Ottawa’s Privacy Analytics, a company that specializes in health data anonymization, is partnering with the Health Information Trust Alliance (HITRUST), a U.S. coalition dedicated to creating a De-Identification Framework for the healthcare industry, in order to develop a new training and certification program and expand the pool of experts capable of applying HITRUST’s framework.
The HITRUST De-Identification Framework was created in March. Privacy Analytics had a hand in developing the framework.
The new framework training program is aimed at security, privacy, legal, compliance, IT, data science and other professionals, to provide the skills necessary to perform data de-identification, with particular emphasis on the Expert Determination method described in the HIPAA Privacy Rule.
In the wake of creating a new framework that spells out an industry protocol around de-identification, which is a way for health data to be anonymized in a way that it can’t be traced back to the identity of a patient, it makes sense that there will be an immediate shortage of personnel capable of deploying the technology for companies in the health care field.
“With more experts, organizations will be in a better position to implement de-identification practices internally, evaluate the re-identification risk for data sets and maximize de-identified data quality,” said Privacy Analytics CEO and Founder Dr. Khaled El Emam. “The HITRUST De-identification Framework is a critical step in standardizing risk management when sharing health data. Now, we must provide educational opportunities to increase the number of professionals able to apply such standards, in order to meet the need for healthcare research and analytics.”
The new training and certification program, based on the HITRUST De-identification Framework, a consistent, managed methodology for de-identifying data and sharing compliance and risk information between key stakeholders and organizations.
The training program includes a professional certification and is designed to equip graduates with the skills necessary to run analyses on health data to determine whether it is improperly or insufficiently de-identified, the consequences of which for a health organization are potentially disastrous if the disclosure of data sets puts patients at risk through re-identification.
The benefits of properly de-identifying health data are huge in the sense that medical progress depends on physicians and researchers having access to health data so that new discoveries and treatment innovation can happen.
“De-identification is a key method for protecting privacy by preventing a patient’s identity from being connected with health information and is a key mechanism for allowing the sharing of health information for secondary purposes under the HIPAA Privacy Rule,” said HITRUST Vice President Dr. Bryan Cline. “The HITRUST De-identification Framework follows best practices and builds on many decades of experience with the de-identification of health and other data, while simplifying and streamlining the process of data sharing.”
The course content for the training program was developed collaboratively between Privacy Analytics and HITRUST.
Offering Continuing Professional Education (CPE) credits, along with additional requirements for maintaining HITRUST De-identification Framework certification, the course will be delivered and managed by HITRUST, with an end-of-course exam following the first round of classes, which will take place in May 2016 at HITRUST facilities in Frisco, Texas.