Introduction
This page describes a de-identification approach for HL7v2 messages. De-identification supports transmission of messages to CDC's HHS Protect system, the federal health system that receives at-home test results.
De-identification is typically performed by the Data Hub that serves as an intermediary between the mobile testing application and HHS Protect.
Unlike messages sent to federal health systems, messages sent to state and local public health systems are not de-identified.
Principles of de-identification
At-home test reporting data can be reasonably assumed to fall under HIPAA guidelines. These guidelines and de-identification strategies can be found on the HHS website.
Defining where PHI exists in the message
HL7v2 message elements that are changed in the de-identification process are outlined in the table below. Several elements that are not intended to contain PHI are also removed to address potential inclusion of PHI in those elements erroneously. This includes removal of some fields that are not part of the MARS HL7v2 Implementation Guide, in case those fields are present and contain PHI.
| Segment | Component | Title | Change |
|---|---|---|---|
| PID | 3.1 | Patient ID | Remove if PID-3.5 does not equal "PI", "PT", or "SID"; else, no change |
| PID | 5.1 | Patient last name | If empty, no change; else, modify to "DeIdentified" |
| PID | 5.2 | Patient first name | If empty, no change; else, modify to "DeIdentified" |
| PID | 5.3 | Patient middle name | If empty, no change; else, modify to "DeIdentified" |
| PID | 5.4 | Patient name suffix | Remove |
| PID | 5.7 | Patient name type code | Remove |
| PID | 7.1 | Patient DOB | If empty, no change; else, modify to "DeIdentified" |
| PID | 11.1 | Patient street address | If empty, no change; else, modify to "DeIdentified" |
| PID | 11.2 | Patient street address 2 | If empty, no change; else, modify to "DeIdentified" |
| PID | 11.3 | Patient city | If empty, no change; else, modify to "DeIdentified" |
| PID | 13.4 | Patient email | If empty, no change; else, modify to "DeIdentified" |
| PID | 13.6 | Patient phone area code | If empty or "111", no change; else, modify to "DeIdentified" |
| PID | 13.7 | Patient local phone | If empty or "1111111", no change; else, modify to "DeIdentified" |
| ORC | All ORC fields | Common Order segment | Remove |
| OBR | 2.1 | Placer order number | Remove |
| OBR | 3.1 | Filler order number | Remove |
| OBR | 16.1 | Ordering provider ID | Remove |
| OBR | 16.2 | Ordering provider last name | Remove |
| OBR | 16.3 | Ordering provider first name | Remove |
| OBR | 17.2 | Order callback telecom use code | Remove |
| OBR | 17.3 | Order callback telecom equipment type | Remove |
| OBR | 17.4 | Order callback email | Remove |
| OBR | 17.6 | Order callback phone area code | Remove |
| OBR | 17.7 | Order callback local phone | Remove |
| OBX | 14.1 | Observation date and time | Remove |
| OBX | 24.1 | Test performing organization street address | Remove |
| OBX | 24.2 | Test performing organization street address 2 | Remove |
| OBX | 24.3 | Test performing organization city | Remove |
| OBX | 24.4 | Test performing organization state | Remove |
| OBX | 24.5 | Test performing organization zip code | Remove |
| OBX | 24.6 | Test performing organization country | Remove |
| OBX | 24.7 | Test performing organization address type | Remove |
| OBX | 24.8 | Test performing organization other geographic designation | Remove |
| OBX | 24.9 | Test performing organization county | Remove |
| NTE | All NTE fields | Notes and Comments segment | Remove |
| NK1 | All NK1 fields | Next of Kin / Associated Parties segment | Remove |