At Info Incognito we believe the de-identification of your data is critical in discovering future advancements in population health and other benefits around the improvements of life. It’s our goal to help you and your organization:
Contribute to helping people live better lives through the leveraging of data to improve overall population health.
Protect the privacy of individuals, patients, employees, and your customers.
Help you be compliant with regulatory requirements such as HIPAA and GDPR.
Reduce your risks, lower your costs, and eliminate the damage caused by potential breaches of data.
Sharing health related data for the purpose of research can have many benefits such as enhanced clinical effectiveness, improvements to the quality of care, increased levels of trust between you and your patients, employees and customers.
In order to accomplish this, it must be done in a way that protects the individual’s privacy while still providing useful research data. Unless patients have provided consent (which is often difficult or impractical to get) their personal information is protected and cannot be shared. However, if this information is de-identified it is no longer considered PHI and the information is not subject to the HIPAA Privacy and Security Rules.
Contact us for an initial consultation. We’ll work with your team to help secure your data and reduce your risk.
Schedule A Call With Us
The General Data Protection Regulation is a European Union law that was implemented May 25, 2018, and requires organizations to safeguard personal data and uphold the privacy rights of anyone in EU territory.
On November 26, 2012 Health and Human Services (HHS) Office for Civil Rights (OCR) issued“Guidance Regarding Methods for De-identification of Protected Health Information (PHI) in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule”.
This communication outlines methods for de-identification of protected health information (PHI) when it is being used for secondary purposes. Some other examples of secondary usage being addressed by our service:
The average lost business cost from a data breach is approximately $3.8M, according to studies done by IBM. Healthcare organizations and their business associates that create, store, transmit, or receive electronic PHI (ePHI) often use this data for some of the secondary purposes listed above. There is very convincing financial business case made for these organizations to anonymize and de-identify ePHI when using it for secondary purposes because improper anonymization or lack of anonymization can be very costly and contribute to data breaches.
While external cyber-attacks are always a concern with data breaches, studies have shown that the majority of data breaches are a result of negligence of internal team members, employee’s, vendors and contractors, or other third parties. This negligence happens because of malicious or careless actions. According to a 2015 study funded by IBM, the root cause of data breaches occurred based on the following percentages:
Some industries have even higher damaging costs associated with data breaches. The overall data breach costs across all industries is $154 per affected individual. However, heavily regulated industries such as healthcare, education, pharmaceutical and financial services have a per individual data breach cost substantially above the overall average. For example:
Some of these costs include the cost of breach notification in notifying your patients, customers, or employees, the loss of your database records, and the lost business costs. You may also experience a loss in customer churn from higher than normal turnover of customers, increased customer acquisition costs to gain new customers back, reputation and PR losses in your marketplace, and diminished good will. Not to mention, penalties from regulators performing HIPAA audits and inspections will impact your organization ultimately because of a lack of healthy anonymization and de-identification practices.