How I handle PHI and compliance.

Compliance is the design constraint, not the last step, and I touch it in two places. In the systems I build, every message is PHI-scrubbed and gated on opt-out and consent before it sends, on synthetic data in shadow mode (you can watch that run in the demo). In the research, the practices I interview are HIPAA covered entities, so I document what they do under HHS Safe Harbor de-identification, and never request, accept, or store patient-identifying information. This page is that research protocol; every revision is dated and listed below.

01 · Anonymization protocol

Census-region geography. Operatory-count practice size. Role-and-tenure for individuals.

Practices are described by structural attributes only: Census region (never city), operatory count and team composition, ownership type (solo, partnership, group), payer-mix bands (not carriers). Individuals are described by role and tenure (“a solo owner with ~15 years in practice”), never by name unless they explicitly waive in writing. Quotes are paraphrased by default; verbatim only with consent and only after a re-identification check.

HHS Safe Harbor floor (45 CFR 164.514(b)(2)) all 18 identifiers stripped before any internal note re-identification check before publication amended with dated note if re-identifiable geography aggregated to Census region
02 · Ethics and regulatory grounding

ADA social-media guidance. AMA Opinion 2.3.2. ADA Advisory Opinion 5.F.7.

The published guidance every dentist already lives under is the same guidance this study holds itself to. The ADA's social-media guidance forbids posting patient information, photographs, or testimonials without written consent. AMA Opinion 2.3.2, the matching standard on the medical side, requires maintaining patient confidentiality in all online environments. ADA Advisory Opinion 5.F.7 (2025) emphasizes the ethical obligation to present factual information without unsubstantiated claims. Citing them directly signals to any dentist reading this site that the operator knows the rules.

Published standards followed ADA social-media guidance AMA Opinion 2.3.2 ADA Advisory Opinion 5.F.7 (2025) HIPAA Safe Harbor de-identification
03 · How I run the interviews

Independent observer, not a vendor. No PHI requested or accepted.

Practices are approached as a researcher, not a vendor. The anonymity rules are explained in writing before any interview: nothing patient-identifying is requested, and if it comes up by accident it is stripped before any note is written. There is no service being sold at the end of the conversation. This posture is what makes the anonymization above possible.

Posture rules no service offer in any interview no PHI requested or accepted anonymity terms stated in writing upfront interview = research, never a sales call
Methodology changelog. Every revision to this protocol is recorded here, dated, public. If a methodology change affects how an earlier observation should be read, the observation gets an AMENDED pill linking back to the changelog entry.
  • 2026-07-12 · v1.2 · Reframed for what a healthcare team actually screens for. Retitled from “how field observations get made” to “how I handle PHI and compliance”, led with the anonymization protocol and regulatory grounding, trimmed the interview posture to one subsection, and retired the empty dead-ends section until there is a real entry to log. Scope kept honest: the systems run on synthetic data in shadow mode, no signed BAA yet.
  • 2026-05-31 · v1.1 · Citation precision pass. Renamed the ADA social-media reference, framed AMA 2.3.2 as the medical-side parallel, confirmed Advisory Opinion 5.F.7 (2025), and replaced the dead-ends placeholders with an honest status line.
  • 2026-05-24 · v1.0 · Initial methodology published. Recruitment posture, anonymization protocol, ethics grounding, and dead-ends section established.
← Back to the homepage