...
By combining sensitive information with common identifiers such as date of birth, geographic location, or sex, the information could be used to identify a single person. On the data collection side, CommCare requires all users to log in with a secure, unique identification. The data is then securely hosted and is encrypted using RSA 256-bit encryption. All interactions on the CommCareHQ website are conducted using industry standard transmission encryption. CommCareHQ reports are only made available to users with appropriate access to public health information. However, it is the responsibility of users with access to data in their project spaces to make sure that it is shared appropriately.
CommCare's De-identification Function
- Sensitive IDs - any field marked as a sensitive ID will be replaced with a random alphanumeric code. This code will be consistent within forms; that is if you are treating owner_id as a sensitive field and owner_id is the same in 10 form submissions, then it will be replaced with the same code in all of the form submissions.
- Sensitive dates
Downloading de-identified report is a three-step process:
...