The HITRUST De-Identification Framework was developed to offer a solution to the challenges facing the industry regarding de-identification. Developed in collaboration with information security, and de-identification professionals; the HITRUST De-Identification Framework provides a consistent, managed methodology for the de-identification of data and the sharing of compliance and risk information amongst entities and their key stakeholders.

After review of multiple de-identification programs and methods, including those propounded by agencies in the United States, Canada, and the United Kingdom, the HITRUST De-Identification Working Group (DIWG) believed that no one method is appropriate for all organizations. Instead, the DIWG has identified twelve criteria for a successful de-identification program and methodology that can be scaled for use with any organization. These twelve characteristics are further divided into two general areas:

The first set of characteristics represents those for the program and the administrative controls that an organization should have in place to govern de-identification.

The second set represents how the organization can actually arrive at a de-identified data set, either on an ad hoc basis or by instituting a process that will deliver de-identified data sets.


  • Governance
  • Documentation
  • Explicit Identification of the Data Custodian and Recipients
  • External or Independent Scrutiny

De-Identification Methodology:

  • Re-Identification Risk Thresholds
  • Measurement Of Actual Re-Identification Risks
  • Identification And Management Of Direct Identifiers And Quasi-Identifiers
  • Identification Of Plausible Adversaries And Attacks
  • Identification Of Specific Data Transformation Methods And How They Reduce The Risks
  • Process And Template For The Implementation Of Re-Identification Risk Assessment And De-Identification
  • Mitigating Controls To Manage Residual Risk
  • Data Utility

Organizations can download the De-Identification Framework free of charge. In the future, the HITRUST CSF will incorporate controls into the framework to ensure organizations are De-Identifying information as required by the HIPAA Privacy Rule and the September 4, 2012, U.S. Department of Health and Human Services Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) (Guidance).