DIMACS Tutorial: Statistical De-identification of Confidential Health Data with Application to the HIPAA Privacy Regulations

April 30 - May 1, 2009
DIMACS Center, CoRE Building, Rutgers University

Daniel Barth-Jones, Columbia University, db2431 at columbia.edu
Alina Campan, Northern Kentucky University, campana1 at nku.edu
Traian Marius Truta, Northern Kentucky University, trutat1 at nku.edu
Presented under the auspices of the Special Focus on Computational and Mathematical Epidemiology and the Special Focus on Communication Security and Information Privacy.


This DIMACS tutorial will provide researchers, analysts and managers with an overview of the federal HIPAA Privacy regulations and an introduction to the principles and methods of statistical disclosure limitation that can be used to statistically de-identify healthcare data to meet the HIPAA privacy regulations.

Course Objectives

This one and a half day tutorial will provide participants with a detailed overview of the HIPAA privacy regulations, theory and methods for statistical disclosure limitation, and applied examples of disclosure limitation methods. Participants completing the course should be able to:

  1. understand the permissible uses of healthcare data for various purposes under the HIPAA regulations;
  2. conceptualize and document data intrusion scenarios;
  3. understand the basic principles behind the conduct and documentation of statistical disclosure analyses measuring disclosure risks;
  4. understand various disclosure limitation methods;
  5. appreciate the associated trade-offs between disclosure risks and statistical information quality.

Participants will learn about statistical disclosure for various data models (tabular data, microdata, social networks), but the primary focus will be on statistical disclosure for microdata in healthcare databases. While statistical disclosure theory will be covered in some detail, the course orientation will be practical and applied, focusing primarily on providing participants with the knowledge needed to understand the statistical de-identification process for healthcare datasets in accordance with the HIPAA privacy rule and to identify confidentiality problems of potential concern. Upon completion of the course, it is expected that participants would be able to work successfully with statistical disclosure experts providing HIPAA statistical de-identification certifications.

Participants will be provided with lecture slides, and classroom notes. The course will include computer-based presentations on conducting disclosure analyses and implementing disclosure control methods.

Next: Call for Participation
Workshop Index
DIMACS Homepage
Contacting the Center
Document last modified on July 31, 2008.