Anonymization notes

What data fields in a patient record should be anonymized?

• name
• phone number
• additional phone number and contact field
• notes field (it could have sensitive names or numbers in it)

What information should be kept for reporting?

• city
• state
• zip code (maybe)
• income
• employment
• family size
• age
• race (used in grants)
• clinic information

Who should see anonymized records?

• only users with appropriate permissions (not regular users) are able to do reporting
• so once records are anonymized, the data should only be accessible through the reporting interface

When should records be anonymized?

• 6 months after last contact with the patient
• OR
• 2 months after the pledge is paid (when treasurer writes actual check to clinic - after a pledge is paid is paid, never expect to need to know patient’s personal info again)

How can a case manager create multiple records which have the same phone number, in the case that the patient had multiple pregnancies? (Currently, phone number is required to be unique to prevent duplicates.)

• Have run into this situation a few times in last months

Action Items:

• Confirm the rule for when records are automatically anonymized
• Ask tech about possibility of middle state (between an anonymized record and an active record) - no need for this, will retain a unique patient id