Deidentified Information and Protected Health Information

TOPICS:

Posted By: Roberta Mullin May 3, 2012

Could deidentified information disclose information about your practice?
Even if the Protected Health Information has been completely deidentified, you need to consider whether the resulting information could disclose confidential information about your practice. With information on the EHR product you use and the ability of the EHR vendor to use deidentified information for any purpose, confidential business information could be derived from deidentified information. For example:

  • A Business Associate could sell analyses of service coding and drug use using your deidentified information. Depending on the size of your practice and location, such information could focus on your practice and reveal a wide array of information about your revenue, service mix, patient base, and internal practices.
  • An EHR vendor could provide deidentified information that would reveal device or product use. For example, an analysis of DME would enable a vendor to determine competitive product use at your practice.

In order to avoid use of deidentified information to reveal confidential information about your patients or practice, you should make sure that:

  • No party has any rights that would allow them to make unilateral use of your patient information for any purpose.
  • Use of information is limited to structured information that has been properly deidentified. Free form notes and unstructured information is difficult to properly deidentify and should not be available for use.
  • Use of any deidentified information in specific or summary form will be comingled with enough data from other sources to prevent anyone from identifying your practice as the source of the deidentified information. For example, if you are the only EHR user in the zip code, the vendor should not sell zip code specific deidentified information.

In the case of your Protected Health Information, you need to control the use of information by any party that could divulge information about your practice or lead to the identity of a patient.

This article was originally published on Avoid EHR Disasters and is used here with permission. Ron Sterling is author of the HIMSS Book of the Year Keys to EMR/EHR Success. He is a nationally recognized EHR expert with the information that you need to improve patient service and performance. Tune in to his weekly internet radio show, The EHR Zone, every Wednesday at 4 pm Eastern.