The leader in test data management solutions for healthcare firms

The healthcare regulatory overview

The healthcare industry, with its complex nexus of healthcare providers, insurance companies, facilities and patients, generates uniquely vast amounts of data. This data is stored across a range of systems, in a range of places and yet, is required to comply with ever-tightening regulatory standards such as HIPAA, HL7 and NCPDP. Whilst compliance must be enforced, a competitive marketplace forces companies to ensure this does not come at the expense of operational efficiency or ability to access and integrate the data. Accordingly, many major healthcare organisations are now looking for sophisticated solutions to help them achieve the highest possible standards in both compliance and in efficient data management.

Grid-Tools has the experience of working alongside some of the world’s leading healthcare organisations to help them meet these challenges. Using a range of flexible, niche solutions, Grid-Tools helps to deliver:

  • Regulatory and legislative compliance using data masking techniques
  • High quality, rich, re-usable test data
  • Efficient and easy-to-use test data management solutions and software

Creating usable and compliant test data for healthcare institutions

The Privacy Rule at 164.502 (b)(1) of the HIPAA regulation states, "When using or disclosing protected health information or when requesting protected health information from another covered entity, a covered entity must make reasonable efforts to limit protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request."

Thus, in using "test" data or sending test data to another covered entity, the identity of the individual is not necessary to use. Care should be taken to de-identify the data so that individuals identities are not revealed to program testers or other test staff.

Personal Health Information (PHI)

  • Names
  • Geographical subdivisions, such as street address, city, county and zip code
  • All elements of dates (except year) for dates related to the patient including; birth, admission, discharge and death
  • All ages over 89 and all elements of dates (including year) indicative of such age
  • Telephone numbers
  • Fax numbers
  • E-mail addresses
  • Social security numbers
  • Medical record numbers
  • Health plan beneficiary numbers
  • Account numbers
  • Certificate/license numbers
  • Vehicle identifiers and serial numbers
  • Device identifiers and serial numbers
  • URLS
  • IP addresses
  • Biometric identifiers, including finger and voiceprints
  • Full face photographic images and other comparable images
  • All other unique identifying numbers, characteristics or code

For more on how your organisation should be using synthetic data creation for full compliance in development projects, follow this link.

Back to the top