ONC studying risks of de-identified patient records
The Office of the National Coordinator has begun a study on how to overcome the privacy and security risks of using health information that otherwise has been stripped of its personal identifiers such as a patient's name and address.
One danger is that the data might be able to be re-identified through the use of additional records publicly available on the Internet, according to Dr. David Blumenthal, the national health IT coordinator.
But health care experts say that the use of de-identified data is critical for tracking population health over time and for research purposes.
ONC wants to come to a "consensus on what risk we can tolerate for identification and then what level of removal, what kinds of removal of information, are required to get to that level of risk," Blumenthal told a congressional hearing Sept. 30. But he did not provide further details.
Blumenthal and other health IT speakers spoke about the challenges of privacy and security of health information at a hearing of the House Committee on Science and Technology Committee subcommittee on technology and innovation.
De-identification and re-identification of health data "is a hot issue for us," said Rep. David Wu (D-Ore.), the subcommittee chairman.
The Health Insurance Portability and Accountability Act (HIPAA) has a standard for data de-identification and a "safe harbor" for providers and plans that scrub personal identifiers from the records, Deven McGraw, director of the health privacy project at the Center for Democracy and Technology, told the committee.
Another mechanism in HIPAA allows for some identifiers " dates of service, for example " in research. Statisticians can incorporate that identifying piece of data in a way that results in a low risk of re-identification, she said, adding that de-identified data is important for healthcare and business analytics.
"One of the problems is that the safe harbor was created more than five years ago. There is a lot of other personal information widely available on the Internet," said McGraw, who is also a member of the federal advisory Health IT Policy Committee. By combining data found online from a variety of sources, it is possible to re-identify individuals, she said.
There is also a tendency to treat the de-identified data as though it has reached "some Holy Grail moment of posing no risk at all regardless of who gets it or what data they have access to. We need to rethink the standard, and I think that's what HHS is focusing on now," she said.
Blumenthal said that ONC will analyze the science of de-identification and re-identification of data in its study. Determining an acceptable level of risk in order to be able to use the data will not be a one-time judgment call, he said.
"That will require that we continually look at the Internet and the information that is available. It's a judgment that we will continually make based on how the technology advances. But it is something that we recognize is critical to ensuring public trust and enabling some of the most valuable uses of information to go forward," Blumenthal said.
McGraw also urged that accountability and consequences be put in place for those who misuse de-identified data.
"Even if we tighten the standard as much as we possibly could to make that data more widely available, if it goes to an entity that re-identifies it, we right now don't have a mechanism in the law to reach them to say, "˜You weren't supposed to do this,'" she said.