HIPAA Certifications

Privacert provides written declarations of compliance that datasets are sufficiently de-identified for sharing in accordance to the provisions allowed by the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA) as warranted by scientific analyses of the datasets. You may have either a standalone assessment or use the Privacert appliance for ongoing de-identifications. These are further described below.

The first step towards HIPAA certification is to have Privacert perform a Privacert Risk Assessment on your dataset. This provides a scientific report on the identifiability of your dataset -- i.e., a risk assessment identifies how many people may be at risk to re-identification if the dataset is shared. If the outcome of the risk assessment warrants, Privacert will provide you with a written declaration of HIPAA compliance, or may alternatively make recommendations as to simple, manual changes that can be made to achieve HIPAA compliance. In some cases, a Privacert Appliance may be recommended to achieve HIPAA compliance. A Privacert Appliance is a standalone mechanism that automatically de-identifies a dataset in accordance to HIPAA. It provides continuous, on-going de-identification and HIPAA certification.

Below is a schematic overview.

Schematic overview for achieving HIPAA certification from
a Privacert Risk Assessment, with simple changes (if possible),
or by using a Privacert Appliance.

All Privacert certifications are based on the Privacert Compliance Model for HIPAA and are limited by geographic scope. Certifications are valid for a specific amount of time (typically one year). If you need a HIPAA certification, contact a Privacert representative at info@privacert.com, who will walk you through the process.

See also:

• Risk Assessment
• Privacert Appliance
• Data sharing under HIPAA

Related Links