How to become a data de-identification expert

How to become a data de-identification expert

Learn with HITRUST and Privacy Analytics


“As more stringent data protection laws are put in place, it becomes increasingly important to be able to de-identify data properly,”

Anne Kimbol

Assistant General Counsel and Chief Privacy Officer, HITRUST

A not-for-profit organization founded in 2007, with corporate offices in Frisco, Texas, the HITRUST Alliance champions programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain.

In collaboration with Privacy Analytics, and other leaders in privacy, information security and risk management for the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis and resilience. The organization also actively participates in many efforts in government advocacy, community building and cybersecurity education.

The exponential importance of data assets and the growth of data privacy makes ongoing learning a core component of Best Practice. Ms. Kimbol adds, “Expertise in this area allows professionals to ensure individual privacy is protected while data utility remains intact, and guidance such as the HITRUST DE-ID framework helps organizations achieve a balance.”

Development of the framework included critical input from Privacy Analytics’ founder and CEO, Dr. Khaled El Emam, and Privacy Analytics Chief Methodologist Luk Arbuckle.

HITRUST’s on-site and online De-Identification Methodology courses are attended by professionals from around the world.

Abigail Dubiniecki, Specialist at My Inhouse Lawyer Ltd., describes herself as a results-oriented lawyer with expertise in privacy and the General Data Protection Regulation (GDPR), data security and trade gained in Canada and the U.K. in both civil law and common law jurisdictions. Ms. Dubiniecki is an enthusiastic supporter of the HITRUST De-ID Methodology Courses. “I learned so much about how to harness the value of big data in a fair, transparent and secure way that is GDPR-compliant using risk-based de-identification methods. Mr. Arbuckle is a fantastic speaker who makes pseudonymization and anonymization accessible.”

A trio of books by Dr. El Emam and Mr. Arbuckle are foundational elements of the HITRUST De-Id courses:

Mr. Arbuckle emphasizes the importance of learning a proven methodology from recognized experts: “Using well defined, repeatable processes, helps build client and regulatory trust.” Well-known as feature presenters at international data privacy events and academic venuesDr. El Emam and Mr. Arbuckle convey their knowledge with a unique perspective.

The HITRUST De-Identification Methodology Course includes:

  • In-depth instruction on the HITRUST De-Identification Framework
  • Generally accepted de-identification methods and tools

The course is delivered in two parts:

  • Introductory material is delivered online at the participant’s convenience via the HITRUST Academy learning management system
  • The remaining material is delivered over a full, two-day period by an instructor in a classroom setting

Topics include:

  • Background & scope of data de-identification
  • De-identification concepts and related definitions
  • Re-identification risk measurement and related concepts
  • Analysis of contextual risk for de-identified datasets
  • Data masking & de-identification
  • Risk management & reporting

This course is recommended for Professionals in the following domains:

  • Security, privacy, legal, compliance, IT and related domains
  • Data science
  • Statistical, mathematical, and other scientific domains who want to have a better understanding of the HITRUST De-Identification Framework and the practical methods and tools used to render a data set de-identified under the HIPAA “Expert Determination method.”

For more information, and to register, go here:

By Phone: 855.HITRUST (855-448-7878)


Archiving / Destroying

Are you unleashing the full value of data you retain?

Your Challenges

Do you need help...


Value Retention

Client Success

Client: Comcast

Situation: California’s Consumer Privacy Act inspired Comcast to evolve the way in which they protect the privacy of customers who consent to share personal information with them.


Are you achieving intended outcomes from data?

Your Challenge

Do you need help...


Unbiased Results

Client Success


Situation:’s AI-powered tech helps clients improve their online experience by sharing signals about website visitor intent. They wanted to ensure privacy remained fully protected within the machine learning / AI context that produces these signals.


Do the right people have the right data?

Your Challenges

Do you need help...


Usable and Reusable Data

Client Success

Client: Novartis

Situation: Novartis’ digital transformation in drug R&D drives their need to maximize value from vast stores of clinical study data for critical internal research enabled by their data42 platform.



Are you empowering people to safely leverage trusted data?

Your Challenges

Do you need help...


Security / compliance efficiency


Client: ASCO’s CancerLinQ

Situation: CancerLinQ™, a subsidiary of American Society of Clinical Oncology, is a rapid learning healthcare system that helps oncologists aggregate and analyze data on cancer patients to improve care. To achieve this goal, they must de-identify patient data provided by subscribing practices across the U.S.


Acquiring / Collecting

Are you acquiring the right data? Do you have appropriate consent?

Your Challenge

Do you need help...


Consent / Contracting strategy

Client Success

Client: IQVIA

Situation: Needed to ensure the primary market research process was fully compliant with internal policies and regulations such as GDPR. 



Are You Effectively Planning for Success?

Your Challenges

Do you need help...


Build privacy in by design

Client Success

Client: Nuance

Situation: Needed to enable AI-driven product innovation with a defensible governance program for the safe and responsible use
of voice-to-text data under Shrems II.


Join the next 5 Safes Data Privacy webinar

This course runs on the 2nd Wednesday of every month, at 11 a.m. ET (45 mins). Click the button to register and select the date that works best for you.