De-Identification Images Best Practices

Research Privacy/Data Broker Services provides guidelines for de-identifying provisioned photographs to University/UHealth employees. These guidelines are subject to updates based on new de-identification features for images

Read the Policy

Accordion Group

Open All Tabs
  • Expectations

    When researchers are provided with images, there are several key expectations to ensure that the use of images in research is conducted ethically and responsibly, protecting the rights and privacy of participants while enabling valuable scientific inquiry.

    Expectations Description
    Data Privacy and Confidentiality
    • Researchers must ensure that the privacy of participants is protected. This includes anonymizing images where necessary and implementing robust data security measures to prevent unauthorized access.
    Ethical Use
    • Researchers should use the images strictly for the purposes outlined in their research proposal.
    Transparency
    • Researchers need to be transparent about how the images will be used, stored, and shared. This includes providing clear information to participants (if applicable) about the scope and nature of the research.
    Compliance with Regulations
    • Researchers must comply with all relevant legal and institutional regulations regarding the use of images in research.
    Documentation and Reporting
    • Proper documentation of how images are used in the research is essential. This includes maintaining records of consent (if applicable), data handling procedures, and any analysis conducted using the images.
    Respect for Participants
    • Researchers should respect the dignity and rights of participants whose images are used. This includes avoiding any use of images that could cause harm or distress to the participants.

  • Agreements/Authorizations for Research

    Item Details Recommended Forms
    Research Photo Authorization
    • If identifiable photos are being obtained for the purposes of a research study, then language to this effect should be explicitly included in the Informed Consent Form (ICF)/authorization documents.
    • Human Subjects Research Office (HSRO) – Research Authorization/Release for Photography or Audio/Video Recordings in a Research Study.
    • Research ICF/Authorization language
    • HSRO Authorization for Photography or Audio/Video Recordings
    Waiver of Informed Consent
    • An IRB waiver of informed consent for sharing images with researchers allows the use of images in research without obtaining explicit consent from participants under certain conditions.
    • HRP-410-CHECKLIST: Waiver or Alteration of Consent Process
    Current Partnership Related to Vendor
    • If identifiable images are being obtained to be shared with external vendors for AI research, the UHealth HIPAA Contracts team is available to conduct/execute an assessment for a Business Associate Agreement (BAA).
    • Business Associate Agreement (BAA)
    Other Applicable Agreements
    • If photos are being shared with an external entity, then depending on specifics of the project/collaboration, a suitable agreement needs to be executed.
    • Health Medical Communications, Supply Chain/Business Services and/or General Counsel can be reached for guidance and/or approval.
    • Use of Name Agreement
    • Collaboration Agreement
    • Other applicable agreements
    Future Partnership Related to Vendor
    • The UHealth HIPAA Contracts team is available to conduct an assessment for a Business Associate Agreement (BAA) when there is a need to share images containing personal identifiers with a vendor for de-identification purposes.
    • BAA Determination Requests may be sent to HIPAAContracts@miami.edu.
    • If there is no need for a BAA, then a different agreement type may be necessary depending on the specifics of the relationship.
    • Business Associate Agreement (BAA)

  • Agreements/Authorizations for Non-Research

    Item Details Recommended Forms
    Patient Photo Authorization
    • Recommended to obtain a patient photo authorization form for any non-direct related healthcare reason.
    • Examples include marketing and publication.
    • Health Information Management (HIM) Authorization/Release for Photography or Audio/Video Recording form
    Other Applicable Agreement
    • If photos are being shared with an external entity, then depending on the specifics of the project or collaboration, a suitable agreement needs to be executed.
    • UHealth Medical Communications, Supply Chain/Business Services, and/or General Counsel can be reached for guidance and/or approval.
    • Use of Name Agreement
    Future Partnership Related to Vendor
    • The UHealth HIPAA Contracts team is available to conduct an assessment for a Business Associate Agreement (BAA) when there is a need to share images containing personal identifiers with a vendor for de-identification purposes.
    • BAA Determination Requests may be sent to HIPAAContracts@miami.edu.
    • Business Associate Agreement (BAA)

  • What is De-Identification?

    De-identification is the process of removing or obscuring personal identifiers from data sets, such as photographs, to protect the privacy of individuals. This reduces the risk that the data can be traced back to the individual, thereby complying with privacy regulations like HIPAA. In the context of images, de-identification involves removing or altering features that could reveal the identity of the person, such as faces, tattoos, distinctive marks, and related metadata.

    De-Identification Process

    Step Details
    Project Team De-identification Process
    • Document the de-identification process, including how images will be de-identified, where the de-identified images will be stored, who will validate the de-identified images, and the process for transferring the de-identified images to the vendor if required.
    • De-identifying photos involves removing or altering information that can be used to identify individuals. This is especially important when handling Protected Health Information (PHI) under HIPAA.
    Patient Consent
    • If possible, obtain consent from individuals in the photo for the specific use of their de-identified images in the interest of transparency. There is always a risk of re-identification, especially for facial images.
    Data Sharing
    • Photos may be shared internally with authorized team members involved in the de-identification process.
    • UHealth IT offers several options to provision images:
      •    UM Box
      •    UHealth IT File Share
      •    UHealth-managed Cloud Storage (if applicable)
    • For large volumes (1TB–5TB), complete the “UHealth IT Create a New File-Share or Request a Space Increase” form to properly provision storage.
    Safe Harbor Guidance
    • Follow HIPAA Safe Harbor guidance, which includes removing all 18 types of identifiers (e.g., names, geographic details smaller than a state, full dates except the year, and other unique codes or numbers).
    • Some identifying data can be embedded within the photo file or in its metadata.
    Important Note
    • De-identification reduces but does not eliminate the risk of identifying individuals.
    • Review the Agreements/Authorizations for Research and Non-Research sections.•Review policies HP 44.0 (Creation of Fully De-Identified Information) and HP 43.0 (Receipt of Facially De-Identified Information).
    • Always consider the context of how de-identified photos will be used and whether re-identification is possible.
    • Consult UHealth IT for data-sharing options or Research Privacy/Data Broker for de-identification best practices.
    • Refer to official HHS documentation for detailed guidance on de-identification methods.

  • De-Identification Process Phases

    Phase Details
    Preparation Phase
    • Assessment of Images: The study team assesses the images to identify any potential identifiers that need to be removed.
    • Expert Determination: Engage the data custodian/data steward to analyze the risk of re-identification. They should understand methods used to mask or remove identifiers and evaluate the likelihood that a person could still be recognized.
    • Consultation: If needed, consult with IT for initial de-identification guidance in complex cases. UHealth Imaging Groups/Admins may also serve as a resource.
    De-Identification Phase
    • Removal of Identifiers: Using image editing software, remove or obscure all direct and indirect identifiers such as faces, tattoos, scars, birthmarks, jewelry, clothing, photos of distinctive injuries, or other unique features.
    • Sensitive Content: Remove sensitive content from PDFs using Adobe Acrobat.
    • Tagging: Images without Patient Numbers and names should be tagged with an alternate identifier, especially when additional information (e.g., demographics, SDOH) must accompany them for project requirements.
    • Pixelation or Blurring: Apply pixelation or blurring to faces or other identifiable features at a level sufficient to prevent recognition. 
    • Cropping: Crop out parts of the image containing identifiable details such as name tags, house numbers, or distinctive landmarks.
    • Overlays: Use solid color overlays to cover faces or other personal identifiers.
    • Metadata Removal: Remove all metadata, including location information, timestamps, and any embedded identifiers.
    • Quality Check: Perform a quality check to ensure all identifiers are removed and that edits cannot be reversed using the same or alternate software.
    Validation Phase
    • Internal Review: Designated team members should review de-identified images to verify that identifiers were properly removed.
    • Documentation: Document the validation process, noting the reviewer, date, and any issues identified.
    Storage Phase
    • Secure Storage: Store images in approved UM storage locations within an access-controlled environment.
    • Backup: Maintain backups stored separately to prevent data loss.
    Transfer Phase (if applicable)
    • Secure Transfer: When sharing images with a vendor, use secure transfer methods such as encrypted email or secure file transfer protocols. Consult UHealth IT Cybersecurity for guidance based on file size, frequency, and volume.
    • HIPAA Requirement: A UHIT Governance, Risk, and Compliance–HIPAA Request Form is required for any data transmission involving PHI fields.
    • Record Keeping: Maintain documentation of all transfers, including the recipient, date, and method used.
    Receipt Phase (if applicable)
    • Secure Transfer: When receiving images from a vendor, use secure transfer methods such as encrypted email or secure file transfer protocols. Consult UHealth IT Cybersecurity as needed.
    • HIPAA Requirement: A UHIT Governance, Risk, and Compliance–HIPAA Request Form is required for receipt of images including PHI fields.
    • Record Keeping: Maintain documentation of all receipts, including the recipient, date, and method used.
    • Review policy HP 43.0 – Receipt of Facially De-Identified Information (PolicyStatID:8863595).
    Ongoing Monitoring
    • Regularly review de-identification standards as technology and re-identification techniques evolve.
    • Updates to Process: Incorporate new de-identification techniques as needed.
    Training
    • Staff Training: Provide regular training to staff involved in de-identification to ensure awareness of current guidelines and techniques.
    • Refresher Courses: Offer refresher courses to maintain up-to-date knowledge and respond to emerging challenges.
    Compliance
    • Regulatory Compliance: Ensure the de-identification process complies with applicable regulations such as HIP
    • Regulatory Compliance: Ensure the de-identification process complies with applicable regulations such as HIPAA and relevant UM policies.
    • Research Privacy/Data Broker Service – OVPRS Last Updated: 12/16/2024.
      • Documentation for Compliance: Keep detailed records of the de-identification process to demonstrate compliance during audits or inspections.
      • Consider if there is a need to retain identifiable images.

  • De-Identification Common Challenges

    Item Details
    Complex Identifiers
    • Identifiers in images can be more complex than text. Scars, tattoos, unique markings, and elements in the background of a photo may reveal personal information.
    Quality of De-identification
    • Ensuring that de-identification is thorough while maintaining the usefulness of the image for research or clinical purposes can be challenging.
    Re-identification Risks
    • There is always a risk that de-identified data can be re-identified, particularly with advancements in technology and data linkage methods.
    Balancing Privacy and Utility
    • Achieving an appropriate balance between protecting patient privacy and retaining the scientific or clinical value of images requires careful consideration.
    Legal and Ethical Considerations
    • Navigating legal requirements for de-identification and ensuring ethical use of images can be complex and may require expert consultation.
    Consistency
    • Maintaining consistent de-identification practices across datasets and over time is essential for ensuring comparability.
    Time and Resources
    • De-identification can be time‑consuming and resource‑intensive, especially when managing large datasets.
    Training and Awareness
    • Ensuring that all personnel involved in the process are properly trained and understand the importance of thorough de-identification is essential.
    Evolving Standards
    • Staying up to date with evolving standards, best practices, and regulatory changes in de-identification is necessary as technology continues to advance.

  • Precautions using Cloud-based applications for De-Identification

    Step Details
    Study Team
    • Cloud-based applications for de-identification of images can be tempting to use, but it is important to take precautions to ensure data security and privacy.
    Data Security & Privacy
    • Storing and processing images in the cloud can expose them to potential data breaches. Always use UM-approved and managed resources.
    • Ensuring that sensitive images are protected from unauthorized access is crucial.
    • Many applications require uploading identifiable images before they can be de-identified. It may not be clear whether the original identifiable image remains stored in the application, even if not visible.
    • Uploading images to any server or storage location outside UM/UHealth is considered a disclosure of information. Therefore, a Business Associate Agreement (BAA) or Data Use Agreement (DUA) must be established with the owner of that destination.
    • Only use applications that have been reviewed and vetted by UM/UHealth IT or otherwise approved through an agreement or a University/UHealth Compliance area.
    Compliance and Legal Concerns
    • Compliance with data protection regulations such as GDPR or HIPAA can be challenging.
    • Non-compliance can result in legal penalties and loss of trust.
    Misconfiguration Risks
    • Incorrectly configured cloud services can leave data vulnerable.
    • Misconfigurations are a common cause of data leaks and often occur due to human error.
    Data Minimization
    • Only collect and retain the minimum amount of data necessary for your purposes.
    • Reducing the amount of data collected also reduces risk of exposure.
    Storage
    • Images may be saved temporarily in the application directory on a UM-provided local computer, or stored in a UM-approved cloud-based storage system.
    Application Samples
    • Adobe Creative Cloud Suite (Photoshop, Adobe Express, Acrobat)
    • SnagIt
    • Microsoft Snipping Tool
    • Canva
    • Pixlr
    • PicWish 
    • Fotor
    File Type Samples
    • JPEG (Joint Photographic Experts Group)
    • PNG (Portable Network Graphics)
    • TIFF (Tagged Image File Format)
    • WebP (by Google)
    • AVIF (AV1 Image File Format)
    • HEIF (High-Efficiency Image Format; used by Apple)

  • Departments, Forms, and Contacts

    Form Department Owner Contact Information
    Authorization/Release for Photography or Audio/Video Recording form UHealth Health Information Management (HIM) Email: privacy@med.miami.edu
    Email: uchartecopy@med.miami.edu
    Use of Name Agreement UHealth Medical Communications, Supply Chain/Business Services, and/or General Counsel Email: medcommunications@miami.edu
    Research Authorization/Release for Photography or Audio/Video Recording form OVPRS Human Subjects Research Office (HSRO) Email: hsro@miami.edu
    Website: https://hsro.uresearch.miami.edu/index.html
    HRP-410-CHECKLIST: Waiver or Alteration of Consent Process OVPRS Human Subjects Research Office (HSRO) Website: https://hsro.uresearch.miami.edu/resources-and-guidance/informed-consent/waivers/index.html
    UHealth IT Cybersecurity HIPAA Transmitting/Receiving App UHIT Governance, Risk, and Compliance Email: UHIT-GRC@med.miami.edu
    Business Associate Agreement (BAA) UHealth HIPAA Contracts team Email: HIPAAContracts@miami.edu
    Data Broker Service – Data Handling Guidelines and Safe Harbor Guidance OVPRS Research Privacy–Data Broker Services Email: databroker@miami.edu
    Website: https://www.research.miami.edu/about/admin-areas/privacy/data-brokers/data-handling-guidelines/index.html
    Website: https://www.research.miami.edu/about/admin-areas/privacy/data-brokers/data-minimization/index.html
    HP 44.0 – Creation of Fully De-Identified Information (PolicyStatID:12390957) UHealth Privacy Office Email: privacy@med.miami.edu
    Website: https://umhs-ummg.policystat.com/policy/12390957/latest/ilto: https://umhs-ummg.policystat.com/policy/12390957/latest/
    HP 43.0 – Receipt of Facially De-Identified Information (PolicyStatID:8863595) UHealth Privacy Office Email: privacy@med.miami.edu
    Website: https://umhs-ummg.policystat.com/policy/8863595/latest/

Top