Interesting People mailing list archives
Re HIPAA compliant system design
From: "Dave Farber" <farber () gmail com>
Date: Sun, 25 Mar 2018 07:57:37 -0400
Begin forwarded message:
From: Rich Kulawiec <rsk () gsp org> Date: March 25, 2018 at 5:29:01 AM EDT To: dave () farber net Subject: Re: [IP] HIPAA compliant system design (for IP, if you wish) I'm HIPAA-certified and have appreciable experience running an operation where it was in play (along with other regulatory measures and contractual obligations). It's a good start, but HIPAA is woefully outdated in a number of areas. To pick one of those, it doesn't consider the enormous progress made in re-identification. See for example: A Systematic Review of Re-Identification Attacks on Health Data http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0028071 as well as the work done by folks like Arvand Narayanan and colleagues at Princeton: De-anonymization is not X: The Need for Re-identification Science https://33bits.wordpress.com/2009/10/14/de-anonymization-is-not-x-the-need-for-re-identification-science/ Let me summarize this topic area: if someone points to a data set and says "this has been de-identified", they're probably wrong. It turns out to be much harder than it looks, and the landscape is littered with failures. We're going to need a new regulatory framework that takes this and much more into account and includes mechanisms for vesting control over our data (and our metadata) in us. ---rsk
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20180325075745:B8CB9850-3023-11E8-B6A8-FB329E341493 Powered by Listbox: http://www.listbox.com
Current thread:
- Re HIPAA compliant system design Dave Farber (Mar 25)