Skip to content

What is Protected Data

Identifiable data must be protected

The DAC protects individually identifiable health information (PHI) through permitting only certain uses and disclosures of Protected Health Information.

  • All DAC users must review the 18 HIPAA Identifiers prior to accessing DAC data.
  • Commonly found PHI in DAC data include but are not limited to:
    1. unique patient/personal identifier (even if it's made up)
    2. biometric data
    3. elements of dates <year: date of birth, date of death, date of admission/discharge
    4. age in years if  >89
    5. zip code of residence

The DAC protects Personally Identifiable Information (PII) according to the terms of CMS DUAs, which requires compliance with SP800-53 National Institute of Standards and Technology (NIST).  PII is defined as:

  • Information that directly identifies an individual (name, address, social security #, email address, etc.) or;
  • Any information that may identify specific individuals in conjunction with other data elements through indirect identification (gender, race, birth date, geographic indicator, & other descriptors)
  • Commonly found PII in DAC data include but are not limited to all PHI listed above and NPI/Provider identification information

Unsuppressed data must be protected

Unsuppressed data may not be downloaded, reported, published, shared and/or stored outside of the DAC servers.

  • Any documents (manuscript, table, chart, study, report, etc.) created using CMS data must adhere to the minimum cell sizes set forth in the CMS data suppression policy.
    • No cell (e.g. admissions, discharges, patients, services, etc.) containing a value of 1 to 10 can be reported directly AND
    • No cell can be reported that allows a value of 1 to 10 to be derived from other reported cells or information.
    • The cell suppression policy also applies to the reporting of excluded cases.
  • Acceptable ways to suppress data include:
    • Collapse data to achieve cell value > 10
    • Coarsen data to present cell value of 1 to 10

Important Update: DAC staff are working remotely in support of social distancing efforts. As a result, there may be slower than usual response times and reprioritization of work.