Data Management

Some projects may work with sensitive data, particularly those using human research subjects.  Therefore, it is important for researchers to consider where their data may raise security or privacy concerns.  

• US Dept. of Health and Human Services Guide to De-Identifying Data
• De-identification of PHI: Safe Harbor Method (HIPAA)

Data privacy includes the protection of personal or sensitive information and extends throughout collection, storage, and sharing. There are many ways in which we can protect the privacy of our data including de-identification, encryption, informed consent, and utilizing safe storage and archival services.

More information on research data security and human subjects research can be found here.

One method of protecting privacy of sensitive or personal data is de-identification, or removing direct and indirect "identifiers" which could reveal subject identity. The HIPAA Privacy Rule defines Protected Health Information (PHI) as "individually identifiable health information" and includes information that relates to:

• the individual's past, present or future physical or mental health or condition,
• the provision of health care to the individual, or
• the past, present, or future payment for the provision of health care to the individual

Direct & Indirect Identifiers 

PHI, including HIPAAs 18 identifiers can be used to identify a subject directly. Data can pose deductive exposure risk such that the individuals identity can be discovered using known characteristics of the individual. It is important to keep in mind the importance of de-identifying both direct and indirect information to protect the privacy of human research subjects.

Removing Identifiers

De-identification:

• Visual Guide to De-identification
• Steps for Data De-identification (Johns Hopkins)
• Methods for De-identification (HIPAA)
• Intro to Advanced De-identification (Johns Hopkins)