• Excerpts from the Final Rule of 8/8/2002 related to computer-based solutions for de-identification under HIPAA (PDF). See also Latanya Sweeney's original public comments to which these HHS excerpts are related (PDF).

• Excerpts from the Final Rule of 8/8/2002:
  1. De-Identification of Protected Health Information (9 pages, PDF).
  2. Limited Data Sets (98 pages, PDF).
  3. Business Associates (4 pages, PDF).
  4. Marketing (2 pages, PDF).
  5. Research (69 pages, PDF).

• On March 27, 2002, the U.S. Department of Health and Human Services published proposed amendments to the Privacy Rule. Latanya Sweeney, as Director of the Laboratory for International Data Privacy at Carnegie Mellon University, submitted public comments to HHS on the proposed modifications to the Privacy Rule (HTML, PDF). Submitted to HHS on 4/26/2002.

• The compliance date for most covered entities (health care providers, health plans, clearinghouses) is April 14, 2003.

• Federal Register containing proposed modifications (PDF). Citation: Office of the Secretary; Standards for Privacy of Individually Identifiable Health Information, Proposed Rule, Federal Register, vol 67, no 59, Wednesday, March 27, 2002.

• De-Identification version 3.1 (PDF) by Workgroup for Electronic Data Interchange (WEDI) - Strategic National Implementation Process (SNIP)'s Security and Privacy Workgroup. December 2001. SNIP is a collaborative of healthcare organizations working to implement standards in healthcare.

• Federal Register containing Privacy Rule (Part1, Part2, Part3, Part4, Regulation only). Citation: 45 CFR Section 160 through 164. Department of Health and Human Services, Office of the Secretary; Standards for Privacy of Individually Identifiable Health Information, Final Rule. February 26, 2001.

• HIPAA's what's new website at HHS.

Related links