Building public trust in uses of Health Insurance Portability and Accountability Act de-identified data

J Am Med Inform Assoc. 2013 Jan 1;20(1):29-34. doi: 10.1136/amiajnl-2012-000936. Epub 2012 Jun 26.


Objectives: The aim of this paper is to summarize concerns with the de-identification standard and methodologies established under the Health Insurance Portability and Accountability Act (HIPAA) regulations, and report some potential policies to address those concerns that were discussed at a recent workshop attended by industry, consumer, academic and research stakeholders.

Target audience: The target audience includes researchers, industry stakeholders, policy makers and consumer advocates concerned about preserving the ability to use HIPAA de-identified data for a range of important secondary uses.

Scope: HIPAA sets forth methodologies for de-identifying health data; once such data are de-identified, they are no longer subject to HIPAA regulations and can be used for any purpose. Concerns have been raised about the sufficiency of HIPAA de-identification methodologies, the lack of legal accountability for unauthorized re-identification of de-identified data, and insufficient public transparency about de-identified data uses. Although there is little published evidence of the re-identification of properly de-identified datasets, such concerns appear to be increasing. This article discusses policy proposals intended to address de-identification concerns while maintaining de-identification as an effective tool for protecting privacy and preserving the ability to leverage health data for secondary purposes.

MeSH terms

  • Computer Security
  • Confidentiality / legislation & jurisprudence*
  • Health Insurance Portability and Accountability Act*
  • Humans
  • Information Dissemination / legislation & jurisprudence*
  • Information Storage and Retrieval / legislation & jurisprudence*
  • Information Storage and Retrieval / methods
  • Medical Records Systems, Computerized / legislation & jurisprudence*
  • Public Policy
  • Trust
  • United States