Data Privacy Benchmarking: HITRUST 2018

Data Privacy Benchmarking: HITRUST 2018

HITRUST 2018 is the only event dedicated to exploring all aspects of risk management, information security, privacy and utilization of the HITRUST CSF® and HITRUST CSF Assurance Program. This year’s edition, held September 11-13, 2018 at the Gaylord Texan Resort in Grapevine, Texas, was a mix of general sessions, focused tracks and networking opportunities. The sessions were led by industry renowned subject matter experts from healthcare, professional services and technology organizations.

Topics included cyber sharing, cloud computing, de-identification, SOC 2® reporting, third-party assurance and vital information for service providers.

Privacy Analytics’ Chief Methodologist Luk Arbuckle, a featured presenter, provides this report:

What was the ‘BIG THING’ at HITRUST 2018?

“’Benchmarks’ were the big thing at HITRUST 2018. Defining ‘Best Practice’; going beyond compliance; the data privacy landscape beyond healthcare; and HITRUST adapting to include GDPR compliance.”

Who was the audience?

“I met a lot of VPs of Security, who don’t typically look at privacy. Right now, they are very concerned about having a benchmark, so they can ensure their organization is following best practice. The explosion of major cyber incidents, and regulatory changes, are keeping them up at night. There’s a lot of new legislation coming as a result of GDPR, and who knows how that will change the game? I’m a technologist, but almost every conversation I had touched on the legal side of data privacy and the search for a common framework to protect their data assets through processes and technology. These decision makers told me they want to be pro-active, and get ahead of the data privacy curve, rather simply being re-active.”

What value did privacy analytics bring to the conference?

“There was a lot of conversation about what Privacy Analytics does in terms of providing more than just a technical perspective: that they could partner with us, because they know we are experts. We can help them identify emerging trends; and explain to the C-suite why being proactive is critical.

“One thing that really struck me, was a case study presented by a company based in the US, servicing a multi-country network of hospitals: they were literally brought to their knees by the collateral damage from a malware attack that spread from a partner through their firewalls, infected their servers, trashed all their filesystems and scrambled their data. No patch could stop it.

“This case study really drove home the point we at Privacy Analytics make constantly about being pro-active, and one that Dr. Ann Cavoukian, who leads the Privacy By Design Centre for Excellence, highlighted in our recent webcast GOOD IS NOT GOOD ENOUGH.

“The benchmark really is – and that was clear from this HITRUST conference – that organizations need to implement Best Practice in Data Privacy, now.”

Today, a little over one year in, it’s worth looking at precisely where this portal has taken us. Where are we now? Where will we go from here?

Need a refresher? Read our Early Impact of Health Canada’s New Guidelines

More Articles

A message from Director of Technology Khaldoun Zine El Abidien Collaboration is a common thread at Privacy Analytics, running through all aspects of our…
When I think about what passion looks like at Privacy Analytics, it’s a quiet, underlying drive to innovate and push for a better world….
Previous
Next

Archiving / Destroying

Are you unleashing the full value of data you retain?

Your Challenges

Do you need help...

OUR SOLUTION

Value Retention

Client Success

Client: Comcast

Situation: California’s Consumer Privacy Act inspired Comcast to evolve the way in which they protect the privacy of customers who consent to share personal information with them.

Evaluating

Are you achieving intended outcomes from data?

Your Challenge

Do you need help...

OUR SOLUTION

Unbiased Results

Client Success

Client: Integrate.ai

Situation: Integrate.ai’s AI-powered tech helps clients improve their online experience by sharing signals about website visitor intent. They wanted to ensure privacy remained fully protected within the machine learning / AI context that produces these signals.

Accessing

Do the right people have the right data?

Your Challenges

Do you need help...

OUR SOLUTION

Usable and Reusable Data

Client Success

Client: Novartis

Situation: Novartis’ digital transformation in drug R&D drives their need to maximize value from vast stores of clinical study data for critical internal research enabled by their data42 platform.

 

Maintaining

Are you empowering people to safely leverage trusted data?

Your Challenges

Do you need help...

OUR SOLUTION

Security / compliance efficiency

CLIENT SUCCESS

Client: ASCO’s CancerLinQ

Situation: CancerLinQ™, a subsidiary of American Society of Clinical Oncology, is a rapid learning healthcare system that helps oncologists aggregate and analyze data on cancer patients to improve care. To achieve this goal, they must de-identify patient data provided by subscribing practices across the U.S.

 

Acquiring / Collecting

Are you acquiring the right data? Do you have appropriate consent?

Your Challenge

Do you need help...

OUR SOLUTIONS

Consent / Contracting strategy

Client Success

Client: IQVIA

Situation: Needed to ensure the primary market research process was fully compliant with internal policies and regulations such as GDPR. 

 

Planning

Are You Effectively Planning for Success?

Your Challenges

Do you need help...

OUR SOLUTION

Build privacy in by design

Client Success

Client: Nuance

Situation: Needed to enable AI-driven product innovation with a defensible governance program for the safe and responsible use
of voice-to-text data under Shrems II.

 

Join the next 5 Safes Data Privacy webinar

This course runs on the 2nd Wednesday of every month, at 11 a.m. ET (45 mins). Click the button to register and select the date that works best for you.