Confidence lacking in secure data sharing, survey finds
More than two out of three healthcare organizations aren't completely confident they can share data safely while still protecting patient privacy, according to a new survey.
Privacy Analytics, a vendor of de-identification technology, conducted with survey with Electronic Health Information Laboratory, a group that conducts theoretical and applied research on the de-identification of health information.
It polled 271 professionals who handle protected health information in settings including hospitals, doctor's offices, payers, research organizations and agencies.
Among the findings:
- More than half the respondents said they play to increase the volume of data stored or shared within 12 months and two-thirds currently release data for secondary use, such as analysis, research, safety measurement, public health, payment or marketing.
- Individuals aren't familiar with advanced methods of de-identifying data, cited by 51 percent, leading them to release data stripped of its usefulness or that puts them at high risk of a breach.
- More than 75 percent of respondents said their data-management practices include one or more approaches including data-sharing agreements (50 percent), data masking (31 percent) and Safe Harbor methodology (28 percent), according to an announcement.
Researchers have shown how easy it is to re-identify patients in de-identified data, yet de-identified data can lose its value as more identifying factors are stripped out. Researchers from Vanderbilt University and elsewhere recently published work exploring policy options that balance risk of violating a patient's privacy vs. the use of data for society.
Earlier this year, the Health Information Trust Alliance released a framework providing guidance on use of de-identification in a simplified and streamlined way through standards and controls that also adhere to HIPAA's privacy rules.
Researchers examine balancing privacy risk, utility of de-identified health data
HITRUST creates framework for de-identification of data
Patient de-identification needs to balance privacy, value of analytics
De-identification effective in maintaining patient privacy if done right