De-Identification as a Foundation for Responsible Innovation
In a world where healthcare innovation depends on access to real-world data, safeguarding patient privacy isn’t just a legal obligation, it’s a cornerstone of trust. At Briya, we believe that privacy and progress can go hand in hand. That’s why we’re proud to share a major milestone in our privacy program: the successful completion of HIPAA Expert Determination for our structured data model.
This milestone unlocks new possibilities for privacy-preserving data use across research, analytics, and collaborative healthcare innovation, without compromising regulatory compliance.
What Is Expert Determination, and Why Does It Matter?
Under the HIPAA Privacy Rule, there are two sanctioned paths for de-identifying Protected Health Information (PHI):
- Safe Harbor, which involves the removal of 18 specific types of identifiers, as well as any other unique identifying numbers, characteristics, or codes that could reasonably be used to identify an individual.
While clear and standardized, Safe Harbor often requires removing valuable information, limiting the dataset’s usefulness for research, analytics, and innovation. - Expert Determination, an approach where a qualified statistical or scientific expert applies accepted analytic methods to determine that the risk of re-identification is “very small” (as formally defined under the HIPAA Privacy Rule).
This method enables organizations to preserve richer, more meaningful datasets while maintaining rigorous privacy protections based on the nature of the data, external data sources, and intended use.
Unlike Safe Harbor’s fixed checklist, Expert Determination is dynamic and contextual. It considers statistical risk, external data availability, and how the data will be used and protected, enabling more meaningful data use without compromising privacy standards.
At Briya, our goal was to achieve de-identification without degrading data utility, especially important when working with complex, high-dimensional healthcare data modalities.
How Briya Did It: A De-Identification Process Built for Utility and Trust
Our Expert Determination process followed a rigorous, multi-layered methodology to balance precision with privacy:
Field-by-Field Sensitivity Analysis
Hundreds of structured data elements were examined individually, categorized by their utility and re-identification risk.
Suppression of High-Risk, Low-Utility Fields
Structured fields that presented a higher re-identification risk and contributed little or no analytical value were proactively suppressed (removed) to further strengthen privacy protections without impacting research utility.
Contextual Transformations for Retention of Utility
To maximize data utility while further enhancing privacy protections, the remaining fields were selectively transformed using techniques such as grouping, masking, generalization, and controlled randomization, ensuring the dataset remained analytically meaningful for research, evidence generation, and machine learning applications.
Quantitative Risk Modeling
To ensure the robustness and credibility of our de-identification process, we collaborated with Bradley Malin, Ph.D., Principal Consultant at Privasense and a recognized leader in the field of biomedical informatics and health data privacy.
Dr. Malin conducted the formal Expert Determination, applying advanced statistical risk modeling to rigorously assess and certify that the likelihood of re-identification in our dataset is considered “Very Low”.
His direct involvement ensured that our de-identification approach not only meets regulatory standards but also stands up to real-world scrutiny by healthcare and research organizations.
Ongoing Validity Monitoring
We proactively review and update the de-identification determination whenever there are changes to the data structure, content, or intended use, ensuring that privacy protections remain accurate, effective, and aligned with evolving risk models.
The end result: a fully de-identified, FHIR/OMOP-compliant dataset that is not considered PHI under HIPAA, and therefore not subject to DUAs or BAAs.
Why This Matters: Unblocking Health Data at Scale
This milestone brings substantial benefits to our partners and the broader ecosystem:
Accelerated Innovation
De-identified data can now be used for research, machine learning, AI model development, real-world evidence generation, and more, without regulatory friction.
No BAAs or DUAs Required
The data can be shared and analyzed more freely, reducing administrative complexity and onboarding time.
Regulatory Confidence
With a formally certified risk assessment in place, partners gain assurance that privacy requirements are being met to the highest standards.
Conclusion: Privacy Isn’t Just a Requirement, It’s a Catalyst
At Briya, we believe privacy should empower progress, not inhibit it. Through Expert Determination, we enable organizations to harness real-world health data while maintaining rigorous privacy protections and regulatory confidence.
As healthcare innovation increasingly depends on access to high-quality, real-world data, scalable and trustworthy privacy frameworks like ours are essential.
Briya allows you to accelerate research, drive innovation, and unlock new possibilities, while ensuring that trust, transparency, and compliance remain at the core.
We’re proud to lead this transformation and we invite you to join us in building a future where health data drives real impact, responsibly.
Related articles
5 AI & RWD Sessions at DIA Europe Not to Miss
As one of the largest conferences in the life sciences ...
Read more
Unlocking New Potential with Briya’s Dynamic Datasets
In the ever-evolving world of healthcare research, harn...
Read more
5 Real-World Data Predictions for 2025
What does the future hold for real-world data (RWD)? Lo...
Read more
