2-Day Intensive Data De-Identification Training Course

Driving data value requires careful consideration beyond legal compliance under GDPR, HIPAA and state-level laws like CCPA.

Once you’ve completed this two-day course, you’ll know what’s required to maximize data utility while meeting your organization’s regulatory and privacy obligations.

Understand data de-identification and learn how to protect privacy

This course is designed to give you a better understanding of the HITRUST De-Identification Framework. You’ll learn about practical methods and tools used to render data non-identifiable (for example, de-identified under the HIPAA “Expert Determination” method; or anonymized under GDPR).

The primary material is delivered online or in-person by an instructor over two full days—either using a virtual environment, or privately, on-site at your own location.

“Privacy Analytics’ training course provides a straightforward, pragmatic and accessible methodology to safely leverage sensitive data while protecting privacy. It’s helped me achieve greater confidence in bridging the legal, operational, business and technical aspects of data de-identification to ensure more seamless, efficient outcomes.”

Abigail Dubiniecki, Lawyer at nNovation LLP and Data Privacy Specialist at My Inhouse Lawyer

Learning Objectives and Benefits

What you will learn…

  • Key principles behind measuring identifiability and establishing defensible thresholds to render data non-identifiable.
  • How to apply de-identification to protect privacy while leveraging the power of your data.
  • Risk management and reporting necessary to provide auditable proof you’ve taken consistent, defensible steps toward protecting privacy.

The benefits to you and your organization…

  • Safely leverage sensitive data for analytics that drive priority business outcomes.
  • Align business and privacy teams to protect your organization’s sensitive data and uncover its untapped value.
  • Improve the efficiency of your data analysis and management operations by integrating industry-leading techniques with your existing processes and procedures.

Who Needs to Know About Data De-Identification?

This course is designed for professionals working in…








and other domains.

Learn from the Experts in Data Privacy

Meet the Trainers

Luk Arbuckle

Luk Arbuckle,

Chief Methodologist

Santa Borel,

Associate Director, Data Privacy Solutions

Brian Rasquinha,

Associate Director, Solution Architecture, Privacy Analytics

Course Curriculum

Module 1 –
Legal Considerations

A discussion of the legal bases for using and disclosing information for secondary purposes under HIPAA, CCPA, and GDPR, and when each can be applied.

Module 2 –
Concepts and Definitions

An overview of known re-identification attacks, analysis of different data release models and classification of identifiers.

Module 3 –
Risk Measurement Concepts

An introduction to equivalence classes, and discussion of various risk types & metrics, and their relevance to various anonymization use cases.

Module 4 –
Analysis of Context Risk

Descriptions of different types of attacks and how to evaluate the risk of them re-identifying data subjects. This module also covers choosing an acceptable threshold for the risk of re-identification based on the characteristics of the dataset.

Module 5 –
Data Transformation Methods

Methods to mask direct identifiers and de-identify quasi-identifiers.

Module 6 –
Risk Management and Reporting

Determining if the risk is below an acceptable threshold. Creating a report and documenting that the risk of re-identification is very small.

Schedule your data
de-identification training

Sign me up for marketing communications on safely leveraging my sensitive data.

HITRUST Academy® offers training to increase knowledge of data privacy protection to help professionals navigate the evolving regulatory landscape.

The HITRUST De-Identification Framework offers a consistent, managed methodology for data de-identification and the sharing of compliance and risk information.

Archiving / Destroying

Are you unleashing the full value of data you retain?

Your Challenges

Do you need help...


Value Retention

Client Success

Client: Comcast

Situation: California’s Consumer Privacy Act inspired Comcast to evolve the way in which they protect the privacy of customers who consent to share personal information with them.


Are you achieving intended outcomes from data?

Your Challenge

Do you need help...


Unbiased Results

Client Success


Situation:’s AI-powered tech helps clients improve their online experience by sharing signals about website visitor intent. They wanted to ensure privacy remained fully protected within the machine learning / AI context that produces these signals.


Do the right people have the right data?

Your Challenges

Do you need help...


Usable and Reusable Data

Client Success

Client: Novartis

Situation: Novartis’ digital transformation in drug R&D drives their need to maximize value from vast stores of clinical study data for critical internal research enabled by their data42 platform.



Are you empowering people to safely leverage trusted data?

Your Challenges

Do you need help...


Security / compliance efficiency


Client: ASCO’s CancerLinQ

Situation: CancerLinQ™, a subsidiary of American Society of Clinical Oncology, is a rapid learning healthcare system that helps oncologists aggregate and analyze data on cancer patients to improve care. To achieve this goal, they must de-identify patient data provided by subscribing practices across the U.S.


Acquiring / Collecting

Are you acquiring the right data? Do you have appropriate consent?

Your Challenge

Do you need help...


Consent / Contracting strategy

Client Success

Client: IQVIA

Situation: Needed to ensure the primary market research process was fully compliant with internal policies and regulations such as GDPR. 



Are You Effectively Planning for Success?

Your Challenges

Do you need help...


Build privacy in by design

Client Success

Client: Nuance

Situation: Needed to enable AI-driven product innovation with a defensible governance program for the safe and responsible use
of voice-to-text data under Shrems II.


Join the next 5 Safes Data Privacy webinar

This course runs on the 2nd Wednesday of every month, at 11 a.m. ET (45 mins). Click the button to register and select the date that works best for you.