US ZIP Code, Random Date, and Random Date Time Dynamic Masking Methods for HIPAA Compliance
The main goal is to make time-consuming things easier and less tiresome for our clients. Here you will know about our new dynamic masking methods that can be used for clients who need to comply with HIPAA.
HIPAA is one of the most complex compliance procedures. It protects sensitive patients’ information and has Privacy and Security Rules that must be followed. DataSunrise already has a compliance solution for HIPAA. And every time we are trying to make our product better in different aspects. In version 8.2 of DataSunrise, we made an improvement in Dynamic Data Masking, which will be useful for HIPAA compliance, specifically for the de-identification of sensitive data.
One of the sections of the Privacy Rule provides the standard for de-identification of protected health information. This section contains two approved methods: Expert Determination and Safe Harbor. The Expert Determination method is about applying statistical or scientific principles for data protection. But Safe Harbor demands the removal of different types of identifiers. Both these methods grant minimal risks of individual identification.
We will talk about the Safe Harbor method and how DataSunrise can help to de-identify elements of data described in this method.
The Safe Harbor Method
The Safe Harbor method of de-identification defines what type of unique identifiers of the person’s information must be removed for protection purposes according to HIPAA compliance. The most complicated options are changing the ZIP codes and dates under particular conditions.
As you may know, Safe Harbor demands to implement the changes in ZIP codes in accordance with the number of people. If the geographic units formed by combining all ZIP codes with the same three initial digits contain more than 20,000 people, you should change only the last two digits. The first three can remain the same.
If the geographic units contain 20,000 or fewer people, you should change the initial three digits of ZIP codes together with the last two digits.
DataSunrise provides a dynamic masking method that will help you to solve this problem. With the new masking method, you will be able to mask ZIP codes according to the above requirements without any additional actions. You just need to create a dynamic masking rule and choose the US ZIP Code Masking method. The numbers that need to be erased will be masked with zero values. In the end, the masked data will be like this:
select * from public.ziptable2; zipcolumnreal | zipcolumnmasked ---------------+----------------- 00659 | 00600 03602 | 00000 00544 | 00500 63013 | 63000
Another requirement of Safe Harbor is that you need to remove all elements of data except the year when this information can be associated with the individual. There can be a date of birth, admission date, discharge date, and others. If the individual is more than 89 years the whole data including the year should be changed to the level of 90 years, no matter the fact that the individual can be older than that.
We have implemented two different dynamic masking methods to solve these issues. The first one is Random date with constant year:
select * from public.datetable2; datecolumnreal | datecolumnmasked ----------------+------------------ 1989-01-08 | 1989-08-25 1920-01-08 | 1932-09-22 2010-09-25 | 2010-07-14 2005-12-21 | 2005-04-08 2002-11-06 | 2002-05-07
The second one is Random datetime with constant year:
select * from public.datetimetable; datetimecolumnreal | datetimecolumnmasked -------------------------------+------------------------------- 1989-01-21 06:50:48.552538-08 | 1989-10-22 03:08:28.887081-07 2016-09-27 11:49:23.133797-07 | 2016-08-09 01:20:38.652411-07 1989-06-07 10:28:28.159594-07 | 1989-05-31 12:29:09.773088-07
Therefore, with the help of DataSunrise, you will be able to hide sensitive data according to the Safe Harbor method without any additional actions, time, and resources. Try out these new dynamic masking methods and stay compliant with national and international compliance procedures.