Daniel Barth-Jones, Ann Waldo, Claire Manneh, Andrew Kopelman
Understanding data de-identification and associated safeguards is crucial for privacy lawyers and professionals. We need to understand when data is sufficiently de-identified to be out of scope for a particular privacy law. This workshop will cover:
- A primer on de-identification risk analyses and control methods used to meet HIPAA de-identification and GDPR pseudonymization and anonymization requirements,
- Recent progress in the technical ability to link de-identified data sets using cryptographic tokenization and linkage methods without exposing PHI or PII,
- Innovative real-world ways in which tokenized linking and de-identification are already being used to generate valuable insights, ranging from COVID-19 follow-up research to studies linking oncology treatments to long-term extrinsic data augmenting clinical trials, as well as prospects for future advances,
- Recent changes in the EU/UK anonymization legal landscape, including recent court cases in the EU and regulatory guidance,
- Little-discussed quirks in recent state law, such as oversight requirements and the California ban on the re-identification of de-identified health data, and
- The potential threats to medical research arising from non-harmonized definitions of de-identification, such as that in Delaware law and the ADPPA.
Ann Waldo, Principle, Waldo Law Offices
Daniel Barth-Jones, Principal Privacy Expert, Privacy Hub by Datavant
Claire Manneh, Head of Provider Research, Datavant
Andrew Kopelman, SVP, DCG, and Chief Privacy Counsel, Medidata
Readings:
TBD
Date and Time
This workshop will take place on Wednesday, November 8, 2023, from 1:30 PM to 04:30 PM at the Privacy + Security Forum, November 8-10, 2023, in Washington, DC.
Our Conference
Our event features over 50 concurrent sessions, 2 plenary keynote sessions and has 800+ participants. CLE credit is available.
Please join us!
Kashmir Hill
