[ Monday, November 26, 2012 ]
Jeff [9:19 PM]
OCR has published guidance
on how to know that data has been de-identified. The original Privacy Regs allowed for 2 ways to de-identify: have an expert tell you that enough information has been removed that you can be confident nobody would know who is referred to by the PHI, or remove a specified list of data elements. I haven't had time to closely review what OCR did, but it looks like they kept closely to the text. If I pick up on anything on a closer read, I'll let you know.
Blogger: HIPAA Blog - Edit your Template