Any document – paper or electronic – that had been PHI but subsequently has had all of the data elements on the list above removed, encrypted, or rendered unreadable and unrecoverable is considered ‘de-identified data’ and no longer needs to be treated with the same controls as PHI.
De-identified data can, for example, be used for aggregated analysis and reporting, and may be shown to Prospective Clients or employees.
As a rule, de-identified data should NOT be used for marketing or sales collateral or demonstrations. Completely fabricated data should be used instead.