Empowering Data-Driven Stroke Treatment

Compliance

Addressing Requirements of the Health Insurance Portability and Accountability Act (HIPAA)

“The increasing adoption of health information technologies in the United States accelerates their potential to facilitate beneficial studies that combine large, complex data sets from multiple sources. The process of de-identification, by which identifiers are removed from the health information, mitigates privacy risks to individuals and thereby supports the secondary use of data for comparative effectiveness studies, policy assessment, life sciences research, and other endeavors.”*

De-identification is particularly valuable in the context of personal health information (PHI). For example, personal health information is essential for public health surveillance and health-related research. It is also used for a variety of legally authorized purposes such as planning, delivering, evaluating and monitoring health programs or services, and improving the quality of care. The availability of information for such purposes results in enormous benefits for individuals and society at large by improving health-care programs and services and by improving the effectiveness of the health-care system. Health research can provide critical information about disease trend risk factors, outcomes of treatment, and patterns of care — it has led to significant discoveries including the development of new treatments and therapies.”**

The NeuroVascular Research Foundation (NVRF), the entity that manages INSTOR, employed an independent HIPAA expert, Dr. Bradley Malin, to evaluate INSTOR. As a third party expert, Dr. Malin was tasked with examining the data collected by INSTOR, as well as the functions and analytic capabilities of INSTOR, and the reports thus generated. Dr. Malin confirmed that INSTOR uses only de-identified data and is thus excluded from PHI rules.

*Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule; http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/De-identification/guidance.html#rationale

**Institute of Medicine, Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health through Research. Washington, DC, The National Academies Press, 2009.)