The Health Information Trust Alliance (HITRUST) announced the new HITRUST De-Identification Framework, developed to improve patient privacy and enhance innovation and the improved use of healthcare data. The framework meets the need of healthcare organizations for greater guidance and consistency in the de-identification and use of de-identified healthcare data, while simplifying and streamlining the process. De-identification is a key method for protecting privacy by preventing a patient’s identity from being connected with health information and is a key component of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.

The HITRUST De-Identification Framework is fully aligned and mapped to the HITRUST CSF, the most comprehensive and widely adopted information security and privacy framework for the healthcare industry. The CSF is used by hospitals, health plans and other healthcare organizations as a certifiable, flexible and efficient approach to regulatory compliance and risk management. Now in its seventh major release, HITRUST continues to innovate and enhance the CSF with integrations such as the De-Identification Framework and with updates from source frameworks and best practices due to changes in the regulatory or threat environment.

HITRUST held a one hour webinar to brief the industry on this development and release a draft of the new framework for an open comment period of 30 days. Below is the presentation to that webinar.

The following speakers have joined us for this event:

  • Steve Penn: Senior Director, CSF Development and Education Programs, HITRUST
  • Kim Gray: Chief Privacy Officer, Global, IMS Health
  • Khalid El Emam: CEO, Privacy Analytics
  • Mitchell Granberg: Chief Privacy Officer, Optum
  • Peter Dumont: Senior Director, Privacy, Optum