Protecting against reidentification

FederalStatePrivate Sector

Policymakers should protect people from the harms of disclosure or misuse of all personally identifiable health- and health-related data. This includes data stripped of personally identifiable information because of the ease of reidentification. Policymakers and the private sector should take steps to mitigate consumer risks of data reidentification. Policymakers should develop standards and tests to verify that methods used to mask or strip out identifiable information adequately protect consumers from reidentification. 

Protections should be updated to keep pace with changing technology. State and federal regulators should periodically review and update as appropriate privacy and security laws and regulations to address technology innovations, including consumer-mediated health exchanges, records, and information. 

Privacy standards are developed with strong input from consumers.