Often yes. De-identified data can still fall under HIPAA if re-identification is possible, and claims and EHR extracts frequently arrive with residual PHI before your team scrubs them. We treat any dataset that may contain PHI as protected — encryption, access controls, and Business Associate Agreements included — so you are covered regardless of how clean the source file turns out to be.


Leave A Comment