A research collaborator needs clinical data from your records. The clinical content is what matters; HIPAA-protected identifiers have to go. Here's the checklist Safe Harbor expects.
Names and direct identifiers
- Patient name (first, last, middle, nicknames). - Names of relatives, employers, household members. - Account numbers (medical record number, visit number, billing). - Certificate/license numbers (insurance policy, driving license). - Device identifiers and serial numbers (implanted devices, monitors). - Biometric identifiers (fingerprints, voice prints, retinal scans). - Full-face photos and comparable images.
Contact and location
- Geographic subdivisions smaller than state (street, city, county, ZIP for areas with fewer than 20,000 people). - Telephone numbers (mobile, home, work). - Fax numbers. - Email addresses. - IP addresses and URLs (case-by-case).
Dates and other numbers
- All elements of dates (except year) related to the individual: birth, admission, discharge, death. - Vehicle identifiers (licence plate, VIN). - Any other unique identifying number, characteristic or code.
Note: year alone is generally acceptable; full dates aren't unless the recipient is the patient.
Technical verification
- Use a true-redaction tool (Flint, Acrobat Redact). - Verify select-and-copy returns nothing in redacted regions. - Search for known patient name and MRN — should return no hits. - Strip metadata (author, title, comments, system fingerprints). - For scanned records, OCR first then redact text layer and image regions together.
For research releases, document the Safe Harbor process and certify de-identification under HIPAA.
FAQ
Is partial year acceptable?
Year alone is generally acceptable under Safe Harbor for individuals over 89; for those under 89, year is permitted. Day and month must go.
Can I leave city if it's a major city?
ZIP codes can be retained if the geographic unit has at least 20,000 people. Smaller localities must be removed.
What about Expert Determination?
An alternative to Safe Harbor — a statistician certifies that re-identification risk is very small. More permissive on retained identifiers but requires expert review.
Are clinical findings considered identifiers?
Generally no — clinical content (diagnoses, medications, results) is the data being shared. Identifiers tie it to a person; those must be removed.
Eighteen identifiers, one checklist. Redact systematically in Flint and document the process.