Ann Waldo, Daniel Barth-Jones, Chris Diaz, David Copeland
Understanding data de-identification and associated safeguards is crucial for privacy lawyers and professionals. We need to understand when data is sufficiently de-identified to be out of scope for a particular privacy law. This workshop will cover:
- A primer on de-identification risk analyses and control methods used to meet HIPAA de-identification and GDPR pseudonymization and anonymization requirements,
- Recent progress in the technical ability to link de-identified data sets using cryptographic tokenization and linkage methods without exposing PHI or PII,
- Innovative real-world ways in which tokenized linking and de-identification are already being used to generate valuable insights, ranging from COVID-19 follow-up research to studies linking oncology treatments to long-term extrinsic data augmenting clinical trials, as well as prospects for future advances,
- Recent changes in the EU/UK anonymization legal landscape, including recent court cases in the EU and regulatory guidance,
- Little-discussed quirks in recent state law, such as oversight requirements and the California ban on the re-identification of de-identified health data, and
- The potential threats to medical research arising from non-harmonized definitions of de-identification, such as that in Delaware law and the ADPPA.
Ann Waldo, Principal, Waldo Law Offices
Daniel Barth-Jones, Privacy Expert in Residence, Privacy Hub By Datavant
Chris Diaz, Associate General Counsel, Privacy & AI (DPO), Medidata
David Copeland, Senior Data Scientist and Privacy Expert, Privacy Hub by Datavant
Readings:
- Why a Systems-Science Perspective is Needed to Better Inform Data Privacy De-Identification Public Policy, Regulation and Law
- Resilience of clinical test de-identified with ‘hiding in plain sight’ to hostile reidentification attacks by human readers
- Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule
- Hiding in Plain Sight: Use of Realistic Surrogates to Reduce Exposure of Protected Health Information in Clinical Text
- Public Policy Considerations for Recent Re-Identification Demonstration Attacks on Genomic Data Sets: Part 1 (Re-Identification Symposium)
- Ethical Concerns, Conduct, and Public Policy for Re-Identification and De-Identification Practice: Part 3 (Re-Identification Symposium)
Adam Greene
Date and Time
This workshop will take place on Wednesday, May 8, 2024, from 1:30 PM to 4:30 PM at the Privacy + Security Forum, May 8-10, 2024, in Washington, DC.
Our Conference
Our event features over 60 concurrent sessions, 2 plenary keynote sessions, and has about 900 participants. CLE credit is available. Please join us!
Adam Greene