I'm not up on HIPPA and I am not a lawyer.
Years ago I created a system for anonymizing address data that passed muster with the FCC and US Census bureau. In a nutshell we had a third party create a unique hash to identify the record, and geocode to the US Census block group.
We never handled let alone stored the name or address ourselves. We had an independent auditor audit our outsource party and our datasets. Block group is the US Census standard for protecting privacy - it really depends on what other data you retain though as to being able to reconstruct identity.
From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of Simon Spero
Sent: Monday, June 02, 2014 2:38 PM
To: [log in to unmask]
Subject: Re: [CODE4LIB] Anonymizing address data
This book might be useful (it's a year old)
Anonymizing Health Data <http://shop.oreilly.com/product/0636920029229.do>
Case Studies and Methods to Get You Started
By Khaled El Emam, Luk Arbuckle
Publisher: O'Reilly Media
Released: December 2013
On Mon, Jun 2, 2014 at 3:40 PM, Kyle Banerjee <[log in to unmask]>
> HIPPA compliant data cannot include personally identifiable information, a
> category which includes address. The "safe harbor" approach where
> geographic subdivisions smaller than states cannot be used frequently
> renders data useless.
> The "expert determination" method is always an option and precompiling can
> work in certain cases, but I was wondering what other methods people have
> successfully employed? Thanks,