Using Lessons from Health Care to Protect the Privacy of Library Users: Guidelines for the De-Identification of Library Data based on HIPAA

Nicholson, Scott and Smith, Catherine Arnott Using Lessons from Health Care to Protect the Privacy of Library Users: Guidelines for the De-Identification of Library Data based on HIPAA., 2005 . In 68th Annual Meeting of the American Society for Information Science and Technology (ASIST), Charlotte (US), 28 October - 2 November 2005. [Conference paper]


Download (69kB) | Preview

English abstract

While libraries have employed policies to protect the data about use of their services, these policies are rarely specific or standardized. Since 1996 the U.S. healthcare system has been grappling with the Health Insurance Portability and Accountability Act (HIPAA), which is designed to provide those handling personal health information with standardized, definitive instructions as to the protection of data. In this work, the authors briefly discuss the present situation of privacy policies about library use data, outline the HIPAA guidelines to understand parallels between the two, and finally propose methods to create a de-identified library data warehouse based on HIPAA for the protection of user privacy.

Item type: Conference paper
Keywords: patron information ; patrons' use of library materials ; confidentiality ; patron privacy
Subjects: B. Information use and sociology of information > BF. Information policy
Depositing user: Norm Medeiros
Date deposited: 14 Feb 2006
Last modified: 02 Oct 2014 12:02


American Library Association. (2004a). Privacy Tool Kit: 1. Introduction. Retrieved September 22, 2004, from

American Library Association. (2004b). State Privacy Laws Regarding Library Records. Retrieved September 23, 2004, from

Burkhardt, S. (1992). The effect on the content of mental health records when psychiatric patients are permitted access pursuant to 'patient access' laws. Dissertation Abstracts International, 53(6-B), 3149.

Carman, D.M. (1997) Balancing patient confidentiality and release of information. Bulletin of the American Society for Information Science, 23(3). 16-17.

Center for Disease Control and Prevention. (2003). Appendix A: Research Exempt under 45CFR46.101B. Retrieved December 3, 2004, from

Clifton, C., Kantarcioglu, M., Vaidya, J., Lin, X., and Zhu, M. (2004). Tools for Privacy Preserving Distributed Data Mining ACM SIGKDD Explorations 4(2). 1-7.

Definitions, 42 U.S.C. § 1320d(6) (2002).

Gillette, B. (2001). To err is human--so keep patient records in an online central database. Managed Healthcare Executive, 11(7), 32-33.

Gleason, O.C., and Yates, W.R. (2004). Suicide attempt due to a misunderstood HIPAA notice. American Journal of Psychiatry, 161(2), 374.

Golodetz, A., Ruess, J., Milhous, R.L. et al. (1976). The right to know: Giving the patient his medical record. Archives of Physical Medicine and Rehabilitation, 57(2), 78-81.

Goodwin, L.K., and Prather, J.C. (2002). Protecting patient privacy in clinical data mining. Journal of Healthcare Information Management, 16(4), 62-67.

Gutheil, T. G., & Hilliard, J. T. (2001). 'Don't write me down': Legal, clinical, and risk-management aspects of patients' requests that

therapists not keep notes or records. American Journal of Psychotherapy, 55(2), 157-165.

Holland, J. (2004). House may revive parts of Patriot Act II. Retrieved September 22, 2004, from,1280,-4508884,00.html

Johnson, S.B, and Friedman, C. (1996). Integrating data from natural language processing into a clinical information system. Proceedings of the AMIA Fall Symposium, 537-541.

Jones, R.B. & Hedley, A.J. (1987), Patient-held records: censoring of information by doctors. Journal of the Royal College of Physicians of London, 21(1), 35-8.

Kennedy, B. M. (1989). Confidentiality of library records: A survey of problems, policies, and laws. Law Library Journal, 81(4), 733-767.

Li, J., & Shaw, M. (2004). Protection of health information in data mining. International Journal of Healthcare Technology and Management, 6(2), 210-222.

Lichtblau, E. (2004, July 9, 2004). Effort to Curb Scope of Antiterrorism Law Falls Short. New York Times, p. 16.

Lindberg, D. A. (1968). Computers in clinical medical education. In Conference on the Use of Computers in Medical Education. Oklahoma City, OK: University of Oklahoma Medical Center. 53-56.

Million, A., & Fisher, K. (1986). Library records: A review of confidentiality laws and policies. Journal of Academic Librarianship, 11(6), 346-349.

Murphy, D. (2003, April 7, 2003). Some Librarians Use Shredder to Show Opposition to New F.B.I. Powers. New York Times, p. 12.

Neuhaus, P. (2003). Privacy and confidentiality in digital reference. Reference & User Services Quarterly, 43(1), 26-36.

Nicholson, S. (2003). Avoiding the Great Data-Wipe of Ought-Three. American Libraries, 34(9), 36.

AAMC Testimony on the Final HHS Privacy Regulations: Testimony before the Senate Committee on Health, Education, Labor, and Pensions. (2001, February 8) (testimony of G.R. Smith). Retrieved November 24, 2004 from (American Association of Medical Colleges, 2001).

Spiegel, A.D, & Springer, C. R. (1997). Babylonian medicine, managed care and Codex Hammurabi, circa 1700 B.C. Journal of Community Health, 22(1), 69-89.

Sweeney, L. (1997). Weaving technology and policy together to maintain confidentiality. The Journal of Law, Medicine & Ethics, 25(2.3), 98-110.

Sweeney, L. (2004, July 13, 2004). HIPAA De-idenitifcation Strategies for Hospitals. Paper presented at the Presentation at the Easing the Burden on Research: Practical Strategies for De-Identifying Patient Data for Research and E-Health Teleconference.

U.S. Health and Human Services. (2002). Standards for Privacy of Individually Identifiable Health Information: Other Requirements Relating to Uses and Disclosures of Protected Health Information, 45 CFR Parts 160 and 164. Federal Register, 67(157).


Downloads per month over past year

Actions (login required)

View Item View Item