This article is part of the network’s archive of useful research information. This article is closed to new comments due to inactivity. We welcome new content which can be done by submitting an article for review or take part in discussions in an open topic or submit a blog post to take your discussions online.
This is the second in a series of three articles whose focus is to assist Institutional Review Boards in providing guidance to investigators and research administrators who need to comply with data sharing requirements. This article begins with a discussion of how data are prepared for data sharing. We then proceed to the data sharing provisions of the Privacy Rule of the Health Insurance Portability and Accountability Act. (1996) Next, we turn to the topic of deindentification and show why the mere removal of names and addresses may be insufficient to deidentify data- and would, therefore, preclude data sharing under HIPAA and the National Institute of Health confidentiality provisions. An example of a reidentifcation technique is provided. The final section briefly looks at some of the elements of a risk evaluation.