Daniel Barth-Jones, Ann Waldo, Peter Dumont, Doug Fridsma

Understanding data de-identification and associated safeguards that support compliance with HIPAA and GDPR is an increasingly important part of the requisite knowledge base for privacy and security lawyers and professionals. Having a precise understanding of when data is sufficiently de-identified to be out of scope for a particular privacy law is crucial. This workshop will provide a readily accessible primer for those without statistical or technical backgrounds on de-identification risk analyses and control methods that are used to meet HIPAA de-identification and GDPR pseudonymization and anonymization requirements. Recent progress in the technical ability to link de-identified data sets using cryptographic tokenization and linkage methods without exposing PHI or PII will be addressed. We’ll describe innovative ways in which tokenized linking and de-identification are already being used to generate valuable insights, ranging from COVID-19 follow-up research to studies linking oncology treatments to long-term real-world data, as well as explore potential future benefits. We’ll also explain little-discussed quirks in recent state law, such as the California ban on the re-identification of de-identified health data, and discuss the potential threats to medical research if non-harmonized definitions of de-identification, such as that in the ADPPA, are enacted into law.

Daniel Barth-Jones, Principal Privacy Expert, Privacy Hub by Datavant
Ann Waldo, Principal, Waldo Law Offices
Peter Dumont, Chief Privacy Officer, Optum
Doug Fridsma, Head of Government Partnerships, Datavant


Ann Waldo
Ann Waldo

Waldo Law Offices

Daniel Barth Jones
Daniel Barth-Jones

Principal Privacy Expert
Privacy Hub by Datavant

Head of Government Partnerships

Chief Privacy Officer
Optum Labs