HEALTHCARE & MEDICARE

How to effectively handle statistical de-identification process

Photo of admin admin Send an email 2 weeks ago
0 0 7 minutes read
How to effectively handle statistical de-identification process

Innovation in healthcare relies on figuring out the capabilities that data is trying to teach us. Data analysis (including but not limited to Genai-driven data analysis) presents unlimited demand for large, well-planned, searchable data sets. It's already a challenge – we have a lot of data, but not a lot of good data. The challenge to intensify data planning is often a requirement of legal, policy, ethical or commercial risks, that is, the planned data is also “de-identified”. For data sets that include protected health information (PHI), the data must be rendered in accordance with one of two methods specified in HIPAA regulations. Consistently, the method commonly used in data analysis is the statistical method.

Statistical methods are not new. Contrary to public myths, it is no less “less compliant” than the so-called safe harbor approach. Initially, the Civil Rights Office, which governs HIPAA, proposed only the inclusion of statistical methods. But regulated communities want a simple, flush and repetitive standard that does not require them to receive statistical guidance in each case, which is considered a serious trading burden. The safe harbor method requires the removal of 18 enumerated areas, which extends administrative convenience to regulated communities, but is expensive. In many cases, after all the data required is identified in the safe harbor, the remaining data is no longer suitable for the purpose.

Statistical de-identification is as much as strategic activities. A regulated community can take several specific steps to make the most of your statistics to identify plans.

  • Motivation is important: Safe Harbor and statistical identification raise different strategic opportunities and compliance barriers. The de-identification of safe harbors gives a relatively simple way to self-manage by deleting 18 enumerated areas, provided that no areas of these areas are required for the intended activities. It's robotic, but it's also not flexible. In contrast, statistical methods are designed to provide flexibility by looking at practical, measurable re-identification risks presented by a range of factors (including data) and other factors provided by the recipient (recipient). It requires a governance plan to ensure that opinions are followed, but in exchange, almost more data can be kept to the identified dataset.
  • Participate attorney: If this is your first time doing statistical identification, or if this statistical exercise is strategically or substantially different from past opinions, then the process may raise legal and compliance issues and legal advice will be important.
  • First of all, think big: Statistical exercises are a great opportunity to let business stakeholders understand short- and medium-term data plans. First consider (1) the maximum data that helps stick to the use of the identification dataset; (2) de-identify potential recipients of the dataset and reasonable controls surrounding their usage; (3) the scope of possible use cases and business priorities. Working with your experts, you may need to retreat from certain data fields or purposes, but by considering it extensively from the beginning, you can work more effectively with the experts.
  • Not just revisions: Data revision (deleting certain fields) is the most obvious tool when setting up the data dictionary element of the opinion. However, your statisticians can offer more nuances in terms of privacy protection and data retention utilities. For example, data randomization or data movement, increasing noise to make it harder to identify re-identification patterns, including synthesis of data, creating similar fields of view, and the scope of other data obfuscation techniques that can be explored. The encryption technology used to create private IDs needs to be carefully applied to ensure that private IDs are in fact irreversible, including the selection of the appropriate encryption key. Data conversion technology needs to be suitable for purposes – In some cases, certain data operations may mean that data cannot be used for purposes such as certain FDA conditioning. But this is part of the strategic discussion.
  • Not just a table: Statistical de-identification can be used to de-identify unstructured data, including text, clinical annotations, and medical images. Technology and capabilities are rapidly evolving, and unstructured data has moved from niche markets to options that are scalable in just a few years. When considering de-identifying the largest data in the dataset, it is important to validate assumptions surrounding actual implementations to ensure that options are not constrained by humans.
  • Prepare the horse: In many cases, well-designed statistics give you a trade-off in available data fields or granularity. To illustrate a simple example, race-related data fields can be allowed, but in some places, they are highly identifiable due to the demographics of the local population. It does not require re-race or position for reconsideration in all cases, but may also allow data fields under certain parameters, but rather “gray” the availability of other parameters. If you can implement a data architecture to do this, create an option menu for your business so that recipients can access certain data within a flexible framework.
  • Opinions as a recipe: The data in a persistent data set (often called a data dictionary) is just one element in the overall opinion. There will be several other ingredients in this opinion – all of which are important and you will need to adhere to all ingredients to apply. For example, statisticians can relate the existence of certain contract terms or policies to measuring risk. Alternatively, statisticians may have considered the stated purpose of de-identifying data sets. Just like bread recipes if you choose to give up yeast or ignore water, you also need to implement and follow the entire opinion.
  • Establish statistical relationships: The initial increase in opinions is the biggest. However, this opinion requires renewal, and although the time frame varies, it is usually once every 18 months. You may find that assumptions in the opinion need to be reviewed or changed. If your statistics experts are a strong partner, they will help you adjust your opinions based on your strategic priorities, even between renewal periods.
  • Establish a crosswalk:One of the insights embedded in the HIPAA de-identification standard is the need to refresh the identification data over time (under both methods). Organizations can implement a link code where they can identify new data and connect it to individuals in the dataset. Although not for any purpose, vertically de-identified data sets are essential for many of the above purposes. Tokenization and linking techniques can also be applied to links between discrete datasets without sharing PHI or identifying elements, although it is important to ensure that the resulting linked dataset complies with HIPAA's HIPAA's identification standards.
  • Data puddle or data lake: In some cases, the data you need to de-identify is discrete and will be generated case by case to apply the opinion parameters. In other cases, your business may present a range of future, unspecified and/or various data use cases. In the latter case, you may need to develop a data lake – a large, well-curated dataset that can be used to provide smaller data cuts for a specific project. Well-designed opinions also apply to the whole and subset.
  • De-identification and data aggregation: Data collection is always an artistic term under HIPAA, involving the use of PHI from multiple covered entities for benchmarking and other joint activities. Regulated communities often use “identification” and “summarization” interchangeably, but that’s not the case. Make sure you need identifying data for what specific items are.
  • Investment data tags: Data tagging will give your organization more dexterity in the data it believes can be used to de-identify and will provide granularity at the field level. It's technical operations and administration, and it doesn't seem fascinating, but it's an important part of a lucrative dataset.
  • The role of AI: It is impossible to say anything about healthcare or data topics without talking about AI. So we just say this: AI is a burden and a gift. AI tools can help identify unstructured data (known) and can speed up identification tools and dataset analysis. AI can also be used to examine statistical assumptions about residual risk. However, if the AI ​​tool can ask about data and determine patterns of re-identification in new ways, the AI ​​tool can also potentially change the re-identification risk calculation.

As data demand grows, de-identification is the basic governance and strategic priority for stakeholders in digital data economy. De-identification projects enable engineers, business leaders, compliance leaders and attorneys to work together and engage in dialogue around data governance to exceed the benefits of the data set itself.

Photo: Weiquan Lin, Getty Images


Jordan Collins is a results-oriented strategic leader with over 20 years of experience in analytics, focusing on enabling data-driven decision-making at the enterprise level. He is currently the general manager of privacy analysis for IQVIA. Privacy analytics enables organizations to unlock the value of sensitive data while managing privacy considerations. Jordan holds a PhD in philosophy from the University of Auckland, a Master in Applied Statistics from York University, a Master in Pure Mathematics from McMaster University and a Bachelor of Mathematics (Honours) from Mount Alison University. Jordan has a strong analytical background and he began his career as a statistician. He has deep consulting experience in entrepreneurial tendencies, and he stands up to his own statistical consulting practices, focusing on the statistical applications of healthcare and industrial process and business optimization. Over the past decade, he has applied these analytical skills to global technology privacy challenges.

Jennifer Geetter is a partner in McDermott Will & Schulte's DC office. Jennifer focuses on the development, delivery and implementation of digital health solutions, data and research, working closely with adopters and developers to bring their innovative healthcare solutions to patients and providers. To effectively design and deploy digital health technologies, Jenn provides valuable guidance on key issues such as patient boarding, provider implementation, privacy and regulatory issues. She advises global life sciences, healthcare and informatics clients, and advises on legal issues in digital health, biomedical innovation, research compliance, global privacy and data security laws, and financial relationship management.

This article passed Mixed Influencer program. Anyone can post a view on MedCity News' healthcare business and innovation through MedCity Remacence. Click here to learn how.

Photo of admin admin Send an email 2 weeks ago
0 0 7 minutes read
Photo of admin

admin

Related Articles

Redesigning healthcare: How accessible data leads to better care

Redesigning healthcare: How accessible data leads to better care

16 hours ago
Chiesi's rare disease strategy expands into genetic medicines with partnership with CRISPR startup Arbor

Chiesi's rare disease strategy expands into genetic medicines with partnership with CRISPR startup Arbor

2 days ago
Research shows how much hospitals and clinics still pay for the same care

Research shows how much hospitals and clinics still pay for the same care

3 days ago
StartUPDATE: New developments for healthcare startups

StartUPDATE: New developments for healthcare startups

3 days ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button