(800) 871-9247

Why Use De-Identification Services?

At Info Incognito we believe the de-identification of your data is critical in discovering future advancements in population health and other benefits around the improvements of life. It’s our goal to help you and your organization:

  • Contribute to helping people live better lives through the leveraging of data to improve overall population health.

  • Protect the privacy of individuals, patients, employees, and your customers.

  • Help you be compliant with regulatory requirements such as HIPAA and GDPR.

  • Reduce your risks, lower your costs, and eliminate the damage caused by potential breaches of data.

Sharing health related data for the purpose of research can have many benefits such as enhanced clinical effectiveness, improvements to the quality of care, increased levels of trust between you and your patients, employees and customers.

In order to accomplish this, it must be done in a way that protects the individual’s privacy while still providing useful research data. Unless patients have provided consent (which is often difficult or impractical to get) their personal information is protected and cannot be shared. However, if this information is de-identified it is no longer considered PHI and the information is not subject to the HIPAA Privacy and Security Rules.

De-identification at Your Fingertips

Contact us for an initial consultation. We’ll work with your team to help secure your data and reduce your risk. 

Schedule A Call With Us

Regulatory Compliance


The General Data Protection Regulation is a European Union law that was implemented May 25, 2018, and requires organizations to safeguard personal data and uphold the privacy rights of anyone in EU territory.

You can read about it by clicking here.


On November 26, 2012 Health and Human Services (HHS) Office for Civil Rights (OCR) issued“Guidance Regarding Methods for De-identification of Protected Health Information (PHI) in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule”.

You can read about it by clicking here.

This communication outlines methods for de-identification of protected health information (PHI) when it is being used for secondary purposes. Some other examples of secondary usage being addressed by our service:

  • Publishing results of publicly funded clinical trials or other government data.
  • Performing analysis on data that is contained within a data warehouse.
  • Collections of site specific health related data that is loaded into a centralized repository for the purpose of disease surveillance, monitoring compliance, and service planning.
  • Patient data captured from medical devices and collected in a centralized repository.
  • Utilization of data from production environments for the purpose of functional or performance testing by internal teams and outsourced software development teams.

Data Breach 

The average lost business cost from a data breach is approximately $3.8M, according to studies done by IBM. Healthcare organizations and their business associates that create, store, transmit, or receive electronic PHI (ePHI) often use this data for some of the secondary purposes listed above. There is very convincing financial business case made for these organizations to anonymize and de-identify ePHI when using it for secondary purposes because improper anonymization or lack of anonymization can be very costly and contribute to data breaches.

​While external cyber-attacks are always a concern with data breaches, studies have shown that the majority of data breaches are a result of negligence of internal team members, employee’s, vendors and contractors, or other third parties. This negligence happens because of malicious or careless actions. According to a 2015 study funded by IBM, the root cause of data breaches occurred based on the following percentages:

  • 47% of data breaches happen because of Malicious insiders or criminal attacks.
  • 29% of data breaches happen because of system glitches.
  • 25% of data breaches happen because of human error.

​Some industries have even higher damaging costs associated with data breaches. The overall data breach costs across all industries is $154 per affected individual. However, heavily regulated industries such as healthcare, education, pharmaceutical and financial services have a per individual data breach cost substantially above the overall average. For example:

  • ​Financial Services per employee data breach damage cost is $215 per employee.
  • Pharmaceuticals per employee data breach damage cost is $220 per employee.
  • Education per employee data breach damage cost is $300 per employee.
  • Healthcare per employee data breach damage cost is $363 per employee.

Some of these costs include the cost of breach notification in notifying your patients, customers, or employees, the loss of your database records, and the lost business costs. You may also experience a loss in customer churn from higher than normal turnover of customers, increased customer acquisition costs to gain new customers back, reputation and PR losses in your marketplace, and diminished good will. Not to mention, penalties from regulators performing HIPAA audits and inspections will impact your organization ultimately because of a lack of healthy anonymization and de-identification practices.