Sharing de-identified data
Did you know that UCSF de-identified data are considered UCSF intellectual property and must be de-identified in accordance with HIPAA de-identification standards?
It's true! So, if you are working with a non-UCSF partner and you want to share the data, UCSF may require that your data are "certified," meaning your dataset is correctly de-identified in accordance with HIPAA regulations and has the required certification. In addition, you will need an appropriate data sharing contract that is executed with your non-UCSF partner. Work with the UCSF Division of Industry Contracts for this step (contact at: [email protected])
More details
New contracts & partnerships that propose data sharing with external entities are being closely reviewed. Read more about how UCSF support secure data-sharing partnerships and how UCSF recommends planning for de-identified data sharing in repositories.
Academic Research Systems is available to consult with you about your data, however, you will need to use an external company for the certification, if required. Important Note: You will need to pay for the certification.
Here are some considerations as you think about your data:
- Was the dataset derived from a previously certified UCSF de-identified data source?
- Complexity of the Dataset
- Size of the Dataset
- Data Sharing Plans
- Size of Intended Audience of the Dataset
Get advice or have questions? REQUEST CONSULTATION
UCSF IT recommends this company for De-Identification Certification, but there are others:
- ArcherHall LLC: https://archerhall.com/
De-identification Resources
UCSF Guidance
Federal Regulations
- HIPAA De-identification Methods – Expert Determination and Safe Harbor - Methods and approaches to achieve de-identification in accordance with HIPAA
- CMS Cell Suppression Policy – Minimum thresholds for the display of CMS data
General Guidance
- Guide to the De-Identification of Personal Health Information (ebook)
- Sharing Clinical Trial Data: Maximizing Benefits, Minimizing Risk (ebook) – Includes Appendix B: Concepts and Methods for De-identifying Clinical Trial Data
- Is De-identification Sufficient to Protect Health Privacy in Research? (article)
- Modes of De-identification (article)
De-identification Tools
- Applications to assist in de-identification of Human Subjects research data – Database de-identification tools curated by Johns Hopkins
- NIST De-identification Tools – A guide to algorithms and tools curated by the National Institute of Standards and Technology
Images
Clinical Text
- Protected Health Information filter (Philter): accurately and securely de-identifying free-text clinical notes (article) – UCSF developed tool
- NLM-Scrubber – Clinical text de-identification tool developed by the National Library of Medicine
Social Science Data
- How to De-identify Your Data: Balancing statistical accuracy and subject privacy in large social-science data sets (article)
- Guide to De-identifying Qualitative Research – Guide from the Qualitative Data Repository
- Sharing Human Participant Data - Guidance on de-identifying qualitative data from the Social Science research Council (SSRC)