When we’re sharing audit reports with the public, one of the most important things is protecting the privacy of everyone involved. To do this, we follow a careful process called deidentification
What is deidentification?
Deidentified records are a commonly used approach in medical research to protect the privacy of individuals whose data is being used. In Australia, the National Health and Medical Research Council (NHMRC) provides guidelines for using deidentified data in research.
According to NHMRC guidelines, deidentified data refers to data stripped of all identifying information that could be used to identify an individual, such as their name, address, date of birth, and other identifying details. This can include data that has been coded or encrypted to prevent identification.
Deidentified data could be used for research purposes without obtaining informed consent from the individual whose data is being used, provided that the data is not likely to cause harm or distress to the individual if it were to be disclosed.
The NHMRC guidelines also provide specific requirements for deidentification techniques to ensure a low risk of re-identification. For example, it is recommended that the data be stripped of direct identifiers such as name and address and indirect identifiers such as occupation or postcode, which could be used in combination to re-identify an individual.
It is important to note that even deidentified data may still carry some risk of identification or re-identification, particularly in small or unique populations. Researchers should ensure that deidentified data is stored and managed securely to minimise the risk of unauthorised access or disclosure.
Several safeguards are implemented to protect deidentified data and minimise the risk of re-identification. Here are some examples:
Access controls: Limit access to the deidentified data only to authorised personnel who have a legitimate need to access it. This can be achieved through user authentication and authorisation, such as requiring strong passwords, two-factor authentication, and access controls that restrict access to specific individuals or groups.
Data encryption: Use encryption techniques to protect the confidentiality and integrity of the deidentified data. Encryption can be applied to the data both in transit and at rest to prevent unauthorised access or disclosure.
Data anonymisation: Use anonymisation techniques to reduce the risk of re-identification further. This can include techniques such as randomisation, generalisation, and perturbation, which modify the data to be less likely to be linked to an individual.
Data masking: Mask or redact sensitive data fields to reduce the risk of identification further. This can include removing or replacing fields that could be used to identify an individual, such as names, addresses, and social security numbers.
Audit trails: Implement an audit trail that logs all access to the deidentified data, including who accessed it, when, and why. This can help identify unauthorised access or disclosure and enable timely intervention to prevent further breaches.
Data retention policies: Develop and enforce policies for the retention and destruction of deidentified data to ensure that the data is not retained longer than necessary and is destroyed securely when it is no longer needed.
By implementing these safeguards, researchers can minimise the risk of re-identification and protect the privacy and confidentiality of the individuals whose data is being used for research purposes.