ACCforum: Privacy Rules "De-Identification" - ACCforum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Privacy Rules "De-Identification"

#1 User is offline   hukildaspida 

  • Advanced Member
  • PipPipPip
  • Group: Member
  • Posts: 3353
  • Joined: 24-August 07

Posted 30 April 2010 - 03:34 PM

This links through to a De-Identification workshop of Health & Privacy Information which we hope users of this forum & will find useful.


The workshop was held March 8-9 2010 in Washington, DC

Readers whom are interested in the topic of Health Information De-Identification may like to Google search those whom addressed this conference for further information.

Some of you will find other useful links to Privacy Issues & Law changes that are interelated in NZ under Hukildaspida topics & others whom have raised issues on this forum.

Why has the topic of "De-Identification" not been addressed in the Law Commissions work relating to NZ PRIVACY LAWS?


#2 User is offline   hukildaspida 

  • Advanced Member
  • PipPipPip
  • Group: Member
  • Posts: 3353
  • Joined: 24-August 07

Posted 04 November 2010 - 03:20 PM

Information overload survey.


Simple solution to prevent it happening in the first place is to remember the Kiss rule Keep It Simple Sunshine

Saves causing people unsolicited distress & would help reduce the costs of running many bureaucratic agencies.

#3 User is offline   hukildaspida 

  • Advanced Member
  • PipPipPip
  • Group: Member
  • Posts: 3353
  • Joined: 24-August 07

Posted 24 May 2012 - 07:21 PM

Click on the link to see the other links throughout this information.

Are these the same identifying features that those whom work at, and on contract, to including the Sensitive Claims department
have to comply with when writing decisions and information that may be used by other persons, including The Ministry of Justice and researchers
- like the Universities?

Ditto the Ministry of Justice

Can anyone else think of any other identifying features other than the 18 listed?

Please add them if you can.


Compliance Program

Health System > Compliance > De-identification
Program Description
Code of Conduct
Education & Training
Contact Us
Privacy Practices
Quick Links

Information privacy
Information security
Latest news
Conflict of interest guidance

Top Questions

How do I report a concern?
How do I use the hotline?

For More Information

HIPAA administrative simplification act
Privacy case examples
The right to privacy
Penalties under HIPAA

External Links

University of California — about HIPAA
Office for Civil Rights — privacy of health records
HIPAA privacy rule — information for researchers
Am I a covered entity?
Internet use guidelines
Cyber Security Tips


Once protected health information (PHI) has been de-identified, it is no longer PHI, and the restrictions and requirements of federal and state privacy laws no longer apply. However, if a re-identification code is added to the data, certain privacy and security rules apply to the code.

There are two methods of de-identification: 1) use of statistical methods proven to render information not individually identifiable, and 2) deletion of 18 specified identifiers.
Statistical Method

A person with appropriate knowledge of and experience with generally accepted statistical and scientific principles and methods for rendering information not individually identifiable may de-identify data by:

Applying such principles and methods and determining that the risk is very small that the information could be used, alone or in combination with other reasonably available information, by an anticipated recipient to identify an individual who is a subject of the information; and
Documenting the methods and results of the analysis that justify such determination.

Further guidance from DHHS regarding implementing this method is below.
Deletion of 18 Identifiers

To de-identify using this method, the following identifiers of the individual or of relatives, employers, or household members of the individual, are removed:

All geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census:
The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and
The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000.
Currently, 036, 059, 063, 102, 203, 556, 592, 790, 821, 823, 830, 831, 878, 879, 884, 890, and 893 are all recorded as "000".
All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older;
Telephone numbers;
Fax numbers;
Electronic mail addresses;
Social security numbers;
Medical record numbers;
Health plan beneficiary numbers;
Account numbers;
Certificate/license numbers;
Vehicle identifiers and serial numbers, including license plate numbers;
Device identifiers and serial numbers;
Web Universal Resource Locators (URLs);
Internet Protocol (IP) address numbers;
Biometric identifiers, including finger and voice prints;
Full face photographic images and any comparable images; and
Any other unique identifying number, characteristic, or code, except as permitted by the re-identification rules, below; and

The covered entity does not have actual knowledge that the information could be used alone or in combination with other information to identify an individual who is a subject of the information.


A covered entity may assign a code or other means of record identification to allow information de-identified under this section to be re-identified by the covered entity, provided that:

Derivation. The code or other means of record identification is not derived from or related to information about the individual and is not otherwise capable of being translated so as to identify the individual; and
Security. The covered entity does not use or disclose the code or other means of record identification for any other purpose, and does not disclose the mechanism for re-identification.

Further Guidance on Statistical Methods of De-identification

DHHS has provided some guidance regarding statistical methods of de-identification:

As requested by some commenters, we include in the final rule a requirement that covered entities (not following the safe harbor approach) apply generally accepted statistical and scientific principles and methods for rendering information not individually identifiable when determining if information is de-identified. Although such guidance will change over time to keep up with technology and the current availability of public information from other sources, as a starting point the Secretary approves the use of the following as guidance to such generally accepted statistical and scientific principles and methods:

Statistical Policy Working Paper 22 - Report on Statistical Disclosure Limitation Methodology (prepared by the Subcommittee on Disclosure Limitation Methodology, Federal Committee on Statistical Methodology, Office of Management and Budget) and
the Checklist on Disclosure Potential of Proposed Data Releases (prepared by the Confidentiality and Data Access Committee, Federal Committee on Statistical Methodology, Office of Management and Budget).

We agree with commenters that such guidance will need to be updated over time and we will provide such guidance in the future.

According to the Statistical Policy Working Paper 22, the two main sources of disclosure risk for de-identified records about individuals are the existence of records with very unique characteristics (e.g., unusual occupation or very high salary or age) and the existence of external sources of records with matching data elements which can be used to link with the de-identified information and identify individuals (e.g., voter registration records or driver's license records). The risk of disclosure increases as the number of variables common to both types of records increases, as the accuracy or resolution of the data increases, and as the number of external sources increases. As outlined in Statistical Policy Working Paper 22, an expert disclosure analysis would also consider the probability that an individual who is the target of an attempt at re-identification is represented on both files, the probability that the matching variables are recorded identically on the two types of records, the probability that the target individual is unique in the population for the matching variables, and the degree of confidence that a match would correctly identify a unique person.

Statistical Policy Working Paper 22 also describes many techniques that can be used to reduce the risk of disclosure that should be considered by an expert when de-identifying health information. In addition to removing all direct identifiers, these include the obvious choices based on the above causes of the risk; namely, reducing the number of variables on which a match might be made and limiting the distribution of the records through a "data use agreement" or "restricted access agreement" in which the recipient agrees to limits on who can use/receive the data. The techniques also include more sophisticated manipulations: recoding variables into fewer categories to provide less precise detail (including rounding of continuous variables); setting top-codes and bottom-codes to limit details for extreme values; disturbing the data by adding noise by swapping certain variables between records, replacing some variables in random records with mathematically imputed values or averages across small random groups of records, or randomly deleting or duplicating a small sample of records; and replacing actual records with synthetic records that preserve certain statistical properties of the original data.

#4 User is offline   hukildaspida 

  • Advanced Member
  • PipPipPip
  • Group: Member
  • Posts: 3353
  • Joined: 24-August 07

Posted 19 May 2014 - 02:42 PM

Health Care ADVISORY
December 7, 2012

New Guidance on De-Identification of Protected Health Information
Released by Office of Civil Rights

#5 User is offline   hukildaspida 

  • Advanced Member
  • PipPipPip
  • Group: Member
  • Posts: 3353
  • Joined: 24-August 07

Posted 19 May 2014 - 02:45 PM

An update re Act on the Protection of Personal Information and trend of revision in Japan

Act on the Protection of Personal Information and trend of revision in Japan


Yuasa and Hara
Tomohiro Ono
May 15 2014
Yuasa and Hara logo

Tomohiro Ono Author page »

The Act on the Protection of Personal Information of Japan (Law Number: Act No. 57 of May 30, 2003, hereinafter the “Act”) was enacted in May 2003 reflecting the circumstances in the rapid development of information systems and resulting threat to personal rights and interests as well as international trends for establishing data protection laws. Ten years later, the development of data communication technology has enabled the collection and analysis of a huge variety of data (so-called big data), and among others; use of personal data is expected to contribute to innovations including the creation of new businesses and services. Therefore, on the basis of protecting personal data and privacy, the trend of the revision under the Act is considering maximizing the power of civil sectors by clarifying the rules on the utilization of personal data, the creation of new businesses and services and activation of existing industries.

The Personal Data Related Systems Division established in the Cabinet Secretary IT General Strategy Office plans to set down the fundamental principles of a bill for revising the Act by June 2014 and to receive public comments and submit the bill to the ordinary session of the National Diet in the beginning of 2015.

Personal information subject to protection under the Act

The term "personal information" as used in the Act means “information about a living individual which can identify the specific individual” (Article 2). Personal information subject to protection under the Act includes “such information as will allow easy reference to other information and will thereby enable the identification of the specific individual” (Article 2).

The trend of the revision under the Act includes the definition of “personal information” protected under the Act as personal data substantially enabling the identification of a specific individual, and clarification of such data on the basis of the basic principle of protection of privacy.

Also, “sensitive data” or extremely private data will include new types of data to be handled according to their nature.

As for the handling of personal data in a field requiring highly professional knowledge (including types of information deemed to contain many sensitive data), related organizations will consider such based on their knowledge and judgment.

Business operators handling personal data subject to the obligation under the Act

Business operators handling personal data subject to the obligation of protection under the Act (hereinafter the “Operators”) are those managing the personal data of more than 5,000 persons in their business activities. Therefore, private individuals and small-scale entrepreneurs are exempted from the restrictions of the Act.

The privacy of a person is not influenced by the volume of data but by the nature of the data handled by the Operators. Therefore, the trend of the revision under the Act is considering changing the requirement of personal data of fewer than 5,000 persons in a personal information database owned by Small Operators exempted from restrictions by the Act as well as reducing the burdens on Small Operators.

Obligations of operators handling personal information

Obligations of Operators under the Act include specifying the purposes for using personal information and notifying the principal of such personal information thereof, taking measures for maintaining the safety of such information and generally obtaining the consent of the principal when providing such information to a third party. But the Act provides for exceptions to the requirement of obtaining the consent of the principal when providing such information to a third party in cases in which it is (1) required by laws and regulations, (2) necessary for protecting personal life, body or property, (3) especially necessary for improving public health or promoting the sound growth of children and in cases where it is difficult to obtain the consent of the principal, or (4) necessary to cooperate with a state organ or a local government in executing those affairs prescribed by laws and regulations.

For promoting the use and distribution of personal data regarding the protection of personal information and privacy, the trend of the revision under the Act is considering stipulating the types of provision of personal data to a third party without the consent of the principal and obligations of Operators (providers and recipients) handling such types of data.

Matters considered for change in promoting international harmonization

Matters under consideration include improving the environment in which Japanese enterprises may smoothly and globally develop their business, the manner in which Japanese laws and regulations are applied to overseas enterprises, and cooperation by third party agencies in the international enforcement of laws and regulations.

Other considerations also include restricting the transfer of data to countries with less developed personal data protection systems by maintaining the balance between preventing the obstruction of global usage and distribution of data and the protection of privacy.

Information Technology,
Yuasa and Hara

View original Adobe PDF file |
| Read Later

#6 User is offline   netcoachnz 

  • Advanced Member
  • PipPipPip
  • Group: Members
  • Posts: 3454
  • Joined: 26-January 11

Posted 09 June 2014 - 05:52 PM

29 May 2014

Privacy Commissioner—New Powers
6. SCOTT SIMPSON (National—Coromandel) to the Minister of Justice: What recent announcements has the Government made for the Office of the Privacy Commissioner?

Hon JUDITH COLLINS (Minister of Justice) : Budget 2014 has provided an additional $7 million to the Privacy Commissioner’s 4-year budget, to ensure adequate resourcing for reviewing and monitoring individual sharing agreements among Government agencies under the Privacy Amendment Act 2013, and also to respond to the increased demand for services from the Privacy Commissioner. Over the past 4 years the number of inquiries increased by 36 percent and the number of notifications has risen from 16 to 107 per annum. This additional funding will boost the Privacy Commissioner’s ability to protect New Zealanders’ privacy.

<a name="page_18482" style="color: rgb(2, 96, 70);">Scott Simpson: What steps are being taken to update New Zealand’s privacy laws?

Hon JUDITH COLLINS: Yesterday I announced the Government’s intention to reform the 20-year-old Privacy Act, to strengthen and update New Zealanders’ rights and powers over their privacy, and to provide the Privacy Commissioner with better tools to deal with the challenges posed by the digital information age. These reforms are the result of an extensive review of the privacy laws by the Law Commission and of public consultation. The proposals will put strong incentives in place to ensure businesses, Government departments, and other organisations take privacy more seriously.

Scott Simpson: What are some of the proposed changes to the Privacy Act?

Hon JUDITH COLLINS: Key proposals in the reforms include requiring organisations to report data breaches to the Privacy Commissioner and notify affected individuals in serious cases; introducing new offences and increased fines for failing to notify the commissioner of a privacy breach or impersonating someone to obtain their private information, with fines increasing from $2,000 to $10,000; giving the Privacy Commissioner new powers to issue compliance notices; simplifying the legislation so that it is easier to understand; and ensuring better information and guidance to businesses and the public about how to comply with privacy laws. These changes will bring our laws into the 21st century and provide an excellent platform for the protection of privacy in the future.


#7 User is offline   hukildaspida 

  • Advanced Member
  • PipPipPip
  • Group: Member
  • Posts: 3353
  • Joined: 24-August 07

Posted 10 September 2015 - 12:59 PM

Law via Internet (LvI) Conference 2015 Programme

Pre-programme announcement of presentations

As at 1 September 2015

At present the Conference has accepted 30 papers by authors from 14 countries: Australia, New Zealand, the USA, Japan, South Korea, Canada, China, Kenya, South Africa, the Netherlands, Vanuatu, Morocco, France and Taiwan. Ten themed sessions of the Conference are also now confirmed. More papers will be accepted, and more sessions added, before finalisation of the Programme.

The Early Bird rate has been extended to 14 September 2015 -

Donna Buckingham, Associate Professor, Otago Law School, New Zealand ‘Taking down New Zealand judgments: Searching for obscurity?’

Share this topic:

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users