A Consistent Methodology for the De-Identification of Data
The HITRUST De-Identification Framework was developed to offer a solution to the challenges facing the industry regarding de-identification. Developed in collaboration with information security and de-identification professionals, the HITRUST De-Identification Framework provides a consistent, managed methodology for the de-identification of data and the sharing of compliance and risk information amongst entities and their key stakeholders.
After review of multiple de-identification programs and methods, including those propounded by agencies in the United States, Canada, and the United Kingdom, the HITRUST De-Identification Working Group (DIWG) believed that no one method is appropriate for all organizations. Instead, the DIWG has identified twelve criteria for a successful de-identification program and methodology that can be scaled for use with any organization.
These twelve characteristics are further divided into two general areas:
- The first set represents how the organization can actually arrive at a de-identified data set, either on an ad hoc basis or by instituting a process that will deliver de-identified data sets.
- The second set of characteristics represents those for the program and the administrative controls that an organization should have in place to govern de-identification.
- Re-Identification Risk Thresholds
- Measurement of Actual Re-Identification Risks
- Identification and Management of Direct Identifiers and Quasi-Identifiers
- Identification of Plausible Adversaries and Attacks
- Identification of Specific Data Transformation Methods and How They Reduce the Risks
- Process and Template for the Implementation of Re-Identification Risk Assessment and De-Identification
- Mitigating Controls to Manage Residual Risk
- Data Utility
- Explicit Identification of the Data Custodian and Recipients
- External or Independent Scrutiny
Organizations can download the De-Identification Framework free of charge. The HITRUST CSF incorporates controls into the framework to ensure organizations are de-identifying information information as required by the HIPAA Privacy Rule and the September 4, 2012, U.S. Department of Health and Human Services Guidance Regarding Methods for De-Identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) (Guidance).
HITRUST De-Identification Framework Webinar
The HITRUST De-Identification Framework is fully aligned and mapped to the HITRUST CSF, the most comprehensive and widely adopted information security and privacy framework. The HITRUST CSF is used as a certifiable, flexible, and efficient approach to regulatory compliance and risk management. HITRUST continues to innovate and enhance the CSF with integrations such as the De-Identification Framework and with updates from source frameworks and best practices due to changes in the regulatory or threat environment.
HITRUST held a webinar to brief the industry on this development and released a draft of the new framework.
HITRUST announced the new HITRUST De-Identification Framework, developed to improve privacy and enhance innovation and the improved use of data. The framework meets the need of industry organizations for greater guidance and consistency in the de-identification and use of de-identified data while simplifying and streamlining the process. De-identification is a key method for protecting privacy by preventing an individual’s identity from being connected with covered information and is a key component of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.
Comments are vital to the success of the HITRUST decision-making and development process. We provide an opportunity to comment upon the documents being developed and updated by HITRUST working groups or staff. Every comment is reviewed by the appropriate subject matter experts and considered for future revisions.
When preparing comments on the De-Identification Framework, please consider that the intention of the working group was not to produce a detailed manual or a treatise on de-identification, but a framework covering key elements of the process as well as addressing some of the important practical questions that come up during the de-identification process.
Please send all comments to: firstname.lastname@example.org