Below are the set of rules ( in plain english psuedocode ) that we are applying to OpenMRS Patients and their encounters to de-identify them. This is a work in progress.
For a org.openmrs.Patient and org.openmrs.Person Object we need to remove the 18 PHI Identifiers:
- Names
- Remove all their names ( a patient can have multiple names in OpenMRS with a preferred name ). Optionally we can then fill in a randomly chosen name.
- Geographic data
- Remove their addresses ( a patient can have multiple addresses ). Optionally we can generate a random address based on some criteria.
- All elements of dates
- Telephone numbers
- These are likely include in a Person's extra attribute data.
- FAX numbers
- These are likely include in a Person's extra attribute data.
- Email addresses
- These are likely include in a Person's extra attribute data.
- Social Security numbers
- Medical record numbers
- We will need to remove each Patient's PatientIdentifier ( a Patient can have multiple of these. ) Optionally, we can fill in a randomly generated one.
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers including license plates
- Device identifiers and serial numbers
- Web URLs
- Internet protocol addresses
- Biometric identifiers (i.e. retinal scan, fingerprints)
- Full face photos and comparable images
- Any unique identifying number, characteristic or code