Workshop on the HIPAA Privacy Rule's De-Identification Standard: Panelist's Presentations

Panel 1: Methodological Issues Associated with HIPAA Privacy Rule De-Identification

Health data can be communicated in different forms, such as structured relational databases, natural language text, as well as multimedia (e.g., images, video).  The goal of this panel session is to present methods for de-identifying various health data formats in accordance with the HIPAA Privacy Rule.  The panelists should provide descriptions of techniques, examples of how such techniques have been applied in practice, how the Privacy Rule has been interpreted in the definition and construction of de-identification methods, and additional questions associated with the field.

• Jules Berman, PhD, MD - Consultant
• Lynette Hirschman, PhD - The MITRE Corporation
• Clem McDonald, MD - National Library of Medicine
• Melissa Saul, MS - University of Pittsburgh
• Daniel Wasserstrom, BS - De-ID Data Corp

Panel 2: Statistical Disclosure Control and HIPAA Privacy Rule Protections

The Statistical Standard is an alternative to the Safe Harbor policy that requires experts well-versed in statistical and/or scientific methods to certify that an individual’s identity is protected from exposure under reasonable expectations.  The goal of this session is for panelists to provide guidance regarding the methods such experts have used or could apply to protect health data in accordance with the Privacy Rule.  The panelists should provide descriptions and/or references to techniques that have been applied in practice and are interpretable by the general community.  The panelists are also requested to consider how such approaches can be defined as standardized methodology.

• Daniel Barth-Jones, PhD - Columbia University and Wayne State University
• Lawrence Cox, PhD - National Center for Health Statistics
• Jerome Reiter, PhD - Duke University
• Fritz Scheuren, PhD - National Opinion Research Center (NORC)
• Latanya Sweeney, PhD - Carnegie Mellon University

Panel 3: Anonymization and the HIPAA Privacy Rule

A specific case of scientific methods that has received attention in the computer science and medical informatics communities is “anonymization”.  This class of data protection methods attempts to provide formal computational guarantees regarding the identifiability of each record disclosed.  The goal of this panel is to report on how such methods work, the extent to which they may relate to the Privacy Rule, and how they have been applied in practice.  Panelists are also encouraged to explore the limits of such methodology and the extent to which it addresses the needs of de-identification policy.

• Chris Cassa, PhD - Harvard Medical School
• Cynthia Dwork, PhD - Microsoft Research
• Khaled El Emam, PhD - Children's Hospital of Eastern Ontario
• Shaun Grannis, MD - Indiana University School of Medicine
• Staal Vinterbo, PhD - University of California at San Diego

Panel 4: Policy Interpretations of the HIPAA Privacy Rule De-Identification Requirements

The de-identification standards have both technical and policy components. While the earlier panels provide context for the technical methods, the goal of this panel is to report on how the de-identification standards have been interpreted from a policy perspective.  It is expected that panelists will report on the extent to which the policy is enforceable, sufficiently designed to protect privacy while facilitating the needs of data usage, and appropriate to the healthcare and medical research environments.

• Susan Adams, JD - Dartmouth College
• Bill Braithwaite, MD, PhD - Braithwaite Consulting
• Brad Malin, PhD - Vanderbilt University
• Sharyl Nass - PhD - Institute of Medicine

Panel 5: De-Identification and Legal Contracts

The Safe Harbor and Statistical Standards for de-identification are designed such that they do not require data use agreements.  However, limited data sets, which require partial de-identification of health data, do require such agreements.  The goal of this panel is to report on if, and how, contractual or agreement-based models have been, or should be, integrated with the de-identification standard.  Best practices and experiences from this approach are desired.

• Stan Crosley, JD - Indiana University
• Robert Gellman, JD - Privacy and Information Policy Consultant
• Deven McGraw, JD - Center for Democracy & Technology
• Roberta Ness, MD, MPH - University of Texas Health Science Center at Houston
• Kristen Rosati, JD - Coopersmith, Schermer & Brockelman, PLC