Home  |  HIPAA  |  Assessments  |  Certifications  |  Contact


HIPPA Certifications
Risk Assessments

Privacert provides real-world guidance and certifications that determine whether data are sufficiently de-identified in accordance to specific legal and regulatory requirements. For example, Privacert Risk Assessments and the Privacert HIPAA Standard can assess whether a version of data is sufficiently de-identified under the Health Insurance Portability and Accountability Act (HIPAA), scientifically and legally, so that it can be shared freely and still remain useful.

Privacert's Origins

The HIPAA Privacy Rule provides two mechanisms for sharing patient data freely: (1) the safe harbor provision that lists which fields cannot be released; and, (2) the scientific standard that states that there must be minimal risk of re-identification. The safe harbor provision often yields useless data, and there is no definition of "minimal risk" provided for the scientific standard. Dr. Sweeney's technical and legal insight was to conserve the number of re-identifications allowed in the safe harbor provision while allowing more specificity in fields allowed in the scientific provision.

Dr. Latanya Sweeney and the Data Privacy Lab contributed an operational standard for determining HIPAA compliance that satisfies scientific and legal muster by asserting that a dataset is HIPAA compliant if no more people are identifiable in the subject data release than would be identifiable if the data release satisfied the HIPAA safe harbor provisions [cite, cite]. This approach leverages Dr. Sweeney's previously developed technology for determining the identifiability of data, the Privacert Risk Assessment Server.

Privacert's Success

In 2002, four organizations received licenses to the Privacert Risk Assessment Server in order to use the Privacert Risk Assessment Server to determine whether data were sufficiently de-identifed under HIPAA. During that time, the approach has been highly succesfully and used as the basis for determining re-identification risk in many high profile data sharing arrangments. Customers included large corporations, start-up ventures, and government agencies.

Privacert's Mission

Our current mission is to share our approach and success widely by opening up access to our methods, tools, and results. We believe doing so will help inform policy-makers of actual real-world risks and existing real-world remedies. If successful, we believe American soceity will enjoy data sharing with guarantees of privacy protection while the data remain useful.



Offices of Dr. Sweeney, 64 Linnaean St, Cambridge, MA 02138