Health information is de-identified if there is no reasonable basis to believe that the data can be used to identify an individual, or if the provider has no reasonable basis to believe it can be used to identify the individual. The Privacy rule requires one of the two following approaches to de-identify data:
If a person with appropriate knowledge and experience applying generally accepted statistical and scientific principles and methods for rendering information not individually identifiable makes a determination that the risk is very small that the information could be used, either by itself or in combination with other available information, by anticipated recipients to identify a subject of the information.
If all 18 identifiers have been removed, including name, all geographic subdivisions smaller than a State including street address, city, county, precinct, zip codes and equivalent geocodes, (except for the initial 3 digits of a zip code if more than 20,000 people reside in the area), all dates including birthdays (other than the year) and ages over 89, phone numbers, fax numbers, e-mail addresses, social security numbers, medical record numbers, health plan beneficiary numbers, account numbers, certificate/license numbers, vehicle identifiers and serial numbers (including license plate 3), device identifiers and serial numbers, URLs, IP addresses, biometric identifiers, full face photographic images and any comparable images, any other unique identifier, characteristic or code. NOTE: Other demographic information, such as gender, race, ethnicity, and marital status are not included in the list of identifiers that must be removed.
« Return to previous FAQs page