Purpose
Mount Sinai’s De-Identification Service removes or masks all potential identifiers from a data set. In accordance with the Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, the following 19 data elements are de-identified for produced data sets:
- Name
- Street Address, city, county, zip code (the first three digits of the zip code may be used if there are more than 20,000 people in the zip code)
- All element of dates (except year), including dates of birth, admission, discharge or death
- All ages over 89
- All telephone numbers
- Fax number
- E-mail addresses
- Social Security Number (SSN)
- Medical Record Number (MRN)
- Health plan beneficiary number
- Account numbers
- Certificate/License number
- Vehicle identifiers, including license plate numbers
- Device identification and/or serial number
- Uniform Resource Locator (URL)
- Internet Protocol (IP) address
- Biometric identifiers, including finger and voiceprints
- Full face photographic images and other comparable images
- Any other unique identifying number, characteristic, or code
The personal identifiers in a data set are removed using one of three methods: HIPAA Safe Harbor, Hripcsak’s Shift and Truncate (SANT) Method, or the “Elapsed Days” approach.
Department
Cost
$236/hr for de-identification of data marts
Reference
Mount Sinai Policy – De-Identification of Protected Health Information