Daniel Barth-Jones, Ann Waldo, Claire Manneh, Andrew Kopelman
Understanding data de-identification and associated safeguards is crucial for privacy lawyers and professionals. We need to understand when data is sufficiently de-identified to be out of scope for a particular privacy law. This workshop will cover:
- A primer on de-identification risk analyses and control methods used to meet HIPAA de-identification and GDPR pseudonymization and anonymization requirements,
- Recent progress in the technical ability to link de-identified data sets using cryptographic tokenization and linkage methods without exposing PHI or PII,
- Innovative real-world ways in which tokenized linking and de-identification are already being used to generate valuable insights, ranging from COVID-19 follow-up research to studies linking oncology treatments to long-term extrinsic data augmenting clinical trials, as well as prospects for future advances,
- Recent changes in the EU/UK anonymization legal landscape, including recent court cases in the EU and regulatory guidance,
- Little-discussed quirks in recent state law, such as oversight requirements and the California ban on the re-identification of de-identified health data, and
- The potential threats to medical research arising from non-harmonized definitions of de-identification, such as that in Delaware law and the ADPPA.
Ann Waldo, Principle, Waldo Law Offices
Daniel Barth-Jones, Principal Privacy Expert, Privacy Hub by Datavant
Claire Manneh, Head of Provider Research, Datavant
Andrew Kopelman, SVP, DCG, and Chief Privacy Counsel, Medidata
Date and Time
This workshop will take place on Wednesday, November 8, 2023, from 1:30 PM to 04:30 PM at the Privacy + Security Forum, November 8-10, 2023, in Washington, DC.
Our event features over 50 concurrent sessions, 2 plenary keynote sessions and has 800+ participants. CLE credit is available.
Please join us!