ABSTRACT
Uses of Health Information by an Agent While agents are permitted to access PHI, it is often not necessary for them to have the data in identifiable form for them to perform their functions. When this is the case, it would be best to de-identify that information as a risk mitigation exercise. We consider three attack scenarios by an agent: (1) an insider inadvertently or maliciously causing a data breach, (2) an insider determining the identity of individuals, and (3) risks of breaches at subcontractors. Under these three scenarios, if the data used by the agent were de-identified, then the risks and impact on the data custodian would be significantly reduced.
