The Expert Determination Method is a formal, risk-based approach to de-identification under the HIPAA Privacy Rule. Unlike the Safe Harbor Method, which requires removing 18 specific identifiers, this method allows a qualified statistician to retain or modify certain data elements after mathematically proving the risk of re-identification is sufficiently low.
Glossary
Expert Determination Method

What is Expert Determination Method?
The Expert Determination Method is a HIPAA-compliant de-identification technique where a qualified statistical expert applies accepted principles to determine that the risk of re-identifying an individual from the data is very small.
The expert must document the methodology and analytical results justifying the determination. This approach is critical for clinical AI workflows where removing all identifiers would destroy the utility of longitudinal patient data, enabling richer datasets for model training while maintaining HIPAA compliance.
Key Characteristics of Expert Determination
The Expert Determination method is a formal HIPAA-compliant de-identification technique that relies on statistical rigor rather than simple redaction. It requires a qualified expert to apply accepted principles to ensure the risk of re-identification is very small.
Statistical Rigor vs. Heuristic Redaction
Unlike the Safe Harbor method, which mandates the removal of 18 specific identifiers, Expert Determination uses statistical and scientific principles to measure and mitigate re-identification risk. The expert must document the methods and results that justify the determination, ensuring the approach is defensible and reproducible rather than a simple checklist exercise.
The 'Very Small' Risk Threshold
HIPAA does not define 'very small' with a specific numerical threshold, but industry practice often aligns with thresholds like 0.04 for k-anonymity or cell sizes greater than 3 to 5 individuals. The expert must consider that the risk is vanishingly small in the context of the specific data release, accounting for the recipient's technical capabilities and the availability of external data sets.
Qualified Expert Requirements
The person making the determination must be a qualified statistician or scientist with appropriate knowledge and experience in rendering data non-identifiable. This individual applies generally accepted statistical and scientific principles, and their qualifications, methodology, and analytical results must be fully documented to withstand potential regulatory scrutiny or audit.
Re-identification Risk Assessment
The core of the method involves a formal risk assessment that evaluates three dimensions:
- Prosecutor Risk: The risk that a specific known individual is in the dataset.
- Journalist Risk: The risk that a specific individual can be re-identified by a motivated attacker.
- Marketer Risk: The risk that a record can be linked to an individual at random. The expert must demonstrate that all relevant attack models yield a very small risk.
Managing Data Utility
A key advantage over the Safe Harbor method is the preservation of data utility. Instead of stripping all dates and geographic subdivisions smaller than a state, the expert can apply techniques like generalization (e.g., converting exact birth dates to birth years) or perturbation (adding statistical noise). This retains analytical value for clinical research while still achieving the required privacy protection.
Documentation and Accountability
The expert must produce a formal de-identification attestation that details the specific methods, statistical models, and risk thresholds used. This documentation serves as the legal basis for the covered entity's compliance with the HIPAA Privacy Rule. It must be retained and made available to regulators, demonstrating that the de-identification was not an arbitrary process but a scientifically grounded one.
Expert Determination vs. Safe Harbor Method
A technical comparison of the two permissible HIPAA de-identification methods under 45 CFR §164.514(b).
| Feature | Expert Determination | Safe Harbor |
|---|---|---|
Regulatory Basis | 45 CFR §164.514(b)(1) | 45 CFR §164.514(b)(2) |
Core Mechanism | Statistical or scientific risk analysis | Removal of 18 enumerated identifiers |
Re-identification Risk Threshold | Very small risk as determined by expert | No actual knowledge that data could identify individual |
Requires Qualified Expert | ||
Preserves Data Utility | High (context-dependent) | Low to Moderate (destructive) |
Allows Dates Retention | ||
Allows ZIP Code Retention | ||
Documentation Required | Methods and results of analysis | None explicitly required |
Frequently Asked Questions
Clear, technically precise answers to common questions about the HIPAA-compliant statistical de-identification technique that relies on expert risk assessment rather than checklist-based identifier removal.
The Expert Determination Method is a HIPAA-compliant de-identification technique defined in 45 CFR § 164.514(b)(1) where a qualified statistical expert applies generally accepted statistical and scientific principles to determine that the risk of re-identifying an individual from the data is very small. Unlike the Safe Harbor Method, which requires removing 18 specific identifiers, Expert Determination allows a skilled statistician to evaluate the unique characteristics of a dataset—considering factors like population uniqueness, data granularity, and the availability of external datasets—and certify that the residual identification risk falls below an acceptable threshold. The expert must document the methods and results of the analysis that justify the determination, creating an auditable record of the risk assessment process.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Core concepts and alternative methodologies for rendering protected health information non-identifiable under the HIPAA Privacy Rule.
Safe Harbor Method
The prescriptive alternative to Expert Determination. Requires the removal of 18 specific identifiers including names, dates (except year), geographic subdivisions smaller than a state, and full-face photographs. The covered entity must also have no actual knowledge that the remaining information could be used alone or in combination to identify the individual. Unlike Expert Determination, Safe Harbor provides a bright-line checklist but often results in significant data utility loss, particularly for longitudinal studies requiring precise dates.
Statistical Risk Threshold
The core quantitative benchmark an expert must satisfy. The expert must determine the risk is very small that the information could be used, alone or in combination with other reasonably available information, to identify an individual. While HIPAA does not define a specific numeric threshold, common industry practice and academic precedent often reference a cell size suppression rule (e.g., n<11) or a re-identification risk below 0.05 to 0.09. The expert must document the specific statistical methods used to reach this conclusion.
De-identification
The overarching process under the HIPAA Privacy Rule by which health information is stripped of identifiers so it is no longer considered PHI. Two methods satisfy this standard:
- Expert Determination: Statistical or scientific principles applied by a qualified expert.
- Safe Harbor: Removal of 18 enumerated identifiers. Once de-identified, the data is no longer subject to HIPAA restrictions and can be used for secondary research, algorithm training, and public health analysis without patient authorization.
Re-identification Risk Assessment
The formal analysis conducted by the expert to measure the probability that an individual can be singled out from a dataset. This involves evaluating three key attack vectors:
- Singling Out: Isolating a specific record.
- Linkability: Combining the dataset with external, publicly available data (e.g., voter registries, social media).
- Inference: Deducing sensitive attributes with high probability. The expert must consider reasonably available external data, not just theoretical worst-case scenarios, and document the risk for each vector.
Limited Data Set
A middle-ground classification between fully identified PHI and de-identified data. A Limited Data Set excludes direct identifiers (like names, SSNs, and medical record numbers) but may retain dates of admission, discharge, birth, and death, as well as city, state, and ZIP code. It is not considered de-identified and is still PHI, requiring a Data Use Agreement (DUA) with the recipient that specifies permitted uses and prohibits re-identification. Useful for research where temporal analysis is critical.
HIPAA Privacy Rule
The foundational federal regulation, issued under the Health Insurance Portability and Accountability Act of 1996, that establishes national standards for the protection of individually identifiable health information. The rule governs the use and disclosure of PHI by covered entities (providers, health plans, clearinghouses) and their business associates. Section §164.514(a) specifically defines the de-identification standard, making Expert Determination a legally recognized mechanism to exempt data from the rule's stringent privacy protections.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us