Skip to Main Content

Data Management

Data Privacy

Some projects may work with sensitive data, particularly those using human research subjects.  Therefore, it is important for researchers to consider where their data may raise security or privacy concerns.  

Data privacy includes the protection of personal or sensitive information and extends throughout collection, storage, and sharing. There are many ways in which we can protect the privacy of our data including de-identification, encryption, informed consent, and utilizing safe storage and archival services.

More information on research data security and human subjects research can be found here.

Removing Identifiers

One method of protecting privacy of sensitive or personal data is de-identification, or removing direct and indirect "identifiers" which could reveal subject identity. The HIPAA Privacy Rule defines Protected Health Information (PHI) as "individually identifiable health information" and includes information that relates to:

  • the individual's past, present or future physical or mental health or condition,
  • the provision of health care to the individual, or
  • the past, present, or future payment for the provision of health care to the individual

Direct & Indirect Identifiers 

PHI can be used to identify a subject directly. Indirect identifiers can be used in conjunction with other information to positively identify subjects. It is important to keep in mind the importance of de-identifying both direct and indirect information to protect the privacy of human research subjects.

Direct Identifier examples:

  • Names
  • Phone/Fax numbers
  • Geographic address below state or 3-digit zip code
  • Identifiable photographs/images
  • Email/IP adress
  • Medical record information
  • License plate/serial numbers
  • Date of Birth
  • Account numbers
  • Biometric identifiers
  • SSN

Indirect Identifier examples:

  • Full zip codes
  • Geographic areas
  • Age
  • Race/ethnicity
  • Facility/health care provider
  • Health conditions
  • Educational degrees/ graduation years
  • Occupations
  • Birthplace

Removing Identifiers

De-identification:

Anonymization:

  • Sensitive data are stripped from the dataset manually (deleting variable) or algorithmically
  • Irreversible

Resources & Policies

Sensitive data needs to be password protected and/or encrypted.  Data security is important for all types of data, particularly protected data (HIPAA, FERPA), in order to prevent corruption, theft, or loss. 

UIC Technology Solutions Resources:

Sharing certain types of research data, particularly those which concern human subjects, may be restricted or controlled by law.  It is important to understand what legislation may affect your data before you take steps to share it.  

Data Security Policies: