As I was writing an article for another publication on the topic of information security, I started thinking about my own practices regarding the accessing and use of private health information.
As an analytics professional working in a healthcare organization, I am exposed to the private and health related information of many individuals as part of my job. This comes thought the use of health information systems such as the electronic medical record. Most often I encounter private, person-identifiable information when extracting and analyzing data for quality improvement initiatives and scientific/clinical research projects.
The analytics tools that my group develops and uses typically generate anonymous aggregate data such as visit counts, times analysis, and other summarized data that has been “crunched” in some way. When working with data extracts, however, the data is sometimes not completely anonymized. At times, there might be names, birthdays, or other identifying information attached – especially when working with data for critical incident reviews or infection control contact lists.
After working on the information security article, the question I started to ask myself is, “is there ever any need for me to access and use data that is not completely anonymized?”
In our analytics portal, there are a few reports that are used for auditing and critical incident review purposes that must have the patient name and other information attached. Beyond those specific reports for very specific purposes, do I ever need to see identifiable information? I think the answer is NO.
I firmly believe that the “default mode” should be to always work with anonymized data unless the task at hand clearly and legitimately requires information not to be anonymized. (This is the equivalent of a “need to know” stipulation – always exclude identifiable information unless it is specifically required).
One benefit of working exclusively with de-identified data is that it reduces the risk of a breach of private health information to near-nil. One of the biggest risk factors for information breach is the accidental disclosure of data caused by sending identifiable health information to an unauthorized individual. This could include sending paper records to the wrong address, or emailing information to an unauthorized or unintended individual. (If you’ve ever hit “reply all” instead of just “reply” on your email application, you’ll know how easy it is to send sensitive information to the wrong people.) In addition, if a laptop or memory device (such as a memory stick) is lost or stolen, purely de-identified data cannot be used for identity theft or other nefarious purpose.
As responsible users of health information, we rarely consider ourselves a risk of accidental or intentional breach. But, as responsible professionals, we must regularly review our own security practices to ensure we are not unnecessarily viewing private health information, or unintentionally increasing the risk of a breach of private health information.