The HITRUST De-Identification Framework was developed to offer a solution to the challenges facing the industry regarding de-identification. Developed in collaboration with information security, and de-identification professionals; the HITRUST De-Identification Framework provides a consistent, managed methodology for the de-identification of data and the sharing of compliance and risk information amongst entities and their key stakeholders.
After review of multiple de-identification programs and methods, including those propounded by agencies in the United States, Canada, and the United Kingdom, the HITRUST De-Identification Working Group (DIWG) believed that no one method is appropriate for all organizations. Instead, the DIWG has identified twelve criteria for a successful de-identification program and methodology that can be scaled for use with any organization. These twelve characteristics are further divided into two general areas:
The first set of characteristics represents those for the program and the administrative controls that an organization should have in place to govern de-identification.
The second set represents how the organization can actually arrive at a de-identified data set, either on an ad hoc basis or by instituting a process that will deliver de-identified data sets.
- Explicit Identification of the Data Custodian and Recipients
- External or Independent Scrutiny
- Re-Identification Risk Thresholds
- Measurement Of Actual Re-Identification Risks
- Identification And Management Of Direct Identifiers And Quasi-Identifiers
- Identification Of Plausible Adversaries And Attacks
- Identification Of Specific Data Transformation Methods And How They Reduce The Risks
- Process And Template For The Implementation Of Re-Identification Risk Assessment And De-Identification
- Mitigating Controls To Manage Residual Risk
- Data Utility
Organizations can download the De-Identification Framework free of charge. In the future, the HITRUST CSF will incorporate controls into the framework to ensure organizations are De-Identifying information as required by the HIPAA Privacy Rule and the September 4, 2012, U.S. Department of Health and Human Services Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) (Guidance).