The paper introduces the definition of privacy as well as de-identification process and method in Health Insurance Portability and Accountability Act (HIPAA), elaborates and analyzes the de-identification and formulation, application and improvement of desensitization approach rules of the Medical Information Mart for Intensive Care(MIMIC-III) database conforming to HIPAA principle in terms of attribute removal, date shifting, and free text processing.