Confidentiality and Privacy of IBIS Data
 

The Utah Department of Health makes public health data available while protecting the confidentiality of the data and the privacy of individuals. Below are some of the measures taken to ensure privacy and confidentiality.

See the IBIS Data Release Policy for more information about HIPAA guidelines and specifics on how personal health information protected within the IBIS website.

Limited Data set

Data records accessible through the IBIS query system have been scrubbed of individually identifying information, such as name, address, social security number, date of service, telephone number, patient ID number, and so forth.

Cell Suppression

The IBIS-PH Query System employs a cell suppression algorithm to minimize the risk that an individual may be identified. Data results that fall below an established limit are not made available to the user. For most data sets the rule that is applied is that data results with fewer than five cases in the numerator and fewer than 30 cases in the denominator will be suppressed. In addition, numbers along table margins are also suppressed if they could be used to calculate the number in a suppressed cell. For example, if a table column has the value for female suppressed and displays a value of 15 for male, the total for that column will also be suppressed since subtracting the 15 male records from the total would give the user the number of female records.

Data Use Agreement

In accordance with the requirements of disclosure of a limited data set under the HIPAA Privacy Rule, it is our policy to provide a data use agreement for IBIS data query users. The agreement appears online at the beginning of each query system user session. Users must agree to the stated conditions for use of the data in order to get past that screen. The data use agreement (see below) is compliant with the HIPAA definition of a data use agreement.

Confidentiality and Privacy

(last updated November 2005)

Limited Data Set (Identifiers that must be removed.) Cell Suppression Data Use Agreement
  1. Names
  2. Postal address information, other than town or city, state, and ZIP Code
  3. Telephone numbers
  4. Fax numbers
  5. Electronic mail addresses
  6. Social security numbers
  7. Medical record numbers
  8. Health plan beneficiary numbers
  9. Account numbers
  10. Certificate/license numbers
  11. Vehicle identifiers and serial numbers, including license plate numbers
  12. Device identifiers and serial numbers
  13. Web universal resource locators (URLs)
  14. Internet protocol (IP) address numbers
  15. Biometric identifiers, including fingerprints and voiceprints
  16. Full-face photographic images and any comparable images
 Numbers suppressed (**) when:


Numerator < 5

Denominator < 30


 Utah Department of Health
IBIS Query System, Data Use Agreement

The data and information provided through the IBIS-PH Query System are intended to support any individuals or entities engaged in activities designed solely to enhance the well-being of a specific community, which may include State of Utah. Activities include informing evidence-based decision making in Utah to plan and improve health service delivery, evaluate health care interventions and systems, and inform health policy decisions. Other uses are not permissible.
As an IBIS-PH Query System user, I agree to:
  • Use the data for statistical reporting and analysis only.
  • Avoid any attempt to identify or contact individual(s) represented in the IBIS-PH query system data.
  • Avoid disclosure or use of the identity of any individual(s) discovered inadvertently.
  • Avoid linkage of IBIS-PH query system data with other data that, after linkage, might allow identification of an individual represented in the IBIS-PH query system data.
  • Use appropriate safeguards to prevent the inappropriate use or disclosure of individual(s) represented in the data, including when disclosing IBIS-PH Query System data to others.
  • Report IMMEDIATELY any inadvertent or intentional identity disclosures or violations of this agreement of which I become aware to the Director of the Center for Public Health Data, Utah Department of Health.
I understand that failure to adhere to the above stated agreement items will result in loss of access to UDOH Internet databases, and I may be subject to legal penalties. Any use, release, or publication of health data contrary to the provisions stated is a class B misdemeanor, with subsequent violation begin class A misdemeanors punishable by a fine of up to $5,000 per offense (Chapter 23, Title 26, Utah Code Annotated). If I am a Utah state government employee, this may be grounds for immediate dismissal.

Query Help Page · IBIS Help Page

Email IBIS-PH Director · IBIS-PH Home Page