored issues associated with the de-identification of health data.
Washington–The Health Privacy Project at the Center for Democracy & Technology today released a major paper advocating the need for stronger standards for “de-identified” personal health information when used for medical research, to promote public health, or other specialized purposes. Stronger standards are needed to ensure that “de-identified” data cannot be re-identified in order to maintain patient privacy and build trust in the health care system.
“We can promote greater protections for patient privacy – and increase how data is accessed and used in our health care system – through strong de-identification standards and policies,” said Deven McGraw, Director of CDT’s Health Privacy Project.
However, technological advances have made it more difficult to ensure that data remains de-identified. In addition, current law may not provide sufficient incentives to use anonymized instead of fully identifiable data. CDT’s paper makes several policy recommendations on how to strengthen the current de-identification standard found in the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and increase the use of anonymized data for many health care purposes.
“This paper raises issues that we hope will spark additional discussions,” said CDT President Leslie Harris. “It is intended to be the beginning, and not the end, of a very important public dialogue.”
The recommendations in the paper are based in part on a one-day workshop held by CDT’s Health Privacy Project in September 2008, in which some of the nation’s best thinkers on data security and policy explored issues associated with the de-identification of health data.
The paper, Encouraging the Use of, and Rethinking Protections for De-Identified (and “Anonymized”) Health Data, can be found online here.