The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) on Nov. 26 released guidance for covered entities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) concerning methods for deidentifying protected health information (PHI). The HIPAA privacy rule prohibits the use or disclosure of PHI by covered entities in most situations without specific authorization from the patient, unless that PHI has been “de-identified” by stripping out data that could link the information to a specific patient. Read guidance.