Introduction to Clinical Data

Clinical data logClinical data is either collected during the course of ongoing patient care or as part of a formal clinical trial program. Funding agencies, publishers, and research communities are increasingly encouraging researchers to share data, while respecting Institutional Review Board (IRB) and federal restrictions against disclosing identifiers of human subjects.

You should take initial steps to de-identify data for:

  • Protecting data during research projects
  • Preparing data for vetted collaborators, restricted-access or public access data repositories

Clinical Data Terminology

  • Personal Identifiers

    Private information that subjects expect not to be made public that are linked to information associated with a unique individual

    PII: Personally Identifiable Information (NIST SP- 800-122)

    1. Any information maintained by an agency…used to distinguish or trace an individual’s identity
    2. Any other information that is linked or linkable to an individual

    PHI: Protected Health Information 

    1. Created or received by a health care provider
    2. Relating to physical or mental health of an individual or provision of care (past, present, or future) and (i) that identifies or (ii) could be used to identify the individual. (HIPAA's Privacy Rule)
  • Types of Identifying Information

    Identifying information is classified as one of two types: direct and indirect

    Direct Identifiers: HIPAA lists 18 typical direct identifiers for PHI as part of the standards for patient protection used by US Health and Human Services.

    1. Names
    2. All geographic subdivisions smaller than state, including street address, city county, precinct, zip code and their equivalent geocodes, except for the initial three digits of the ZIP code if: the geographic unit formed by combining all ZIP codes with the same three initial digits contains more than 20,000 people; and the initial three digits of a ZIP code for all such geographic units containing 20,000 or fewer people is changed to 000
    3. All elements of dates (except year) for dates that are directly related to an individual, including birth date, admission date, discharge date, death date, and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older
    4. Telephone numbers
    5. Fax numbers
    6. Email address
    7. Social Security numbers
    8. Medical record numbers
    9. Health plan beneficiary numbers
    10. Account numbers
    11. Certificate or license numbers
    12. Vehicle identifiers and serial numbers, including license plate numbers
    13. Device identifiers and serial numbers
    14. Web Universal Resource Locators (URLs)
    15. Internet Protocol (IP) addresses
    16. Biometric identifiers, including finger and voice prints
    17. Full-face photographs and any comparable images - photographs are not limited to images of the face
    18. Any other unique identifying number, characteristic, or code that could uniquely identify the individual

    Indirect Identifiers: Information that can be combined with other information to potentially identify a specific individual.

    1. Place of medical treatment or doctor's name
    2. Gender
    3. Rare disease or treatment
    4. Sensitive data like illicit drug use or other "risky behaviors"
    5. Place of birth
    6. Socioeconomic data, like workplace, occupation, annual income, education, etc.
    7. General geographic indicators, like postal code of residence
    8. Household and family composition
    9. Ethnicity
    10. Birth year or age
    11. Verbatim responses or transcripts
  • Anonymization

    Used as a more broad term to encompass two types of tasks to reduce disclosure risk for identifiers


    • Alter direct identifiers so that the original is no longer useable for analysis.

    • Delete items like social security numbers and replace identifiers with pseudonyms or randomized codes.


  • HIPAA's Privacy Rule

    Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to protect individuals’ medical records and other personal health information

    Limited Data Sets (LDS) -- §164.514(e)

    • Remove or anonymize HIPPA direct identifiers, and "facial" identifiers.

    • Certain dates, geographic location to zip code level, and birth dates may remain.

    • Indirect identifiers may also remain if not easily removed.

    "Safe Harbor" Anonymization Level -- §164.514(b)

    • 18 direct identifiers, 3-digit zip code truncation, and year only dates.

    • Alter indirect identifiers to sufficiently limit "actual knowledge" of data that could, alone or in combination with other information, re-identify a data subject.

    "Expert determination" Statistically De-identified Datasets -- §164.514(b)(1)

    • Remove or mask all direct and indirect identifiers.

    • Statistical techniques can be applied to make remaining risk "very small"

    • A trained statistical professional should be consulted to adequately assist in preparing datasets in order to assess and mitigate disclosure risk.

  • REDCap

    Secure web application for data capture for research studies

    REDCap is a free, secure, web-based application designed to support data capture for research studies. The system was developed by a multi-institutional consortium initiated at Vanderbilt University. Data collection is customized for each study or clinical trial by the research team with guidance from Harvard Catalyst EDC Support Staff. REDCap is designed to comply with HIPAA regulations. 

    REDCap is a mature, secure web application for building and managing online surveys and databases:

    • Design your own survey electronically

    • Share data securely with research staff and external collaborators

    • Built in tools for viewing EPIC data, and limited de-identification

    Available Harvard Licenses:

Additional Resources