Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

  • About HHS
  • Programs & Services
  • Grants & Contracts
  • Laws & Regulations
  • Radical Transparency
  • Big Wins
  • About OHRP
  • Regulations, Policy & Guidance
  • Education & Outreach
  • Compliance & Reporting
  • News & Events
  • Register IRBs & Obtain FWAs
  • SACHRP Committee
  • International
Breadcrumb
  1. HHS
  2. OHRP
  3. SACHRP Committee
  4. SACHRP Recommendations
  5. Appendix B: Reconsider the de-identification standard, reduce the
  • SACHRP Charter
  • SACHRP Members
  • SACHRP Meetings
  • SACHRP Recommendations
  • SACHRP Subcommittees
  • SACHRP Archived Materials

Appendix B: Reconsider the de-identification standard, reduce the number of data categories, and focus on safeguards in recording and publishing data

The Final Privacy Rule essentially retains the list of 18 identifiers that must be stripped from data for those data to be considered "de-identified" and thus outside of the definition of PHI. For the efficiency of essential records research, SACHRP encourages the Department to reconsider its de-identification standard, reduce the number of data categories to be eliminated, and focus regulatory attention on the safeguards that researchers using such information should respect in recording and publishing data. An alternate, "goal-oriented" revision of these de-identification requirements could protect subjects' privacy while not making critical research excessively costly and troublesome. Although the addition of the limited data set category provides researchers with some flexibility, that category adds to the confusion surrounding retrospective records research, and requires additional significant administrative burdens in its requirement of a data use agreement between the Covered Entity disclosing the limited data set and the recipient of the data. SACHRP contends that the standard for de-identification under HIPAA should be more closely aligned with the research community's historic standard for what constitutes identifiable private information under the Common Rule. Indeed, there have been few, if any, reported abuses of research subjects or compromises of their privacy under the historic interpretations of anonymized data under the Common Rule standards, leading SACHRP to question the necessity of all aspects of the Privacy Rule's de-identification standard. If there were no cost associated with those higher standards, they might be tolerable, but in this as in other areas, little if any additional actual protection appears to have been added to subjects' privacy while significant new costs and burdens have been imposed on the research enterprise - an enterprise that in the aggregate greatly benefits communitarian interests.

Related Letters

September 27, 2004 SACHRP chair letter to HHS Secretary on HIPAA - Health Insurance Portability and Accountability Act
  • 1
Content created by Office for Human Research Protections (OHRP)
Content last reviewed March 30, 2016
Back to top

Subscribe to Email Updates

Receive the latest updates from the Secretary and Press Releases.

Subscribe
  • Contact HHS
  • Careers
  • HHS FAQs
  • Nondiscrimination Notice
  • Press Room
  • HHS Archive
  • Accessibility Statement
  • Privacy Policy
  • Budget/Performance
  • Inspector General
  • Web Site Disclaimers
  • EEO/No Fear Act
  • FOIA
  • The White House
  • USA.gov
  • Vulnerability Disclosure Policy
HHS Logo

HHS Headquarters

200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll Free Call Center: 1-877-696-6775​

Follow HHS

Follow Secretary Kennedy