Privacy Analytics and HITRUST Partner to Launch De-identification Training Program

Share Article

Privacy Analytics and HITRUST have developed a new course and professional credential to address the gap between the increasing need to share healthcare data responsibly and the shortage of experts trained to use the HITRUST De-identification Framework to manage risk, protect privacy and achieve regulatory compliance

News Image
With more experts, organizations will be in a better position to implement de-identification practices internally, evaluate the re-identification risk for data sets and maximize de-identified data quality.

Privacy Analytics ( – the leading provider of software that safeguards and enables personal health data for secondary purposes – announced today that it has partnered with the Health Information Trust Alliance (HITRUST) to develop a new training and certification program to increase the number of experts capable of applying the HITRUST De-identification Framework.

Developed in collaboration with healthcare, information security, and de-identification professionals, the HITRUST De-Identification Framework provides a consistent, managed methodology for the de-identification of data and the sharing of compliance and risk information amongst entities and their key stakeholders. The new training and certification program is based on the HITRUST De-identification Framework.

As health data exponentially increases, there is a rapidly growing need to access, share and analyze this data to solve some of healthcare’s most challenging problems. To enable the sharing of this data, the risk of re-identification must be assessed and managed. De-identification is one of the most effective methods to manage privacy risks for sharing data, while allowing for the greatest level of utility for research and analysis.

“De-identification is a key method for protecting privacy by preventing a patient’s identity from being connected with health information and is a key mechanism for allowing the sharing of health information for secondary purposes under the HIPAA Privacy Rule,” said Dr. Bryan Cline, Vice President, HITRUST. “The HITRUST De-identification Framework follows best practices and builds on many decades of experience with the de-identification of health and other data, while simplifying and streamlining the process of data sharing.”

The HITRUST De-Identification Framework is fully aligned and mapped to the HITRUST CSF, the most comprehensive and widely adopted information security and privacy framework for the healthcare industry. The CSF is used by hospitals, health plans and other healthcare organizations as a certifiable, flexible and efficient approach to regulatory compliance and risk management.

The training program, which includes a professional certification, has been developed in response to the industry shortage of trained experts qualified to help organizations implement effective and defensible de-identification techniques. This shortage can cause data to be improperly or insufficiently de-identified, which could result in the disclosure of data sets with an unacceptably high level of risk of patient re-identification. Alternatively, analyses on health data may simply not happen at all, leading to less progress in research for treatments and cures and less innovation for healthcare organizations.

“With more experts, organizations will be in a better position to implement de-identification practices internally, evaluate the re-identification risk for data sets and maximize de-identified data quality,” said Dr. Khaled El Emam, CEO and Founder of Privacy Analytics. ”The HITRUST De-identification Framework is a critical step in standardizing risk management when sharing health data. Now, we must provide educational opportunities to increase the number of professionals able to apply such standards, in order to meet the need for healthcare research and analytics.”

Privacy Analytics and HITRUST have collaborated to jointly develop the course content for this training and certification program which will be delivered and managed by HITRUST, and held in an on-site classroom at HITRUST facilities in Frisco, Texas, with classes beginning in May 2016. An end-of-course exam will be provided to participants interested in earning a professional certification for the HITRUST de-identification framework.

Continuing Professional Education (CPE) credits and other requirements for maintaining certification in the HITRUST De-identification Framework, or as a de-identification expert, will be offered to ensure professionals remain current with compliance requirements and industry best practices.

To learn more about the training program or to register, please go to HITRUST Academy: Practical Applications of Data De-identification.

About Privacy Analytics
Privacy Analytics ( allows healthcare organizations to quickly and easily apply a risk-based de-identification methodology that ensures individual privacy and legal compliance. Privacy Analytics is the only company to offer expert training, software, peer-reviewed methodology and valued-added services that protect the privacy of individuals while allowing organizations to share data for secondary purposes. Privacy Analytics customers represent half of Fortune 50 healthcare companies. Privacy Analytics’ software is compliant with regulations and globally accepted standards and guidelines, including those from the Institute of Medicine (IOM), Health Information Trust Alliance (HITRUST), PhUSE, the Council of Canadian Academies, as well as HIPAA and the EU Data Protection Directive 95/46/EC.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Kevin Gould
Visit website