27.3 The system shall allow authorized individuals to de-identify select data in the system, including but not limited to names, geographic locations, dates, government-issued identification numbers, telephone numbers, email addresses, full-face photos, and other personal identifiers.
27.4 The system shall be able to verify and ensure that users authorized to view de-identified data are also not a member of a role that permits access to information that re-identifies the data, i.e., segregate duties.
36.6 The system should provide tools or mechanisms for recording the consent—and revocation of consent—of individuals who wish to allow—or disallow—their personally identifiable information to be processed, stored, and otherwise managed.