The IT Law Wiki


Data protection[]

De-identification is a "general term for any process of removing the association between a set of identifying data and the data subject."[1]

Health information[]


involves the removal of protected health information (PHI) (e.g., name, date of birth, and Social Security number) that can be used to identify an individual.[2]
[t]o ensure that individuals' records have all data elements removed before the data is shared for statistical, research, public health, or other reasons that do not benefit the data subject directly, and for which no authorization has been provided, such that there is no reasonable basis to believe that the information can be used to identify an individual. De-identification can be accomplished by removing the data permanently (anonymization); permanently replacing each data element removed with a placeholder, sometimes called a "token" (pseudonymization); or replacing each datum with a unique token and maintaining a record (usually through a third party) such that it is possible to re-identify the individual through appropriate channels, such as having a third party contact the individual's care provider (reversible pseudonymization, or re-identification).[3]

HIPAA Privacy Rule[]

The requirements for de-identification under the HIPAA Privacy Rule are explicitly laid out in Section 45 C.F.R. 164.514, Other requirements relating to uses and disclosures of health information, subsections (a) (Standard: de-identification of health information), (b) (Implementation specifications: requirements for de-identification of health information), and (c) (Implementation specifications: re-identification).


See also[]

External sources[]

  • Ann Cavoukian & Khaled El Emam, "Dispelling the Myths Surrounding De-identification: Anonymization Remains a Strong Tool for Protecting Privacy" (June 2011) (full-text).
  • Ann Cavoukian, "Looking Forward: De-identification Developments–New Tools, New Challenges" (May 2013) (full-text).