Data De-identification

Sharing de-identified data

Did you know that UCSF De-identified data are considered UCSF Intellectual Property and are subject to HIPAA regulations?

It's true! So, if you are working with a non-UCSF partner and you want to share the data, UCSF may require that your data are "certified," meaning your dataset is correctly de-identified in accordance with HIPAA regulations and has the required certification. In addition, you will need an appropriate data sharing contract that is executed with your non-UCSF partner. Work with the UCSF Division of Industry Contracts for this step (contact at: [email protected]

More details

New contracts & partnerships that propose data sharing with external entities are being closely reviewed. Read more about how UCSF support secure data-sharing partnerships and how UCSF recommends planning for de-identified data sharing in repositories.

Academic Research Systems is available to consult with you about your data, however, you will need to use an external company for the certification, if required. Important Note: You will need to pay for the certification.

Here are some considerations as you think about your data:

  • Was the dataset derived from a previously certified UCSF de-identified data source? 
  • Complexity of the Dataset
  • Size of the Dataset
  • Data Sharing Plans
  • Size of Intended Audience of the Dataset

Get advice or have questions?   REQUEST CONSULTATION


UCSF IT recommends this company for De-Identification Certification, but there are others:

De-identification Resources

UCSF Guidance

Federal Regulations

General Guidance

De-identification Tools


Clinical Text

Social Science Data