The Safe Harbor Methods: Practical implementation techniques

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule mandates the de-identification of specific types of protected health information (PHI) created or collected by entities and their business associates.

This paper discusses each of the items listed in section 164.514(b) of the Privacy Rule’s Safe Harbor de-identification standard and illustrates various data masking techniques which can assist in satisfying that requirement.