zlacker

Is there any protocol to have masked data similar to healthcare data?

>>runawa+(OP)
I am actually the cofounder of a healthcare company that works with sensitive patient data (vitals, symptom reports, messaging between patients and doctors, lab results, etc). In the process I have found that even HIPAA is not a protocol, it is a largely unspecific set of guidelines for how patient data should be stored and transmitted. If we were to publish a dataset with anonymized patient information (e.g. the Framingham Heart Study) we could probably do so without any legal ramifications - there isn't much in HIPAA that explicitly prohibits or denies using data that has been stripped of PII. However we would never do such a thing since pretty much everyone in our industry is extremely risk-averse.

The only relevant guideline I found on parking citation data was that it is unlawful to look someone else up by their license plate. However, it is entirely possible for someone to do so without detection. My primary concerns, however, were ethical concerns - there were many people for whom you could determine their place of residence, place of work, and financial situation by their license plate's inclusion in these data sets.

>>primit+w1
> In the process I have found that even HIPAA is not a protocol, it is a largely unspecific set of guidelines for how patient data should be stored and transmitted.

Former HIPAA security officer here; to be abundandly clear, there _are_ very specific guidelines for which information must be anonymized.

I don't think you were saying the alternative, just sounded a little like "anything goes" which is definitely not the case.

As for your point about guidelines, that's entirely true - last time I read the section about encryption, it just specified "state of the art encryption" which is... a poor way to specify that.