HIPAA Compliance and Private AI
Private AI’s industry-leading technology identifies and protects patient data within EHRs, clinician’s notes, transcripts, and more for HIPAA-compliant data that machine learning and data science teams can safely utilize.
Protecting Healthcare Data under HIPAA's Safe Harbor
In healthcare, mismanaged data can result in massive fines and long-lasting damage to a company’s reputation. One way to mitigate fines and protect your institution’s reputation is to comply with the Health Insurance Portability and Accountability Act’s (HIPAA) Safe Harbor rule.
If you comply with the Safe Harbor rule, the length of audits is shortened, and fines are lowered in the event of a data breach. Plus a layer of protection is added to the data you are keeping.
The Safe Harbor rules prescribes what needs to be done to protect data privacy when a company wants to disclose healthcare data. The legislation made a binding determination on what information must be excluded from a data set in order to sufficiently lower the risk of re-identification of individuals whose data is contained in the data set.
The Safe Harbour rule lists 18 entities that need to be removed in order to de-identify healthcare data which can then be shared with a third party:
- Names
-
All geographic subdivisions smaller than a state, including street address, city, county, precinct, ZIP code, and their equivalent geocodes, except for the initial three digits of the ZIP code if, according to the current publicly available data from the Bureau of the Census:
(1) The geographic unit formed by combining all ZIP codes with the same three initial digits contains more than 20,000 people; and
(2) The initial three digits of a ZIP code for all such geographic units containing 20,000 or fewer people is changed to 000 - Telephone numbers
- Fax numbers
- Vehicle identifiers and serial numbers, including license plate numbers
- Device identifiers and serial numbers
- Email addresses
- Account numbers
- All elements of dates (except year) for dates that are directly related to an individual, including birth date, admission date, discharge date, death date, and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older
- Web Universal Resource Locators (URLs)
- Social security numbers
- Internet Protocol (IP) addresses
- Medical record numbers
- Biometric identifiers, including finger and voice prints
- Health plan beneficiary numbers
- Full-face photographs and any comparable images
- Certificate/license numbers
- Any other unique identifying number, characteristic, or code
Automatically De-Identify Data Accurate Enough To Meet HIPAA Expert Determination Requirements
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule sets a national standard in the US for the protection of individuals’ medical records and other protected health information (PHI). The HIPAA Privacy Rule allows for health information to be de-identified using two methods: the Safe Harbor method, which requires the removal of certain specified identifiers, and the Expert Determination method, where a qualified expert applies statistical or scientific principles to determine whether the risk is “very low” that the information could be used, alone or in combination with other reasonably available information, by an anticipated recipient to identify an individual.
Private AI can help organizations with both HIPAA Safe Harbor and HIPAA Expert Determination requirements.
How Private AI Can Help with HIPAA Compliance
Private AI identifies and redacts all 18 of these entities with higher than human accuracy and directly on premise, meaning that the healthcare organization’s data never leaves its environment. While building the system, Private AI recognized the need for robustness to optical character recognition (OCR) mistakes, grammar errors, and spelling mistakes.
Try our text web demo to see Private AI’s redaction capabilities in action:
Looking to redact files? Try the file web demo.