Loading...
Transformation

De-identification Maturity Model

With increased data sharing between organizations, there is a growing need for high standards of de-identification – the anonymization or pseudonymization of personal information shared for secondary purposes. For example, a hospital that discloses patient records to a medical researcher is responsible not only for removing patients’ names and health plan numbers from the data, but also for ensuring that patients cannot be re-identified using combinations of background information (e.g., age, postal code) and medical information (e.g., diagnosis, hospital discharge dates).

We have advised the Ontario and Alberta provincial governments on the implementation of de-identification of personal health information, and we are familiar with relevant legislation across Canada. Our De-identification Maturity Model (DMM), developed by Dr. Waël Hassan in collaboration with Dr. Khaled El Emam of Privacy Analytics, provides a framework for developing de-identification policies and practices that not only ensure compliance with legislation and regulation, but go further by implementing best practices from across the country.

The DMM evaluates the maturity of an organization’s de-identification services. This includes the de-identification practices themselves, their implementation within the enterprise, and automation of the process. (A DMM whitepaper explaining the model in more detail is available in pdf format.) We use the DMM to assist our clients in three ways: to evaluate their de-identification practices; to provide a roadmap for improvement; and to compare the practices of different departments or units within the organization in a concise and objective way.

The DMM provides a guide for organizations seeking to:

  • Defensibly ensure a very small risk of re-identification
  • Meet regulatory and legal requirements
  • More efficiently share data for secondary purposes
  • De-identify data in a consistent manner
  • Better estimate the resources and time needed to de-identify a data set
%d bloggers like this: