METHODOLOGY
“As more stringent data protection laws are put in place, it becomes increasingly important to be able to de-identify data properly,”
Anne Kimbol
Assistant General Counsel and Chief Privacy Officer, HITRUST
A not-for-profit organization founded in 2007, with corporate offices in Frisco, Texas, the HITRUST Alliance champions programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain.
In collaboration with Privacy Analytics, and other leaders in privacy, information security and risk management for the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis and resilience. The organization also actively participates in many efforts in government advocacy, community building and cybersecurity education.
The exponential importance of data assets and the growth of data privacy makes ongoing learning a core component of Best Practice. Ms. Kimbol adds, “Expertise in this area allows professionals to ensure individual privacy is protected while data utility remains intact, and guidance such as the HITRUST DE-ID framework helps organizations achieve a balance.”
Development of the framework included critical input from Privacy Analytics’ founder and CEO, Dr. Khaled El Emam, and Privacy Analytics Chief Methodologist Luk Arbuckle.
HITRUST’s on-site and online De-Identification Methodology courses are attended by professionals from around the world.
Abigail Dubiniecki, Specialist at My Inhouse Lawyer Ltd., describes herself as a results-oriented lawyer with expertise in privacy and the General Data Protection Regulation (GDPR), data security and trade gained in Canada and the U.K. in both civil law and common law jurisdictions. Ms. Dubiniecki is an enthusiastic supporter of the HITRUST De-ID Methodology Courses. “I learned so much about how to harness the value of big data in a fair, transparent and secure way that is GDPR-compliant using risk-based de-identification methods. Mr. Arbuckle is a fantastic speaker who makes pseudonymization and anonymization accessible.”
A trio of books by Dr. El Emam and Mr. Arbuckle are foundational elements of the HITRUST De-Id courses:
- Anonymizing Health Data: Case Studies and Methods to Get You Started, by Dr. Khaled El Emam and Luk Arbuckle (O’Reilly Media, 2014)
- Risky Business: Sharing Health Data while Protecting Privacy, edited by Dr. Khaled El Emam (Trafford Publishing, 2013)
- Guide to the De-Identification of Personal Health Information, by Dr. Khaled El Emam (CRC Press, 2013)
Mr. Arbuckle emphasizes the importance of learning a proven methodology from recognized experts: “Using well defined, repeatable processes, helps build client and regulatory trust.” Well-known as feature presenters at international data privacy events and academic venues, Dr. El Emam and Mr. Arbuckle convey their knowledge with a unique perspective.
The HITRUST De-Identification Methodology Course includes:
- In-depth instruction on the HITRUST De-Identification Framework
- Generally accepted de-identification methods and tools
The course is delivered in two parts:
- Introductory material is delivered online at the participant’s convenience via the HITRUST Academy learning management system
- The remaining material is delivered over a full, two-day period by an instructor in a classroom setting
Topics include:
- Background & scope of data de-identification
- De-identification concepts and related definitions
- Re-identification risk measurement and related concepts
- Analysis of contextual risk for de-identified datasets
- Data masking & de-identification
- Risk management & reporting
This course is recommended for Professionals in the following domains:
- Security, privacy, legal, compliance, IT and related domains
- Data science
- Statistical, mathematical, and other scientific domains who want to have a better understanding of the HITRUST De-Identification Framework and the practical methods and tools used to render a data set de-identified under the HIPAA “Expert Determination method.”
For more information, and to register, go here:
https://hitrustalliance.net/de-identification/
By Phone: 855.HITRUST (855-448-7878)
E-mail: Education@hitrustalliance.net