De-Indentified Data

Definition:  Health information is considered de-identified when it does not identify an individual and there is no reasonable basis to believe that the information can be used to identify an individual. Information is considered de-identified if 18 identifiers are removed from the health information and if the remaining health information could not be used alone, or in combination, to identify a subject of the information. The identifiers include:

1. names
2. geographic subdivisions smaller than a state, including street address, city, county, precinct, zip code and equivalent geocodes, except for the initial three digits of a zip code to 000
3. all elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death, and all ages over 89
4. telephone numbers
5. fax numbers
6. electronic mail addresses
7. Social Security numbers
8. medical record numbers
9. health plan beneficiary numbers
10. account numbers
11. certificate/license numbers
12. vehicle identifiers and serial numbers, including license plate numbers
13. device identifiers and serial numbers
14. Web Universal Resource Locator (URL)
15. biometric identifiers, including finger or voice prints
16. full face photographic images and any comparable images
17. Internet Protocol address numbers
18. any other unique identifying number characteristic or code

How might this type of information be useful?  De-identified data might be useful if you wish to obtain ballpark figures, e.g., the number of patients seen with diabetes, between the ages of 35-50. It is not possible to approach patients about participating in a study by using de-identified data.

Access requirements: To obtain de-identified data you need only to obtain a waiver of authorization.  (Additional forms are unnecessary for this category of PHI.)