AEPD/EDPS: Introduction to the hash function as a personal data pseudonymisation technique
Joint paper on the use of hash techniques in data processing activities as a safeguard for personal data
https://edps.europa.eu/sites/edp/files/publication/19-10-30_aepd-edps_paper_hash_final_en.pdf
IAPP Guide on de-identification (fall 2019)
Spain DPA: AEPD paper on anonymisation (k-anonymity)
Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule
NIST – Privacy Engineering Collaboration Space
” To kick off, we are focusing on de-identification and privacy risk assessment, and welcome feedback on future topics of interest. “
https://www.nist.gov/itl/applied-cybersecurity/privacy-engineering/collaboration-space
Synthea – a Synthetic Patient Population Simulator.
Synthea is a Synthetic Patient Population Simulator. The goal is to output synthetic, realistic (but not real), patient data and associated health records in a variety of formats.
Nice offline tool to generate synthetic patient data..
De-Identification, Reversible and Irreversible Pseudonymisation (NIST + IHE + ISO)
NISTIR 8053 De-Identification of Personal Information (Simson L. Garfinkel)
https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8053.pdf
IHE
Technical Frameworks:
http://www.ihe.net/Technical_Frameworks/#IT
Healthcare De-Identification Handbook:
https://wiki.ihe.net/index.php/Healthcare_De-Identification_Handbook
ISO 25237
ISO/TS 25237 describes the objectives of de-identification to include:
- secondary use of clinical data (e.g., research);
- clinical trials and post-marketing surveillance;
- pseudonymous care;
- patient identification systems;
- public health monitoring and assessment;
- confidential patient-safety reporting (e.g., adverse drug effects);
- comparative quality indicator reporting;
- peer review;
- consumer groups;
- medical device calibration or maintenance.