The great thing about compliance stuff like HIPPA/FERPA/PCI, etc. is that
they're so open to interpretation...
By lawyers.
On Thursday, June 5, 2014, Thomas Kula <[log in to unmask]> wrote:
> The great thing about compliance stuff like HIPPA/FERPA/PCI, etc. is
> that they're so open to interpretation. My general rule when dealing
> with any compliance issue is to make sure my university general
> counsel's office is happy with whatever I do. Yes, it can be a pain to
> do that, but you'll be better off in the long run. If they're happy and
> a legal issue comes up, it's their problem, not mine, which is generally
> where I want to be when it comes to compliance issues....
>
> On Thu, Jun 05, 2014 at 12:07:56AM +0000, Sam Kome wrote:
> > I'm not up on HIPPA and I am not a lawyer.
> > Years ago I created a system for anonymizing address data that passed
> muster with the FCC and US Census bureau. In a nutshell we had a third
> party create a unique hash to identify the record, and geocode to the US
> Census block group.
> > We never handled let alone stored the name or address ourselves. We had
> an independent auditor audit our outsource party and our datasets. Block
> group is the US Census standard for protecting privacy - it really depends
> on what other data you retain though as to being able to reconstruct
> identity.
> >
> > Cheers!
> >
> > -----Original Message-----
> > From: Code for Libraries [mailto:[log in to unmask] <javascript:;>]
> On Behalf Of Simon Spero
> > Sent: Monday, June 02, 2014 2:38 PM
> > To: [log in to unmask] <javascript:;>
> > Subject: Re: [CODE4LIB] Anonymizing address data
> >
> > This book might be useful (it's a year old)
> >
> > Anonymizing Health Data <
> http://shop.oreilly.com/product/0636920029229.do>
> > Case Studies and Methods to Get You Started
> > By Khaled El Emam, Luk Arbuckle
> > <http://shop.oreilly.com/product/0636920029229.do#tab_03_0>
> > Publisher: O'Reilly Media
> > Released: December 2013
> > Pages: 212
> >
> >
> >
> >
> >
> > On Mon, Jun 2, 2014 at 3:40 PM, Kyle Banerjee <[log in to unmask]
> <javascript:;>>
> > wrote:
> >
> > > HIPPA compliant data cannot include personally identifiable
> information, a
> > > category which includes address. The "safe harbor" approach where
> > > geographic subdivisions smaller than states cannot be used frequently
> > > renders data useless.
> > >
> > > The "expert determination" method is always an option and precompiling
> can
> > > work in certain cases, but I was wondering what other methods people
> have
> > > successfully employed? Thanks,
> > >
> > > kyle
> > >
>
> --
> Thomas L. Kula <[log in to unmask] <javascript:;>>
> Senior Systems Engineeer, Unix Systems Group
> Library Information Technology Office
> Columbia University in the City of New York
>
--
Cary Gordon
The Cherry Hill Company
http://chillco.com
|