State and Federal Policy

Click here for the pdfThe Health Insurance Portability and Accountability Act (HIPAA) is a federal law that sets standards for collecting, processing, and exchanging health care information. The Privacy Rule, a key component of HIPAA, protects the identifiable health information of individuals such as names, addresses, telephone numbers, and Social Security numbers.

This protected information can only be used for other purposes once it has been "de-identified," meaning stripped of everything that could identify any specific patient from whose medical record the health information was derived. De-identified data is valuable because it can be used to improve care, estimate the costs of care, and support public health initiatives. 

HIPAA allows two approaches to "de-identifying" protected health information: Safe Harbor and Expert Determination. This paper, developed by the University of South Carolina’s Institute for Families in Society, describes both and illustrates statistical and geographic methods—including data aggregation, spatial integration, blurring, and perturbation—to de-identify data by Expert Determination. Based on scientific knowledge and experience, the appropriate use of Expert Determination to de-identify data can provide valuable information to strengthen policies and programs aimed at improved population health at state, county, and local levels, while safeguarding the privacy of individuals.