HIPPA 'Safe Harbor' Checklist Form for CHoRUS
Introduction
This checklist is intended for the CHoRUS project to verify that all HIPPAA-defined identifiers are removed before a data submission to the central repository. This is only a general guide, and please first contat the institutional IRB and/or Privacy Officer for questions about a specific aread of the checklist.
Project Information
- Site PI name: __________________________________________________.
- Site PI email: __________________________________________________.
- Site PI organization: __________________________________________________.
- IRB protocol number: __________________________________________________.
- IRB approval date: __________________________________________________.
Data Information
- Data name: __________________________________________________.
- Data description:
____________________________________________________________________________________________________.
____________________________________________________________________________________________________.
____________________________________________________________________________________________________.
____________________________________________________________________________________________________.
____________________________________________________________________________________________________.
____________________________________________________________________________________________________.
Checklist
I certify that the following identifiers of the individual or of relatives, employers, or household members of the individual, are removed:
(1) Names
(2) All geographic subdivisions smaller than a state, including street address, city, county, precinct, ZIP code, and their equivalent geocodes, except for the initial three digits of the ZIP code if, according to the current publicly available data from the Bureau of the Census: (1) The geographic unit formed by combining all ZIP codes with the same three initial digits contains more than 20,000 people; and (2) The initial three digits of a ZIP code for all such geographic units containing 20,000 or fewere people is changed to 000
(3) All elements of dates (except year) for dates that are directly related to an individual, including birth date, admission date, discharge date, death date, and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older
(4) Telephone numbers
(5) Fax numbers
(6) Email addresses
(7) Social security numbers
(8) Medical record numbers
(9) Health plan beneficiary numbers and insurance ID numbers
(10) Account numbers
(11) Certificate/license numbers
(12) Serial Numbers, including vehicle identifiers and license plate numbers
(13) Device identifiers
(14) Web Universal Resource Locators (URLs)
(15) Internet Protocol (IP) addresses
(16) Biometric identifiers, including finger and voice prints
(17) Full-face photographs and any comparable images
(18) Any other unique identifying number, characteristic, or code, except as permitted by paragraph (c) of this section [Paragraph (c) is presented below in the section 'Re-identification']
Site PI name (printed): __________________________________________________.
Site PI signature: __________________________________________________.
Date: __________________________________________________.
Re-identification
The implementation specifications further provide direction with respect to re-identification, specifically the assignment of a unique code to the set of de-identified health information to permit re-identification by the covered entity.
If a covered entity or business associate successfully undertook an effort to identify the subject of de-identified information it maintained, the health information now related to a specific individual would again be protected by the Privacy Rule, as it would meet the definition of PHI. Disclosure of a code or other means of record identification designed to enable coded or otherwise de-identified information to be re-identified is also considered a disclosure of PHI.
(c) Implementation specifications: re-identification. A covered entity may assign a code or other means of record identification to allow information de-identified under this section to be re-identified by the covered entity, provided that:
(1) Derivation. The code or other means of record identification is not derived from or related to information about the individual and is not otherwise capable of being translated so as to identify the individual; and
(2) Security. The covered entity does not use or disclose the code or other means of record identification for any other purpose and does not disclose the mechanism for re-identification.
References
For more information, please refer to the following websites: