When De-identifying Patient Information Follow the HITRUST Framework
Health Information Trust Alliance. (2019). When De-identifying Patient Information, Follow the HITRUST Framework.
Developed in collaboration with healthcare, information security, and de-identification professionals, the HITRUST De-Identification Framework provides a consistent, managed methodology for the contextual de-identification of data and the sharing of compliance and risk information amongst entities and their key stakeholders. The Framework provides 12 criteria for a successful de-identification program and methodology that can be scaled to any organization: the first four criteria address the programmatic and administrative controls that an organization should have in place to govern de-identification, and the remaining eight criteria may be used to derive a de-identified data set, either on an ad hoc basis or by instituting a process that will deliver de-identified data sets.