IRI Adds Re-ID Risk Scoring to Help Businesses Comply with HIPAA

Share Article

FieldShield Software and Expert Services Address the “Expert Determination Method” Rule

Re-ID Risk Scoring Wizard in IRI FieldShield

Re-ID Risk Scoring in IRI FieldShield

Now, data security architects can find, classify, de-ID, risk-score, and further generalize PHI in the same pane of glass.

Innovative Routines International (IRI, The CoSort Company) has successfully embedded peer-reviewed statistical risk measurement functions into the IRI FieldShield data masking product to rapidly score the likelihood that a masked data set can still identify an individual. The HIPAA Expert Determination Method rule requires that protected health data has only a statistically “very small” chance of re-identification. IRI’s new risk scoring wizard applies industry-approved algorithms to measure, and report on, these assessments.

While the masking of personally identifiable information (PII) like names and Social Security Numbers in files and databases is commonly performed, a potential attacker can still identify people from remaining “quasi-identifiers” in the data. A Carnegie Mellon study reported that 87% of the U.S population can be identified from their gender, date of birth, and a 5-digit zip code.

According to US Client Manager Lisa Mangino, IRI added risk scoring technology to FieldShield -- and IRI’s larger Voracity data management platform -- to address quasi-identifiers, too. “Now, data security architects can find, classify, de-ID, score, and then further generalize the quasi-identifiers in the same pane of glass,” she explained. Each de-ID operation also produces an XML audit log, runtime statistics, and job diagram, to further verify compliance actions.

These features are all supported in the same integrated development environment -- built on Eclipse -- called IRI Workbench. Workbench includes multiple job design and deployment modalities for data discovery, integration, migration, governance, and analytics. Users run job wizards connected to their data sources that discover, categorize, mask, and risk-score their data. They can also transform, cleanse, unify, convert, prototype, and analyze data there.

In addition to combining all this technology into a single user interface, IRI is also providing its customers in the healthcare industry -- both HIPAA-covered entities and business associates -- access to a HIPAA data SHM/EDM compliance course. This three-hour, five-part course covers PHI discovery, de-identification and risk scoring processes applied to structured data sets containing key- and quasi-identifiers. The course also covers expert determination, data generalization, compliance certification, breach insurance, and breach claim defense.

About IRI

IRI ( is a US data management and protection ISV founded in 1978 and represented in 40 cities worldwide. IRI’s uniquely fast and versatile data manipulation software -- and its rich Eclipse job design environment -- provide uniquely price-performant, ergonomic solutions for big data and BI/DW architects, data security and governance officers, DBAs, and application developers. The company offers fit-for-purpose, data-centric security tools like FieldShield, as well as a larger platform, Voracity, to support data discovery, integration, migration, governance, and analytics.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Eric Leohner
since: 08/2010
Follow >
IRI, The CoSort Company
since: 09/2012
Like >
IRI, The CoSort Company

Follow us on
Visit website