HITSP Anonymize Component

July 8, 2009

Version 2.3

HITSP Anonymize Component

HITSP/C25

Healthcare Information Technology Standards Panel (HITSP) logo

Submitted to:

Healthcare Information Technology Standards Panel

Submitted by:

Security, Privacy and Infrastructure Domain Technical Committee
(Formerly Security and Privacy Technical Committee)

Document Change History

Version Number	Description of Change	Name of Author	Date Published
1.0	Final draft	Biosurveillance Technical Committee	August 16, 2006
1.1	Ready for Public Comment	Biosurveillance Technical Committee	September 12, 2006
1.2	Ready for Implementation Testing	Biosurveillance Technical Committee	October 20, 2006
1.3	Review Copy	Population Health Technical Committee	April 27, 2007
2.0	Ready for Implementation	Population Health Technical Committee	May 11, 2007
2.0.1	Review Copy	Population Health Technical Committee	September 18, 2007
2.0.2	Review Copy	Population Health Technical Committee	December 5, 2007
2.1	Ready for Implementation	Population Health Technical Committee	December 13, 2007
2.1.1	Review Copy	Security, Privacy and Infrastructure Domain Technical Committee	August 20, 2008
2.2	Released for Implementation	Security, Privacy and Infrastructure Domain Technical Committee	August 27, 2008
	Template V2.5	Project Team	June 30, 2009
2.2.1	Review Copy	Security, Privacy and Infrastructure Domain Technical Committee	June 30, 2009
2.3	Released for Implementation	Security, Privacy and Infrastructure Domain Technical Committee	July 8, 2009

Table of Contents

1.0 Introduction. 5

1.1 Overview. 5

1.2 Copyright Permissions. 5

1.3 Reference Documents. 5

1.4 Conformance. 5

1.4.1 Conformance Criteria. 5

1.4.2 Conformance Scoping, Subsetting and Options. 6

2.0 Component Definition. 7

2.1 Context Overview. 7

2.1.1 Context Overview for Biosurveillance. 7

2.1.2 Context Overview for Quality. 7

2.1.2.1 Anonymity Levels. 7

2.1.2.1.1 Level 1 Anonymity: Removal of Clearly Identifying Data. 8

2.1.2.1.2 Level 2 Anonymity: Static Model Based Re-identification Risk Analysis 8

2.1.2.1.3 Level 2 Anonymity Issues with Free-Form Text 8

2.1.2.1.4 Level 3 Anonymity Routine Resource Risk Analysis. 9

2.1.2.2 Use Case Risk Assessments. 9

2.1.2.2.1 Biosurveillance Identifiers. 9

2.1.2.2.2 Quality Identifiers. 10

2.1.3 Component Constraints. 11

2.1.4 Component Dependencies. 12

2.2 Rules for Implementing. 12

2.2.1 Data Mapping. 12

2.2.1.1 Biosurveillance. 12

2.2.1.1.1 Biosurveillance Level 1 Anonymity Considerations. 12

2.2.1.1.2 Biosurveillance Level 2 Anonymity Considerations. 13

2.2.1.2 Quality. 13

2.2.1.2.1 Quality Level 1 Anonymity Considerations. 13

2.2.1.2.2 Quality Level 2 Anonymity Considerations. 14

2.2.2 Guidelines and Examples. 15

2.3 Standards. 15

2.3.1 Regulatory Guidance. 15

2.3.2 Selected Standards. 16

2.3.3 Informative Reference Standards. 16

3.0 Appendix. 17

4.0 Document Updates. 18

4.1 December 5, 2007. 18

4.2 December 13, 2007. 18

4.3 August 20, 2008. 18

4.4 August 27, 2008. 18

4.5 June 30, 2009. 18

4.6 July 8, 2009. 18

Figures and Tables

Table 1-1 Anonymization Options. 6

Table 2-1 Biosurveillance Patient Identifying Level 1 Data Elements. 10

Table 2-2 Biosurveillance Patient Identifying Level 2 Freeform Text Data Elements. 10

Table 2-3 Biosurveillance Patient Identifying Level 2 Combinatorial Data Elements. 10

Table 2-4 Quality Patient Identifying Level 1 Data Elements. 10

Table 2-5 Quality Patient Identifying Level 2 Freeform Text Data Elements. 11

Table 2-6 Quality Patient Identifying Level 2 Combinatorial Data Elements. 11

Table 2-7 Component Constraints. 11

Table 2-8 Component Dependencies. 12

Table 2-9 Data Mapping Biosurveillance Level 1 Patient Data Elements. 12

Table 2-10 Biosurveillance Freeform Text Risk Mitigation Data Elements. 13

Table 2-11 Data Mapping Quality Level 1 Patient Data Elements. 14

Table 2-12 Quality Freeform Text Risk Mitigation Data Elements. 15

Table 2-13 Regulatory Guidance. 15

Table 2-14 Selected Standards. 16

Table 2-15 Informative Reference Standards. 16