Skip to main content

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

HL7v2 Message De-identification for sending to HHS Protect

Introduction

This page describes a de-identification approach for HL7v2 messages.  De-identification supports transmission of messages to CDC's HHS Protect system, the federal health system that receives at-home test results.

De-identification is typically performed by the Data Hub that serves as an intermediary between the mobile testing application and HHS Protect.

Unlike messages sent to federal health systems, messages sent to state and local public health systems are not de-identified.

Principles of de-identification

At-home test reporting data can be reasonably assumed to fall under HIPAA guidelines. These guidelines and de-identification strategies can be found on the HHS website.

Defining where PHI exists in the message

HL7v2 message elements that are changed in the de-identification process are outlined in the table below. Several elements that are not intended to contain PHI are also removed to address potential inclusion of PHI in those elements erroneously. This includes removal of some fields that are not part of the MARS HL7v2 Implementation Guide, in case those fields are present and contain PHI.

Segment Component Title Change
PID 3.1 Patient ID Remove if PID-3.5 does not equal "PI", "PT", or "SID"; else, no change
PID 5.1 Patient last name If empty, no change; else, modify to "DeIdentified"
PID 5.2 Patient first name If empty, no change; else, modify to "DeIdentified"
PID 5.3 Patient middle name If empty, no change; else, modify to "DeIdentified"
PID 5.4 Patient name suffix Remove
PID 5.7 Patient name type code Remove
PID 7.1 Patient DOB If empty, no change; else, modify to "DeIdentified"
PID 11.1 Patient street address If empty, no change; else, modify to "DeIdentified"
PID 11.2 Patient street address 2 If empty, no change; else, modify to "DeIdentified"
PID 11.3 Patient city If empty, no change; else, modify to "DeIdentified"
PID 13.4 Patient email If empty, no change; else, modify to "DeIdentified"
PID 13.6 Patient phone area code If empty or "111", no change; else, modify to "DeIdentified"
PID 13.7 Patient local phone If empty or "1111111", no change; else, modify to "DeIdentified"
ORC All ORC fields Common Order segment Remove
OBR 2.1 Placer order number Remove
OBR 3.1 Filler order number Remove
OBR 16.1 Ordering provider ID Remove
OBR 16.2 Ordering provider last name Remove
OBR 16.3 Ordering provider first name Remove
OBR 17.2 Order callback telecom use code Remove
OBR 17.3 Order callback telecom equipment type Remove
OBR 17.4 Order callback email Remove
OBR 17.6 Order callback phone area code Remove
OBR 17.7 Order callback local phone Remove
OBX 14.1 Observation date and time Remove
OBX 24.1 Test performing organization street address Remove
OBX 24.2 Test performing organization street address 2 Remove
OBX 24.3 Test performing organization city Remove
OBX 24.4 Test performing organization state Remove
OBX 24.5 Test performing organization zip code Remove
OBX 24.6 Test performing organization country Remove
OBX 24.7 Test performing organization address type Remove
OBX 24.8 Test performing organization other geographic designation Remove
OBX 24.9 Test performing organization county Remove
NTE All NTE fields Notes and Comments segment Remove
NK1 All NK1 fields Next of Kin / Associated Parties segment Remove