De-identification is the process by which Protected Health Information (PHI) is stripped of specific direct and indirect identifiers, rendering the data no longer subject to the HIPAA Privacy Rule. The goal is to create a data set that cannot reasonably be used to identify an individual, enabling secondary use for research, analytics, and operational improvement without patient authorization.
Glossary
De-identification

What is De-identification?
De-identification is the process of removing specified identifiers from a health information data set so that the remaining information is no longer considered Protected Health Information (PHI) under the HIPAA Privacy Rule.
HIPAA prescribes two distinct methods for achieving de-identification: the Safe Harbor Method, which requires the removal of 18 enumerated identifiers, and the Expert Determination Method, where a qualified statistician certifies that the risk of re-identification is very small. Critically, the covered entity must also have no actual knowledge that the remaining information could be used alone or in combination to identify the subject.
The Two HIPAA De-identification Methods
The HIPAA Privacy Rule provides two distinct, formal methods for achieving de-identification of Protected Health Information (PHI): the Expert Determination Method and the Safe Harbor Method. Both result in data that is no longer subject to HIPAA regulations.
The Safe Harbor Method
A prescriptive, checklist-based approach requiring the removal of 18 specific identifiers from the data set. These identifiers include names, geographic subdivisions smaller than a state, all elements of dates (except year) directly related to an individual, telephone numbers, fax numbers, email addresses, Social Security numbers, medical record numbers, health plan beneficiary numbers, account numbers, certificate/license numbers, vehicle identifiers and serial numbers including license plates, device identifiers and serial numbers, URLs, IP addresses, biometric identifiers including finger and voice prints, full-face photographic images and any comparable images, and any other unique identifying number, characteristic, or code. The covered entity must also have no actual knowledge that the remaining information could be used alone or in combination to identify the individual.
The Expert Determination Method
A statistical approach where a qualified expert applies generally accepted statistical and scientific principles to determine that the risk of re-identification is very small. The expert must document the methods and results of the analysis that justify this determination. This method allows for the retention of certain identifiers that would be prohibited under Safe Harbor, provided the expert can demonstrate that the data, alone or in combination with other reasonably available information, poses a minimal re-identification risk. The expert must consider factors such as the degree of uniqueness of the remaining data elements and the availability of external data sources that could be used for re-identification.
The 18 Safe Harbor Identifiers
The Safe Harbor method mandates the removal of these specific identifiers:
- Names of individuals, relatives, employers, or household members
- Geographic subdivisions smaller than a state (street address, city, county, precinct, ZIP code with initial three digits if population > 20,000)
- All date elements (except year) directly related to an individual: birth date, admission date, discharge date, date of death, and all ages over 89
- Telephone and fax numbers
- Email addresses
- Social Security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers including license plate numbers
- Device identifiers and serial numbers
- Web URLs
- IP addresses
- Biometric identifiers including finger and voice prints
- Full-face photographic images and any comparable images
- Any other unique identifying number, characteristic, or code
Limited Data Sets: A Middle Ground
A Limited Data Set (LDS) is PHI that excludes only 16 of the 18 Safe Harbor identifiers, retaining dates and geographic information. It is not fully de-identified and remains subject to HIPAA. Use requires a Data Use Agreement (DUA) between the covered entity and recipient, specifying permitted uses and disclosures, and prohibiting re-identification. LDS is commonly used for research, public health, and healthcare operations where temporal or geographic analysis is necessary but full PHI is not required.
Re-identification Risks and Prohibitions
Under both methods, the covered entity must not have actual knowledge that the remaining information could identify the individual. De-identified data may be re-identified only through a specific process using a re-identification code assigned by the covered entity, which must not be derived from or related to the individual's information. Any attempt to re-identify de-identified data outside this process is a violation of HIPAA and may incur civil and criminal penalties. The increasing availability of large public datasets and advanced linkage algorithms makes re-identification risk assessment a dynamic, ongoing challenge.
Choosing the Right Method
The choice between Safe Harbor and Expert Determination depends on the intended use of the data. Safe Harbor is simpler and provides a clear compliance path but results in significant data loss, potentially destroying clinical utility. Expert Determination preserves richer data for research and analytics but requires a qualified statistical expert and a documented, defensible methodology. For AI and machine learning applications in healthcare, Expert Determination is often preferred to retain the granularity needed for model training, provided the re-identification risk is demonstrably very small.
Frequently Asked Questions
Clear, technical answers to the most common questions about removing protected health information from clinical datasets to achieve HIPAA compliance.
De-identification is the process of removing specified identifiers from a health information data set so that the remaining information is no longer considered Protected Health Information (PHI) under the HIPAA Privacy Rule. Once data is properly de-identified, it is no longer subject to HIPAA's use and disclosure restrictions. The HIPAA Privacy Rule provides two distinct methods to achieve de-identification: the Safe Harbor method and the Expert Determination method. A covered entity or business associate must satisfy all requirements of one of these methods to consider the data de-identified. The standard is not risk elimination but risk mitigation to a "very small" level as defined by the regulation.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
De-identification is a multi-faceted discipline. Explore the regulatory frameworks, technical methods, and adjacent privacy-enhancing technologies that form the complete data protection ecosystem.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us