Data De-identification

Sharing de-identified data

Did you know that UCSF De-identified data are considered UCSF Intellectual Property and are subject to HIPAA regulations?

It's true! So, if you are working with a non-UCSF partner and you want to share the data, UCSF may require that your data are "certified," meaning your dataset is correctly de-identified in accordance with HIPAA regulations and has the required certification. In addition, you will need an appropriate data sharing contract that is executed with your non-UCSF partner. Work with the UCSF Division of Industry Contracts for this step (contact at: [email protected]

More details

New contracts & partnerships that propose data sharing with external entities are being closely reviewed. Read more about how we support secure data-sharing partnerships

The Clinical & Translational Science Institute (CTSI) is available to consult with you about your data, however, you will need to use an external company for the certification, if required. Important Note: You will need to pay for the certification.

Here are some considerations as you think about your data:

  • Was the dataset derived from a previously certified UCSF de-identified data source? 
  • Complexity of the Dataset
  • Size of the Dataset
  • Data Sharing Plans
  • Size of Intended Audience of the Dataset

Get advice or have questions?   REQUEST CONSULTATION


UCSF IT recommends this company for De-Identification Certification, but there are others:

Want to know more details?