Data Privacy Benchmarking: HITRUST 2018

HITRUST 2018 is the only event dedicated to exploring all aspects of risk management, information security, privacy and utilization of the HITRUST CSF® and HITRUST CSF Assurance Program. This year’s edition, held September 11-13, 2018 at the Gaylord Texan Resort in Grapevine, Texas, was a mix of general sessions, focused tracks and networking opportunities. The sessions were led by industry renowned subject matter experts from healthcare, professional services and technology organizations.

Topics included cyber sharing, cloud computing, de-identification, SOC 2® reporting, third-party assurance and vital information for service providers.

Privacy Analytics’ Chief Methodologist Luk Arbuckle, a featured presenter, provides this report:


“’Benchmarks’ were the big thing at HITRUST 2018. Defining ‘Best Practice’; going beyond compliance; the data privacy landscape beyond healthcare; and HITRUST adapting to include GDPR compliance.”


“I met a lot of VPs of Security, who don’t typically look at privacy. Right now, they are very concerned about having a benchmark, so they can ensure their organization is following best practice. The explosion of major cyber incidents, and regulatory changes, are keeping them up at night. There’s a lot of new legislation coming as a result of GDPR, and who knows how that will change the game? I’m a technologist, but almost every conversation I had touched on the legal side of data privacy and the search for a common framework to protect their data assets through processes and technology. These decision makers told me they want to be pro-active, and get ahead of the data privacy curve, rather simply being re-active.”


“There was a lot of conversation about what Privacy Analytics does in terms of providing more than just a technical perspective: that they could partner with us, because they know we are experts. We can help them identify emerging trends; and explain to the C-suite why being proactive is critical.

“One thing that really struck me, was a case study presented by a company based in the US, servicing a multi-country network of hospitals: they were literally brought to their knees by the collateral damage from a malware attack that spread from a partner through their firewalls, infected their servers, trashed all their filesystems and scrambled their data. No patch could stop it.

“This case study really drove home the point we at Privacy Analytics make constantly about being pro-active, and one that Dr. Ann Cavoukian, who leads the Privacy By Design Centre for Excellence, highlighted in our recent webcast GOOD IS NOT GOOD ENOUGH.

“The benchmark really is – and that was clear from this HITRUST conference – that organizations need to implement Best Practice in Data Privacy, now.”

For more on the subject, watch GOOD IS NOT GOOD ENOUGH, Privacy Analytics’ Executive Conversation webcast with Luk Arbuckle and Dr. Ann Cavoukian, here:

Free Webinar: De-Identification 101

Join Privacy Analytics for a high level introduction of de-identification and data masking.
Watch now

Free Download: De-Id 101

You have Successfully Subscribed!