Anonymization notes

What data fields in a patient record should be anonymized?

• name
• phone number
• additional phone number and contact field
• notes field (it could have sensitive names or numbers in it)

What information should be kept for reporting?

• city
• state
• zip code (maybe)
• income
• employment
• family size
• age
• race (used in grants)
• clinic information

Who should see anonymized records?

• only users with appropriate permissions (not regular users) are able to do reporting
• so once records are anonymized, the data should only be accessible through the reporting interface

When should records be anonymized?

• 6 months after last contact with the patient
• OR
• 2 months after the pledge is paid (when treasurer writes actual check to clinic - after a pledge is paid is paid, never expect to need to know patient’s personal info again)

How can a case manager create multiple records which have the same phone number, in the case that the patient had multiple pregnancies? (Currently, phone number is required to be unique to prevent duplicates.)

• Have run into this situation a few times in last months
• Example: helped someone in september, and it hasn’t been 2 months since pledge was paid. now patient needs help again in december. but most common situation is dcaf helps someone, and 4-6 months later they call back.
• need some way to manually make records so phone number doesn’t count, but they stay on regular anonymization schedule - this can’t be easy to do; and maybe need to be undone (without creating a duplicate record if new record was entered)
• basically, need an inactive state, where record is still searchable (because budget reasons, etc)

Action Items:

• Confirm the rule for when records are automatically anonymized
• Ask tech about possibility of middle state (between an anonymized record and an active record)