I. Data Privacy + Anonymization
A. Intro
Data science is directly or indirectly about people. Individuals have privacy rights regarding who can know or share information about specifically identified individuals.
Data privacy and security should be a key concern when analyzing patient data.
B. Information Privacy
Information (or Data) Privacy refers to the legal, ethical, and practical issues of collecting, using and releasing data.
C. Anonymization
Data protection and anonymization are interdisciplinary components of data science and data practice. Data protection includes everything from considerations of the ethics and legalities of data use to the practical and technical challenges of protecting and anonymizing data.
Anonymizing data typically comes down to removing any personally identifiable data from a dataset, or, if this information must be kept, separating the identifiable data from sensitive information.
II. Regulations
A. Intro
There are many official guidelines, rules and standards for data privacy and user identity protection. These regulations apply more directly to the collection, storage, and release of datasets, but aspects also apply to the use of datasets, including publicly available datasets.
B. HIPAA - Protection for Health-Related Information
The Health Insurance Portability and Accountability Act (HIPAA) is a US federal government regulation that standardizes and protects individuals’ medical records and health related data. It includes terms for how data must be stored, and how it can be used and shared.
C. Safe Harbor Method
Safe Harbor is an official agreement of data protection requirements. The individual identifiers to be removed or anonymized include:
- Names
- Geographic Subdivisions
- Dates (such as birth dates, etc.)
- Telephone Numbers
- Vehicle Identification Numbers
- Fax numbers
- Device identifiers + serial numbers
- Email addresses
- Web Universal Resource Locators (URLs)
- Social security numbers
- Internet Protocol (IP) addresses
- Medical record numbers
- Biometric identifiers
- Health plan beneficiary numbers
- Full-face photographs
- Account numbers
- Certificate/license numbers
III. BBS Anonymity Function
In compliance with HIPAA and other regulatory safety guidelines, the Patient Anonymity feature is designed to manage confidentiality for select patient group or donors throughout BBS ensuring data privacy while allowing authorized users access to necessary information.
When activated, authorized users can mask patient records by replacing real identifiers (Real ID) with encrypted or alternate ones, Mask IDs.
2 layers of anonymity are designed for patient demographics and medical records:
- Users with “Real ID Access” retain the ability to visualize real identifiers when interacting with masked patients’ demographics.
- At the medical records level, users with “Anonymous Permission” are granted access for select forms, reports, notes, images and statistical values to anonymous or masked patients.
