Privacy and De-Identification or Standard Operating Procedures in a Template

De-Identification or Not!  That is the question.  If we had any of the problems we understand the facts around privacy and apply general system theory to the system as a whole; privacy might best be addressed factoring the needs of people first. 


  • The quality of individual health information, its accuracy, and its completeness should be a priority.

    • One way we can ensure the goal of Quality is going to require a few different changes and we must re-think the content management strategy. 
    • Let’s assume we get templates that our service providers can outsource to a local shared service model. 
  • Less effective approaches
    • Many of the following are high effort low return proposals used by many with no true understanding of the implications. 
    • You should be able to know who is responsible for your health information at a given entity, whether the entity has your health information, and where it is located.
      • Knowing who can help you?  Doesn’t the statement suggest each of us, must contact someone.  We have a chicken and egg scenario. 
      • A service which a person whose chosen to exercise their right to privacy or confidentiality based on high threat populations; specifically to combat and prevent Post Traumatic Stress Disorders or trauma.  
        • Foster Kids
        • Seniors
        • Disabled
        • Military
        • Victims of a violent crime
      • While we suggest data owners have control, we must know who to contact.
      • We must have an easy way to search all companies, all public agencies data stores and there’s just no way to enforce the law in the model suggested.    
    • You should be able to request and receive that information for a reasonable fee, in a timely manner, in the format you request.
      • The suggestion of a crime victim or high risk population sponsoring or promoting companies to collect the information, as each person will bring capitalism in mass quantities. 
        • The cost are not fair, nor ethical. 
      • You should be able to question the accuracy of your record, and if you can prove you’re right, have it corrected.
        • Again, an unfair expense and unfair expectation fails to hold companies accountable. 
          • Yes, we must have the option.  The expectation should be we wouldn’t need to exercise the option. 
        • transfers to the person or data owner who did not make the error, which promotes companies to be careless.  
        • The problem is created by companies lack of adherence to the law and the companies low standards on quality. 
          • Adoption of technology when the technology was designed to allow anyone to alter anything they want without traceability, becomes the data owners problem. 
  • You should control access to your medical records, except in the circumstances under which they can be legally accessed without your consent (treatment, payment, business operations, public health reporting, legal process, and more).

  • Your medical information should be collected only by lawful and fair means, you should be told all the purposes for which it’s being collected beforehand, and it should be used only for those purposes.

  • Only the minimum amount of information necessary for the specified purpose(s) should be collected.

  • If your medical information has been de-identified, re-identifying it should be illegal.

  • Anyone who controls, maintains, or uses your medical information—not just the covered entities regulated by HIPAA—should be required to protect it from loss or destruction, and unauthorized access, use, modification, or disclosure.

Slide22Understand the reality around De-Identification based on a few people who know the truth and these people are not supporters of De-Identification as the solution. 


The ability to identify a person with De-Identification data is high; we must include services to notify the data owner when someone has viewed or acquired data using the parameters like the persons name, children or spouse.  Stalkers and Violent offenders or those who might work on behalf of the abuser; must be detected and mitigation or respond accordingly to prevent an escalation from problem to risk or crisis. 

March 2014 – Report to the President on Big Data Privacy

The report suggest that users are the data owners and private or public sector companies MUST manage privacy in a way that assumes people are NOT giving up their rights nor civil liberties.  


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s