Safe Harbour Anonymization

 

Next Steps
Home » Solutions » Data Masking » HIPAA » Encrypt, Obfuscate, More

Quick Links

+
Overview Classify & Find PHI Encrypt, Obfuscate, More Risk Score Generalize Services

De-Identify PHI and More

Do you need to encrypt, redact, or otherwise disguise protected health information (PHI) or other personally identifiable information (PII)? And, can you do it in a way that:

  • is safe from hacking, or bypass (gleaning the information from other data)?
  • preserves the original column and field layouts (position, size data type)?
  • keeps the anonymized data real enough for analytics and testing purposes?
  • is convenient, simple, efficient, and affordable?
  • will comply with the HIPAA Safe Harbour rule?

With IRI FieldShield, you can easily classify, find, and remove or otherwise de-identify the key identifiers (and anonymize the quasi-identifiers) in database columns, and in fields within structured and JSON files. With IRI CellShield, you can do the same in Excel 2010 and later spreadsheets. And with IRI DarkShield, you can do the same for PHI values in unstructured files like HL7 and X12, PDF and Word, Excel and PowerPoint, and image files (including burned-in PHI in DICOM formats). All of these data masking products are part of the IRI Data Protector suite, or included free within the IRI Voracity total data management platform.

The data de-identification / obfuscation / masking method you choose will determine the appearance of the masked results, and the likelihood of recovering the original values. See this article ("Which Data Masking Function Should I Use?") for advice.

IRI data masking functions in general (and below, field-level encryption in particular) apply to HITRUST CSF and, as shown below, the HIPAA Privacy Rule for covered entities and business associates. Irreversible obfuscation or outright removal of key identifiers will satisfy the Safe Harbour rule. If you need to preserve quasi-identifiers for analytics (marketing, research, etc.) but further anonymize them through blurring or generalization to comply with the HIPAA Expert Determination Rule, see this page.

45 CFR 164.312, Technical Safeguards

Implement technical policies and procedures to limit EPHI access to only "those persons or software programs that have been granted access rights. These systems must allow for unique user identification, emergency access, automatic logoff, and encryption and decryption.

With column/field-level control, you can use multiple encryption libraries and keys (pass phrases) for field-specific, need-to-know decryption entitlements.

* Transmission security, including two addressable specifications:

  1. Integrity controls -- security measures to ensure that electronically-transmitted PHI is not improperly modified without detection until disposed of, and.
  2. Encryption --  Designation of encryption as an addressable specification is a key departure from the proposed rule, which explicitly required encryption when using open networks. Covered entities now must determine how to protect EPHI "in a manner commensurate with the associated risk."

FieldShield makes encryption another option for field-level protection within tables and files, along with filtering, anonymization, and pseudonymization, while CellShield does the same in Excel. The CoSort SortCL program or various Hadoop masking engines deployed interchangeably in the Voracity platform do as well, and even while running high volume manipulations and reports against massive data sources.

* Hardware, software, and/or procedural methods for providing audit controls

Optional application statistics, and a query-ready XML audit log, record the job script and encryption libraries used to show what, when, how, and by whom the PHI field data was encrypted (and otherwise protected and/or transformed).

* Policies and procedures to protect EPHI from improper alteration or destruction to ensure data integrity. This integrity standard is coupled with one addressable implementation specification for a mechanism to corroborate that EPHI has not been altered or destroyed in an unauthorized manner.

Data that does not decrypt with the proper encryption key suggests that the decrypted field has been compromised. You can trace this through runtime statistics and audit logs that IRI software produces automatically. You can see when and how each field was modified.

* Person or entity authentication, which requires the covered entity to implement procedures that verify that a person or entity seeking access to EPHI is the one claimed to be doing so.

IRI software users can leverage a number of role-based access controls to data sources, and executables.

Frequently Asked Questions (FAQs)

1. What is Safe Harbour de-identification under HIPAA?
Safe Harbour de-identification is a HIPAA-compliant method that removes or irreversibly masks 18 types of key identifiers from protected health information (PHI), ensuring that data cannot be traced back to individuals.
2. How does obfuscation help protect PHI and PII?
Obfuscation disguises sensitive data through irreversible techniques like redaction, encryption, or filtering, making it unreadable to unauthorized users while retaining the data’s structure for safe usage in analytics or testing.
3. What types of data can be de-identified using IRI tools?
IRI tools can de-identify PHI and PII in structured data (databases, CSV files), semi-structured data (JSON, HL7, X12), unstructured documents (PDF, Word, Excel, PowerPoint), and even images like DICOM files with burned-in text.
4. How does IRI FieldShield support Safe Harbour compliance?
IRI FieldShield allows users to classify and de-identify key identifiers using field-level masking techniques like encryption, redaction, and pseudonymization, ensuring Safe Harbour standards are met for HIPAA compliance.
5. Can I use encryption to meet HIPAA Safe Harbour requirements?
Yes, encryption is one valid method under Safe Harbour when it is irreversible and used properly. FieldShield offers multiple FIPS-compliant encryption algorithms that meet HIPAA's technical safeguards.
6. What is the difference between Safe Harbour and Expert Determination?
Safe Harbour relies on removing or irreversibly masking a fixed list of identifiers, while Expert Determination involves statistical analysis to prove a very low re-identification risk using quasi-identifiers.
7. How do IRI tools help preserve data integrity after obfuscation?
IRI tools generate audit logs and runtime statistics to track when, how, and by whom each field was protected. Failed decryptions may also signal data integrity issues or unauthorized tampering.
8. What role does audit logging play in HIPAA compliance?
Audit logging helps demonstrate compliance by recording every masking activity, including encryption libraries used and script execution details, as required under HIPAA’s technical safeguard policies.
9. Can I use different encryption keys for different data fields?
Yes. IRI tools support field-level encryption using separate keys and libraries, enabling role-based access and need-to-know controls on specific data columns or fields.
10. How does IRI software support user authentication and RBAC?
IRI products integrate with access control systems and allow users to enforce role-based permissions, helping to ensure that only authorized users can access or unmask sensitive data.
Share this page

Request More Information

Live Chat

* indicates a required field.
IRI does NOT share your information.

Follow us on

Solutions
Products
Customers
Services
Company
Support
News
Partners

Copyright © 2025 Innovative Routines International (IRI), Inc.

Live Chat More Info Newsletter
Live Demo Free Trial Get Quote

Get the IRI Newsletter

See Previous Newsletters