Privacy and Security Law Blog

Check out our recent advisory describing the New HIPAA Guidance on De-Identifying Health Information.  In it, Adam Greene explains that the HHS Office for Civil Rights released guidance on how health information may be de-identified, which allows covered entities and business associates to reduce their exposure to HIPAA and expand their use of health data.  The guidance teaches two key lessons – specifically, that health information generally is considered individually identifiable unless certain stringent requirements are met, and that using an appropriate expert can provide ways to de-identify information while retaining important properties that otherwise might be lost through other methods of de-identification.  The advisory can be accessed here.