 |
 |
The great thing about compliance stuff like HIPPA/FERPA/PCI, etc. is that they're so open to interpretation... By lawyers. On Thursday, June 5, 2014, Thomas Kula <[log in to unmask]> wrote: > The great thing about compliance stuff like HIPPA/FERPA/PCI, etc. is > that they're so open to interpretation. My general rule when dealing > with any compliance issue is to make sure my university general > counsel's office is happy with whatever I do. Yes, it can be a pain to > do that, but you'll be better off in the long run. If they're happy and > a legal issue comes up, it's their problem, not mine, which is generally > where I want to be when it comes to compliance issues.... > > On Thu, Jun 05, 2014 at 12:07:56AM +0000, Sam Kome wrote: > > I'm not up on HIPPA and I am not a lawyer. > > Years ago I created a system for anonymizing address data that passed > muster with the FCC and US Census bureau. In a nutshell we had a third > party create a unique hash to identify the record, and geocode to the US > Census block group. > > We never handled let alone stored the name or address ourselves. We had > an independent auditor audit our outsource party and our datasets. Block > group is the US Census standard for protecting privacy - it really depends > on what other data you retain though as to being able to reconstruct > identity. > > > > Cheers! > > > > -----Original Message----- > > From: Code for Libraries [mailto:[log in to unmask] <javascript:;>] > On Behalf Of Simon Spero > > Sent: Monday, June 02, 2014 2:38 PM > > To: [log in to unmask] <javascript:;> > > Subject: Re: [CODE4LIB] Anonymizing address data > > > > This book might be useful (it's a year old) > > > > Anonymizing Health Data < > http://shop.oreilly.com/product/0636920029229.do> > > Case Studies and Methods to Get You Started > > By Khaled El Emam, Luk Arbuckle > > <http://shop.oreilly.com/product/0636920029229.do#tab_03_0> > > Publisher: O'Reilly Media > > Released: December 2013 > > Pages: 212 > > > > > > > > > > > > On Mon, Jun 2, 2014 at 3:40 PM, Kyle Banerjee <[log in to unmask] > <javascript:;>> > > wrote: > > > > > HIPPA compliant data cannot include personally identifiable > information, a > > > category which includes address. The "safe harbor" approach where > > > geographic subdivisions smaller than states cannot be used frequently > > > renders data useless. > > > > > > The "expert determination" method is always an option and precompiling > can > > > work in certain cases, but I was wondering what other methods people > have > > > successfully employed? Thanks, > > > > > > kyle > > > > > -- > Thomas L. Kula <[log in to unmask] <javascript:;>> > Senior Systems Engineeer, Unix Systems Group > Library Information Technology Office > Columbia University in the City of New York > -- Cary Gordon The Cherry Hill Company http://chillco.com