KI Design developed in-house de-identification capacities to enable the secondary use of health data
In House Design
Commercial de-identification tools do not always meet organizations’ needs or answer questions around risk management and business processes. In-house de-identification training enables organizations to develop de-identification strategies and tools for their particular needs and context. Training internal staff in de-identification is often a worthwhile investment for organizations seeking to expand data use and sharing for analytical and research purposes.
Develop technical and business capacities for de-identification within a provincial healthcare organization
KI Design supported a healthcare organization in the development of in-house de-identification capacities to facilitate collaborative research initiatives involving patient data. We provided privacy expertise, recommendations, and practical implementation tools to develop skills and knowledge for an effective de-identification program.
Based on our own hands-on experience implementing de-identification in a variety of contexts, we trained technical and programming staff to perform de-identification according to industry best practices. As the staff began de-identifying a requested data set, we walked them through the process of applying de-identification techniques and evaluating the residual risk of the de-identified data.
KI Design trained business, privacy and security staff in a best-practice approach to risk evaluation, using both risk measurement tools and regulatory standards. We supported staff through the process of risk assessment, documentation, and contractual signing. We instructed business and technical staff in the use of risk evaluation tools and standards used worldwide, and shared our practice-based methodology for evaluating the effectiveness of an organization’s risk management tools and strategies.
- Identified viable and cost-effective de-identification options
- Consulted management to develop an in-house training strategy
- Provided hands-on de-identification training for technical and programming staff
- Provided a threat and risk assessment aligned with regulatory standards
- Educated business, privacy and security staff about risk evaluation tools, standards, and principles
- Hands-on de-identification training for technical and programming staff
- Technical training in the use of risk evaluation tools
- Risk evaluation training for business, privacy and security staff
- Practice-based methodology for evaluating risk management effectiveness