Due to continued technological advancements in data storage systems and information processing systems, health care providers and organizations continue to migrate toward environments where most aspects of patient care management are automated, making it easier to collect and analyze patient information. Consequently, health care providers and organizations, etc., tend to accumulate vast stores of patient information, such as financial and clinical information, in the form of electronic patient data records that are stored in electronic databases or other electronic medium such as files. In this document, the term database is used as a general term to denote any mechanism for storing data electronically and is not limited to a traditional database system. Such patient information may be stored in a myriad of unstructured and structured formats, and includes many items of patient identifying information that can be used to identify subject patients of the patient data records.
There are various circumstances in which healthcare organizations have to disclose or otherwise share their patient data with other healthcare entities, agencies, business partners, etc. However, healthcare organizations have both an ethical and legal responsibility for protecting patient privacy. Organizations cannot release or otherwise disclose patient data records that contain patient identifying information that can be used to identify patients without patient approval unless there is a valid reason as defined by various laws and regulations. For example, valid reasons are generally related to TPO, treatment, payment, and operations but can also cover other activities such as certain research. Even when a valid reason exists, there is still an obligation on the part of the organization to release only the minimum amount of information that is necessary for the particular reason.
In the United States, standards such as HIPAA (Health Insurance Portability and Accountability Act) have resulted in Federal regulations that place strict requirements on the archiving and disclosure of medical records. For example, in accordance with HIPAA, Federal regulations have been promulgated requiring healthcare organizations and physicians to ensure the protection, privacy and security of patient medical information. In particular, the “Privacy Rule” of HIPAA provides Federal privacy regulations that set forth requirements for confidentiality and privacy policies and procedures, consents, authorizations and notices, which must be adopted in order to maintain, use, or disclose individually identifiable health information in treatment, business operations or other activities.
The HIPAA Privacy Rule allows for certain entities to “de-identify” protected health information for certain purposes so that such information may be used and disclosed freely, without being subject to the protections afforded by the Privacy Rule. The term “de-identified data” as used by HIPAA refers to patient data from which all information that could reasonably be used to identify the patient has been removed (e.g., removing name, address, social security numbers, etc . . . ). The Privacy Rule requirements do not apply to information that has been de-identified. HIPAA also defines the notion of “Limited Data Set” which is “de-identified data” but the de-identification requirements are not as stringent. Further, the distribution requirements on limited data sets are tighter than those for more completely de-identified data.
Conventional methods for de-identifying patient data include simply stripping all information from the patient data records that can be used to determine the identity of a patient, or replacing such patient identifying information with something else (e.g. replace the actual name with the string “name”). With such methods, although the patient data records are de-identified, there is no mechanism by which patient identification can be recovered, if necessary.