Any document – paper or electronic –  that had been PHI but subsequently has had all of the data elements on the list above removed, encrypted, or rendered unreadable and unrecoverable is considered ‘de-identified data’ and no longer needs to be treated with the same controls as PHI. 


De-identified data can, for example, be used for aggregated analysis and reporting, and may be shown to Prospective Clients or employees.


As a rule, de-identified data should NOT be used for marketing or sales collateral or demonstrations.  Completely fabricated data should be used instead.