HIPAA Services

 

Next Steps
Overview Classify & Find PHI Encrypt, Obfuscate, More Risk Score Generalize Services

PHI Anonymization & HIPAA Data Compliance Services

IRI offers more than just software to protect your PHI. Our Data Masking as a Service, and our available HIPAA Compliance Course, provide end-to-end programs that ensures you know what and where your PHI is and how to protect it -- by yourself, or through us.

See this page for IRI Data Masking as a Service (DMaaS).

 


HIPAA Data Compliance Course

A three-hour online course covering de-identification and risk scoring processes on structured PHI data. It also includes sessions related to compliance certification, breach insurance, and breach claim defense.

Learn More

Frequently Asked Questions (FAQs)

1. What is re-identification (re-ID) risk scoring under HIPAA?
Re-ID risk scoring is a statistical analysis that evaluates how likely it is for someone to be re-identified based on quasi-identifiers in a dataset, in accordance with the HIPAA Expert Determination Method.
2. How does HIPAA define key identifiers vs. quasi-identifiers?
Key identifiers include directly identifying information like names and Social Security Numbers. Quasi-identifiers are indirect attributes—like age, zip code, or gender—that can be combined to identify individuals.
3. What is the HIPAA Expert Determination Method?
The HIPAA Expert Determination Method allows data to be considered de-identified if a qualified expert determines that the risk of re-identification is very small, based on accepted statistical principles and methods.
4. How does IRI perform re-ID risk scoring?
IRI FieldShield and the Voracity platform include a Risk Scoring wizard that analyzes quasi-identifiers in database or flat-file rows and generates statistical risk metrics and visual reports across multiple attack models.
5. What are equivalence classes in re-ID risk scoring?
Equivalence classes are groups of records that share the same combination of quasi-identifiers. Smaller classes indicate higher risk, as fewer records share the same attributes, making re-identification easier.
6. Can I visualize re-ID risk with IRI tools?
Yes. The Risk Scoring wizard in IRI Workbench produces interactive charts that show record distributions, quasi-identifier combinations, and risk levels for each attack model.
7. What are the three attack models used in IRI’s re-ID scoring?
IRI measures re-ID risk based on prosecutor, journalist, and marketer attack models—each simulating a different level of prior knowledge and intent to assess how identifiable data records are.
8. How do I reduce re-identification risk after scoring?
Once you review the risk report, you can generalize, blur, or mask one or more quasi-identifiers using FieldShield. The data can then be re-scored to confirm reduced re-ID probability.
9. Can I reuse the same scoring model after modifying the data?
Yes. The scoring model built in the initial analysis can be reused in FieldShield to re-score updated datasets, making it easy to validate that re-identification risk has been minimized.
10. What is the benefit of using IRI’s re-ID risk scoring for compliance?
It provides objective, statistically supported evidence of HIPAA compliance under the Expert Determination Method and helps guide safe data use for analytics, research, or third-party sharing.
11. Can IRI help if I need an expert statistician?
Yes. IRI can refer you to qualified statisticians who are experienced in evaluating HIPAA re-ID risk assessments and supporting regulatory documentation needs.
12. What file types are supported for re-ID risk scoring?
IRI supports re-ID risk scoring for both structured database tables and delimited flat files that contain sensitive attributes and quasi-identifiers.
Share this page

Request More Information

Live Chat

* indicates a required field.
IRI does NOT share your information.