Governance & Risk Management , Privacy

HITRUST Tackles Data De-Identification

Working Group Will Develop Series of Recommendations
HITRUST Tackles Data De-Identification

The Health Information Trust Alliance plans to make detailed recommendations for de-identifying patient information and using it for research.

See Also: Now OnDemand | C-Suite Round-up: Connecting the Dots Between OT and Identity

HITRUST is best known for its Common Security Framework, a free guide to implementing security controls to comply with various regulations, including HIPAA. It recently formed a working group that will draft the guidance on de-identifying data, as well as appropriate use and handling of that data to ensure privacy. The recommendations will be released in several phases this year and next.

The initial guidance, to be released in the third quarter, will define multiple levels of de-identification and recommend specific use cases for data in each tier.

"The intent of the HITRUST De-Identification Working Group is to establish a uniform and practical approach to data de-identification that balances the risks and benefits of using the data while taking into account the advancement of healthcare innovation, increased access to healthcare and the protection of individual patient privacy," according to a HITRUST announcement.

The HITRUST initiative comes as federal regulators continue their work on long-overdue guidelines for de-identifying data. The HIPAA privacy rule already includes guidelines for data de-identification, but the HITECH Act requires regulators to issue more detailed guidance.

Working Group Members

Participants in the HITRUST working group include representatives of IMS Health, Merck, Optum and WellPoint, among others.

The group, which is one of a number HITRUST working groups, will make recommendations for minimum qualifications for industry professionals who can certify the standards and the methodologies used to de-identify health data and for properly managing any risk of re-identification. The group also will review and propose changes to relevant HITRUST Common Security Framework controls to help promote the safe and secure handling of de-identified data.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.