Q. I need to provide an insurance company a deidentified sampling of medical records from my practice for initial credentialing. What, precisely, defines a “deidentified” record?
A. Physicians may need to use deidentified records for various purposes, such as research, demographic and public health studies, or operational purposes like credentialing. Deidentified health information as defined by HIPAA is not protected health information (PHI) and thus is not covered by the HIPAA Privacy Rule.
To create a deidentified record according to HIPAA, you must remove all of the following information about a patient, as well as similar information about the patient’s relatives, employer, and household members: