More than two out of three healthcare organizations aren't completely confident they can share data safely while still protecting patient privacy, according to a new survey.
Privacy Analytics, a vendor of de-identification technology, conducted with survey with Electronic Health Information Laboratory, a group that conducts theoretical and applied research on the de-identification of health information.
It polled 271 professionals who handle protected health information in settings including hospitals, doctor's offices, payers, research organizations and agencies.
Among the findings:
- More than half the respondents said they play to increase the volume of data stored or shared within 12 months and two-thirds currently release data for secondary use, such as analysis, research, safety measurement, public health, payment or marketing.
- Individuals aren't familiar with advanced methods of de-identifying data, cited by 51 percent, leading them to release data stripped of its usefulness or that puts them at high risk of a breach.
- More than 75 percent of respondents said their data-management practices include one or more approaches including data-sharing agreements (50 percent), data masking (31 percent) and Safe Harbor methodology (28 percent), according to an announcement.
Researchers have shown how easy it is to re-identify patients in de-identified data, yet de-identified data can lose its value as more identifying factors are stripped out. Researchers from Vanderbilt University and elsewhere recently published work exploring policy options that balance risk of violating a patient's privacy vs. the use of data for society.
Earlier this year, the Health Information Trust Alliance released a framework providing guidance on use of de-identification in a simplified and streamlined way through standards and controls that also adhere to HIPAA's privacy rules.