Chapter 3: Introduction to Technological Aspects of Privacy
Deidentification Standards: HIPAA Methods and FTC Guidance
The longest-standing U.S. deidentification rules are under HIPAA: the safe harbor method removes 18 identifiers and the expert determination method relies on expert risk analysis. Outside HIPAA, the FTC's three-part test (reasonable measures, public commitment, contractual prohibition) defines data not reasonably linkable.
| Method | Requirement |
|---|---|
| Safe harbor method | Remove 18 specific types of identifying information; ZIP codes no more specific than first three digits |
| Expert determination method | An expert determines and documents that the risk is very small that an anticipated recipient could re-identify an individual |
FTC's three-part 'not reasonably linkable' test
Outside HIPAA, the FTC states data is not 'reasonably linkable' where a company: (1) takes reasonable measures to deidentify; (2) publicly commits not to try to re-identify; and (3) contractually prohibits downstream recipients from re-identifying. An FTC official also warned in 2022 that claims data is 'anonymous' are often deceptive.
Key terms - quick answers
What is “HIPAA”?
The Health Insurance Portability and Accountability Act, source of the longest-standing U.S. deidentification rules, concerning protected health information.
What is “Safe harbor method”?
A HIPAA deidentification method requiring removal of 18 specific types of potentially identifying information (e.g. ZIP codes no more specific than the first three digits).
What is “Expert determination method”?
A HIPAA deidentification method in which an expert determines and documents that the risk is very small that an anticipated recipient could identify an individual.