This paper from Privacy Analytics addresses the common scenario in which health data is anonymized and used for research purposes within a data controller that retains the original data set. In such cases, robust anonymization combined with strong safeguards to protect the anonymized data from being re-associated with the original data or otherwise re-identified, creates a strong case under the GDPR that the data should still be considered fully anonymous and therefore outside the scope data protection law. But even where that is not the case, the same strong anonymization methodology and safeguards will enable the data controller to meet key GDPR obligations. In either case, strong de-identification is an essential tool for enabling the use of sensitive health data for research purposes. (August 2017)
European Legal Requirements for Use of Anonymized Health Data for Research Purposes by a Data Controller with Access to the Original (Identified) Data Sets
Related Stories
Estimating the re-identification risk of clinical data sets
This study by Fida Kamal Dankar, Khaled El Emam, Angelica Neisa and Tyson Roffey identifies a decision rule that can be used by health privacy researchers and disclosure control professionals to estimate uniqueness in clinical data sets. The authors state it provides a reliable way to measure re-ide...
Web Conference: Paging All Healthcare Privacy Pros
Original broadcast date: November 9, 2018
Join us as three seasoned privacy professionals discuss the requirements of the CCPA applicable to healthcare organizations and how to operationalize compliance....
Use of Electronic Health Record Data in Clinical Investigations
This guidance document, published by the U.S. Department of Health and Human Services, is intended to assist sponsors, clinical investigators, contract research organizations, institutional review boards, and other interested parties on the use of electronic health record data in FDA-regulated clini...
HIPAA-Compliant Privacy Policy Language for e-Health Applications
The following is a privacy policy language profile proposal for HIPAA-Compliant e-Health Applications, published by Elsevier B.V. Included in the proposition is the aim of usage allowing the e-health providers to specify HIPAA-compliant privacy policies and the ability for patents to be able to expr...
Web Conference: The 2016-2017 State of Data Sharing for Health Care Analytics
Original broadcast date: June 8, 2017
Join us as we discuss key findings from Privacy Analytics’ “2016-2017 State of Data Sharing for Healthcare Analytics” survey. and more in this informative and timely web conference....