Third Parties Continue to Pose Significant Risks and Challenges Associated with Safeguarding Health Information
May 8, 2013
Frisco, TX – May 8, 2013 – The Health Information Trust Alliance (HITRUST) is announcing today that leading healthcare organizations will be requiring their business associates to participate in the HITRUST Common Security Framework (CSF) Assurance Program and submit CSF assessment reports as part of their information protection programs.
Will Assist Healthcare Organizations to Mitigate Cybersecurity Risk and Comply with HIPAA Omnibus Regulations
Apr 17, 2013
SAN DIEGO, April 17, 2013 -- Kratos Defense & Security Solutions, Inc. (Nasdaq:KTOS), a leading National Security Solutions provider, announced today that its Kratos SecureInfo cybersecurity business group has been designated by the Health Information Trust Alliance (HITRUST) as a Common Security Framework (CSF) Assessor. The HITRUST CSF is the healthcare industry’s most widely adopted framework that reconciles and harmonizes the requirements of existing standards and regulations, including healthcare (HIPAA, HITECH), third party (PCI, COBIT) and government (NIST, FTC).
Rise in Cyber Threats Targeted at the Healthcare Industry Leads to Increased Industry Awareness
Apr 10, 2013
Frisco, TX – April 10, 2013 – In response to heightened awareness and concerns about cyber threats, attacks and incidents, the Health Information Trust Alliance (HITRUST) announced today new guidance for healthcare organizations wanting to assess the state of their cybersecurity preparedness. The guidance identifies an appropriate subset of controls within the HITRUST Common Security Framework (CSF) that are most directly related to detecting and thwarting cyber-related breaches and allows organizations to assess against the cyber-specific controls and receive a snapshot of their cyber capabilities and readiness.
Mar 26, 2013
Scottsdale, Arizona – March 25th, 2013 Today, ComplySmart, LLC announced that the Health Information Trust Alliance (HITRUST), a leading authority on healthcare information security, has designated the firm as a Common Security Framework (CSF) Assessor.
Healthcare Industry Establishes New Working Group to Support White House Cybersecurity Executive Order
Industry and Government Already Benefiting from Cybersecurity Collaboration
Feb 20, 2013
Frisco, TX – February 20, 2013 –The Health Information Trust Alliance (HITRUST) announced today the establishment of a new working group to support the White House Cybersecurity Executive Order. Issued on February 12 by President Obama following his State of the Union address, the policy warns that “the cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront.”
Jan 7, 2013
Personal health information is worth 50 times more to thieves than credit card or Social Security numbers, so it's no surprise that healthcare organizations are prone to data breaches. Preventing them is difficult, and so is mitigating the damage they can cause. Here experts discuss how organizations can avoid breaches and a nonprofit that suffered a breach in 2011 explains how it responded.
DESIGNATION BUILDS ON FIRM'S CYBERM3 MODEL
Jan 7, 2013
McLean, Virginia -- Today, Booz Allen Hamilton (NYSE: BAH) announced that the Health Information Trust Alliance (HITRUST), a leading authority on healthcare information security, has designated the firm as a Common Security Framework (CSF) Assessor.
Jan 3, 2013
Cheyenne, Wyoming – January 3, 2013 – Human Capital Management Services (HCMS) Group has announced its achievement of Common Security Framework (CSF) Certified status from the Health Information Trust (HITRUST) Alliance. The HITRUST CSF Certified status allows HCMS to uphold its high security standards in maintaining electronic protected health information (ePHI).
HITRUST Announces Updates to 2013 CSF and CSF Assurance Program, and Introduces Major Enhancements to CSF Assessment Tool
Customizable Tool Provides Simpler and More Consistent Approach for Managing CSF Assessments, Tracking Compliance, and Benchmarking
Dec 19, 2012
Frisco, TX – December 19, 2012 –The Health Information Trust Alliance (HITRUST) is announcing continuing updates to the HITRUST Common Security Framework (CSF), the most widely-adopted security framework in the U.S. healthcare industry, to ensure the framework remains relevant and practical for those organizations that rely upon it to manage their information protection programs.
HITRUST and (ISC)²® Partner to Develop Professional Standards for Credentialing in Healthcare Information Security
With Healthcare Breaches on the Rise, New Alliance Will Help Fill Market Demand for Qualified Healthcare Security Pros
Dec 12, 2012
Palm Harbor, Fla., U.S.A., December 12, 2012 – (ISC)²® (“ISC-squared”), the world's largest information security professional body and administrators of the CISSP®, and the Health Information Trust Alliance (HITRUST), a non-profit organization responsible for the development, management, education and awareness relating to health information security and the leading organization aiding the healthcare industry in advancing the state of information protection, announced today they have entered into an agreement to meet the growing demand for qualified security professionals who can protect sensitive healthcare information. This relationship was also established to allow both organizations to connect with key stakeholders in the healthcare market that can contribute to building new IT security certification and education programs for healthcare professionals.
Significant Areas for Concern Continue to Include Smaller Physician Practices and Industry-wide Struggle with Thefts of Laptops, Desktops and Mobile Media, while Hacking and Malware Remain Suspiciously Low
Dec 5, 2012
FRISCO, Texas--(BUSINESS WIRE)--According to the Health Information Trust Alliance's (HITRUST) analysis of U.S. healthcare data breaches from 2009 to the present, the healthcare industry has made little progress in reducing the number of breaches with troubling statistics seen from the same types of organizations, breaches and locations. The retrospective analysis of breaches affecting 500 or more individuals indicates a slight decline in the total number of breaches during the past three years, but overall the industry's susceptibility to certain types of breaches has been largely unchanged since breach data became available from the U.S. Department of Health and Human Services (HHS) and the new HIPAA and HITECH Act regulations went into effect.
Company’s InstantPHR SaaS offering achieves HITRUST Common Security Framework (CSF) Certified status
Nov 29, 2012
Rockville, Maryland – November 16, 2012 — Patients and providers can rest assured that their data and communications are safe and secure when using Get Real Health's InstantPHR platform. The company's InstantPHR SaaS offering has achieved HITRUST Common Security Framework (CSF) Certified status through the HITRUST CSF Assurance Program — the most widely-used security assessment approach in the U.S. healthcare industry.
Nov 1, 2012
The Health Information Trust Alliance offered its support for an effort by Sen. Jay Rockefeller (D-W.Va.) to raise awareness of what both call a growing cybersecurity threat. In a three-page letter to Rockefeller, HITrust CEO Daniel Nutkis said the organization "applauds lawmakers' and regulators' attention to this issue and is supportive of anything that protects national critical infrastructure and avoids disruptions or losses that can be caused by cyberattacks."
Oct 30, 2012
The health care industry is joining other businesses in urging Congress and federal officials to consider existing cybersecurity efforts before enacting new measures to better protect American computer networks. Congress is expected to revisit cybersecurity legislation before the end of the year and the White House is considering an executive order on the issue.
Oct 29, 2012
HITRUST takes seriously its commitment to supporting the healthcare industry in all aspects relating to the advancement of information protection. The recent proliferation of media coverage on escalating cybersecurity threats, and the White House and Congress' indication of a coming executive order has led HITRUST to become more proactive in educating members of Congress on its healthcare-specific experience and knowledge on cyber attacks.
Company again proves commitment to securing electronic personal healthcare information
Oct 17, 2012
Dallas, Texas - October 17, 2012 – FireHost, the leading secure cloud hosting company, today announced that it has successfully achieved Common Security Framework (CSF) Certified status from the Health Information Trust Alliance (HITRUST). In doing so, FireHost has attained certification from what is considered to be the most widely used program for assessing the security posture of business associates and managing third-party compliance. FireHost proactively secured the certification based on its unerring commitment to securing electronic personal health information (ePHI) from malicious cyber-attacks that become more sophisticated every year. FireHost offers HIPAA-ready cloud hosting options for healthcare customers that need to meet the stringent compliance standards required of the industry.
Aug 23, 2012
Denver, Colo. – August 23, 2012 – Welltok, Inc., today announced that it has achieved Common Security Framework (CSF) Certified status from the Health Information Trust Alliance (HITRUST). The CSF is the most widely adopted information security framework in the U.S. healthcare industry and the foundation of the HITRUST CSF Assurance Program, the most commonly utilized program for assessing the security posture of business associates and managing third-party compliance.
The Health Information Trust Alliance has launched a service that enables an exchange of intelligence on cyber threats facing the health care industry.
Jul 26, 2012
The Health Information Trust Alliance (HITRUST), a group of health care business technology and information security leaders, has launched the Cyber Threat Analysis Service (C-TAS) to provide intelligence on computer network threats facing the health care industry.
HITRUST Expands Cybersecurity Center with Launch of First Cyber Threat Analysis Service for the Healthcare Industry
“Community Defense” Model a Major Step Toward Proactively Protecting Electronic Health Data and the Nation's Critical Infrastructure Against Cyber Attacks
Jul 24, 2012
Frisco, TX – July 24, 2012 – The Health Information Trust Alliance (HITRUST) today launched the HITRUST Cyber Threat Analysis Service (C-TAS), a unique collaborative platform for cyber defense specific to the healthcare industry and a new component of the recently announced HITRUST Cybersecurity Incident Response and Coordination Center. HITRUST C-TAS participants represent the full spectrum of the healthcare ecosystem such as health systems, health plans, pharmacy benefit managers (PBMs), pharmacies and pharmaceutical manufacturers, as well as government organizations such as the Department of Health and Human Services (DHHS) and the Department of Veterans Affairs (VA). By combining world-class intelligence analysis capability with broad industry collaboration, a “community defense" model can be achieved.
Healthcare industry struggles to effectively de-identify data needed to support research and quality of care
Jul 11, 2012
Frisco, TX – July 11, 2012 – The Health Information Trust Alliance (HITRUST) has formed the HITRUST De-Identification Working Group to propose standards for health data de-identification and the appropriate use and handling of de-identified data as defined by the HIPAA Privacy Rule. The working group will also suggest qualifications for the professionals who can certify de-identification methods and de-identified data sets.
Kaiser Permanente’s Jim Doggett is First Risk Officer Elected to HITRUST Executive Council
Jul 9, 2012
FRISCO, Texas - July 9, 2012 - The Health Information Trust Alliance (HITRUST) is pleased to announce that Jim Doggett, chief technology risk officer for Kaiser Permanente, has been elected to the HITRUST Executive Council. HITRUST is led by a management team and governed by the Executive Council, made up of senior leaders from a variety of healthcare organizations.
Jun 28, 2012
PISCATAWAY, N.J., June 28, 2012 /PRNewswire/ -- Marlabs Inc., a leading provider of innovative Information Technology services, announced today that it has been designated by the Health Information Trust Alliance (HITRUST) as a Common Security Framework (CSF) Assessor. Marlabs is one of only a select few companies nationwide to achieve CSF Assessor status, which allows it to perform assessment and other services related to the CSF, the most widely adopted security framework in the healthcare industry.
Jun 6, 2012
When credit card processor Heartland Payment Systems suddenly saw an uptick in fraud coming from outside the United States last year, the company didn't just quietly handle it internally.
Epstein Becker Green Recognized as a HITRUST CSF Assessor to Provide Clients with Security and Privacy Risk Assessment for Protected Health Care Information
May 8, 2012
NEW YORK (May 8, 2012) –Epstein Becker Green has been designated by the Health Information Trust Alliance (HITRUST) as a Common Security Framework (CSF) Assessor. This will allow the firm to provide health care organizations with privacy and security risk assessments to protect the entities from breaches of protected health information (PHI). The health care industry has accepted the HITRUST CSF as the most widely adopted security framework. Epstein Becker Green is the first law firm to become a CSF Assessor and the designation exemplifies the firm's distinct capability to identify and address risk for health care industry clients.
New HITRUST Cybersecurity Incident Response and Coordination Center lets healthcare organizations, U.S. Department of Health and Human Services swap information, forensics from firsthand attack experiences, other threats
Apr 25, 2012
Large healthcare organizations and the U.S. Department of Health and Human Services (HHS) have banded together to share attack and threat intelligence in a new incident response and coordination effort established specifically for their industry.
Health Information Trust Alliance wants Cybersecurity Incident Response and Coordination Center to battle cybersecurity problems
Apr 25, 2012
Looking to address growing cybersecurity threats in the healthcare industry the Health Information Trust Alliance today said it has established a centralized Cybersecurity Incident Response and Coordination Center where organizations can report incidents and get help remediating electronic medical security problems.
Collaborative Effort Will Share Threat Updates, Best Practices
Apr 25, 2012
The Health Information Trust Alliance is spearheading an effort to create a clearinghouse of information about hacker attacks against healthcare organizations as well as best practices for addressing these threats.
HITRUST Establishes Cybersecurity Incident Response and Coordination Center for the Healthcare Industry
Industry Lacks Awareness, Coordination, Best Practices, and Education to Address Increasing Cybersecurity Threats
Apr 24, 2012
Frisco, TX – April 24, 2012 – In light of growing threats posed by cyber attacks targeted at healthcare organizations, the Health Information Trust Alliance (HITRUST) has established the HITRUST Cybersecurity Incident Response and Coordination Center to provide crucial support for the healthcare industry. This support includes facilitating the early identification of cybersecurity attacks, coordination of response activities, and creation of best practices. In addition, the center will make available cyber threat information to the broader industry.
HITRUST CSF Assurance Program Continues to be the Most Widely Used Security Assessment Approach in the Healthcare Industry
Acceptance and Utilization Driven by Security Risks Posed by Business Associates
Feb 7, 2012
Frisco, TX – February 7, 2012 – The Health Information Trust Alliance (HITRUST) announced today that the HITRUST CSF Assurance Program, based on the HITRUST Common Security Framework (CSF), continues to be the most widely utilized program for assessing the security posture of business associates and managing third-party compliance. The CSF Assurance Program provides multiple benefits to both healthcare organizations and their business associates by offering a common and efficient approach to managing security assessments associated with multiple and varied assurance requirements.
HITRUST Expands Programs and Offerings as Adoption Grows
Jan 12, 2012
Frisco, TX – January 12, 2012 – The Health Information Trust Alliance (HITRUST) has released the HITRUST Common Security Framework (CSF) version 4.0 and updates to the CSF Assurance Program. The 2012 CSF includes changes and new guidance pertaining to the National Institute of Standards and Technology's (NIST) 800-53 revision 3 (SP 800-53 r3) and reflects industry recommendations, loss data trend analysis, and input from HITRUST Health Information Exchange and Mobile Device Working Groups.
Oct 12, 2011
LOUISVILLE, Colo., Oct. 12, 2011 /PRNewswire/ -- Colorado-based Coalfire, an independent IT Governance, Risk and Compliance firm, today announced it has been designated by the Health Information Trust Alliance (HITRUST) as a Common Security Framework (CSF) Assessor. With this achievement, Coalfire is now approved to deliver security risk assessments using the CSF, a comprehensive framework that consolidates and normalizes the existing security requirements for healthcare organizations.
Sep 20, 2011
CRANBURY, NJ, September 20, 2011 - BluePrint Healthcare IT announced today that it has been designated by the Health Information Trust Alliance (HITRUST) as a Common Security Framework (CSF) Assessor. This achievement will allow BluePrint to provide covered entities, health information exchanges and business associates with greater visibility into the security and privacy risks which can lead to breaches of protected health information (PHI). The HITRUST CSF is the most widely adopted security framework in the healthcare industry.
HITRUST to Include Privacy Requirements in Integrated Security and Privacy Framework and Further Align with Government Standards
HITRUST Plans Enhancements to Assessment Methodology and Revises Scope of CSF to Include Additional Authoritative Sources for Year-End Release
Aug 11, 2011
Frisco, TX – August 11, 2011 – The Health Information Trust Alliance (HITRUST) announced today it will include privacy requirements in an integrated security and privacy framework available in December 2012. This transformative enhancement to the existing framework will ensure better alignment between healthcare organizations" security and privacy programs and ensure organizations have an integrated approach for protecting health information. HITRUST also announced updates to the 2012 Common Security Framework (CSF) (version 4.0) due for release at the end of 2011, with enhancements to its assessment methodology that will provide more prescriptive guidance and ensure greater consistency and efficiency of assessments.
Ernst & Young LLP Bolsters Health Providers and Payer Information Security Services Through Gaining HITRUST CSF Assessor Status
Jun 8, 2011
NEW YORK, June 8, 2011 /PRNewswire/ -- Ernst & Young LLP announced today that it has been designated by the Health Information Trust Alliance (HITRUST) as a Common Security Framework (CSF) Assessor, a move that will enhance the firm"s ability to provide clients with increased visibility into the presence and effectiveness of information security and privacy controls that protect company data. The HITRUST CSF is the most widely adopted and recognized standard for information security in the health care industry.
New service reduces complexities and incomplete reporting experienced with meaningful use risk assessments
May 25, 2011
Frisco, TX – May 25, 2011 – The Health Information Trust Alliance (HITRUST) announced today a new component of the CSF Assurance program targeted at healthcare organizations with annual revenue less than $25 million. The new security assessment approach addresses the wide-scale inaccuracies found in assessments conducted by smaller organizations and extends the reach and value of the CSF Assurance program, the most widely used approach for documenting risk assessment information in the healthcare industry. The HITRUST CSF Assessment for Small Organizations is a practical and effective solution for organizations wanting to perform accurate assessments of their information security environment and address the requirements of meaningful use.
Apr 29, 2011
BATON ROUGE, La.--(BUSINESS WIRE)--Amedisys, one of the nation"s leading home health care and hospice companies, announced today that it has been elected to the Health Information Trust Alliance (HITRUST) Executive Council. Information Security Officer Sanjeev Sah will serve a two-year term on the council as the Amedisys representative.
HITRUST continues to see broad adoption of CSF and CSF Assurance program
Apr 19, 2011
Frisco, TX – April 19, 2011 – Entering its fourth year of operation, the Health Information Trust Alliance (HITRUST) announced its plans to support the healthcare industry in 2011 and beyond with initiatives aimed at maintaining the comprehensiveness and relevance of the Common Security Framework (CSF) and CSF Assurance program. HITRUST has identified a number of key areas, including cloud computing, data protection, health information exchanges (HIEs), mobile devices and authentication management, that it will focus on in 2011, in addition to making necessary updates relating to relevant federal and state regulations and security standards. These updates and enhancements will influence not only the CSF and other HITRUST programs, but also the guidance offered to the industry, government agencies, software developers and hardware manufacturers. HITRUST will also work to ensure the CSF is being adopted by the entire industry with an emphasis on outpatient, long-term, ambulatory and home health provider organizations.
Apr 18, 2011
FAIRFAX, Va. – General Dynamics Information Technology today announced its achievement as the first Healthcare Application Service Provider hosting environment to receive Common Security Framework (CSF) Certified status from the Health Information Trust Alliance (HITRUST). The achievement follows a three-week audit of the processes and procedures of General Dynamics" Health Information Technology Solutions sector. HITRUST established the CSF to be used by organizations that create, access, store or exchange personal health and financial information. The CSF is an information security framework that integrates the requirements of existing government and third party standards and regulations. This certified framework provides organizations with the needed structure, detail and clarity relating to information security tailored to the healthcare industry.
Effort Strengthens Company
Feb 10, 2011
CHATTANOOGA, Tenn. — BlueCross BlueShield of Tennessee announced today that it has adopted the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), the most comprehensive and widely adopted security framework in the U.S. health care industry, and that it is accepting assessments conducted by its business partners through the HITRUST CSF Assurance program.
Individuals from Catholic Health East and Health Care Service Corp. recognized for outstanding leadership and contributions to healthcare information protection
Feb 2, 2011
Frisco, TX – February 2, 2011 – The Health Information Trust Alliance (HITRUST) announced today the recipients of the HITRUST InfoSec Awards for 2010. The InfoSec Awards recognize organizations and individuals that have demonstrated outstanding contributions to the advancement of information security in the healthcare industry. The individuals honored for their contributions are Dr. Bryan Cline, Chief Information Security Officer and Director of Information Security for Catholic Health East, and Raymond Biondo, Chief information Security Officer for Health Care Service Corp.
Jan 31, 2011
By Lara Bergman
KNOXVILLE, TN – Sword & Shield Enterprise Security, Inc., a Knoxville TN-based IT security company, today announced it has been designated by the Health Information Trust Alliance (HITRUST) as a Common Security Framework (CSF) Assessor – one of only a select few companies nationwide to achieve this recognition.
New Survey Finds Nearly Half of Healthcare Organizations Experienced Information Security Breach Last Year
Jan 11, 2011
NEW YORK, Jan. 11, 2011 /PRNewswire/ -- PwC US announced today that the Health Information Trust Alliance (HITRUST) has designated the firm a Common Security Framework (CSF) Assessor, qualified to evaluate and certify security standards of CSF-related services. The designation affirms PwC"s deep experience in privacy, security and identity theft prevention, and helps to meet growing demand from health organizations for assurance that information is safe amid heightened concern over security breaches.
Provides Guide to Security Compliance
Jan 7, 2011
By Howard Anderson
The Healthcare Information Trust Alliance has unveiled an updated version of its Common Security Framework. The latest enhancements to the framework, which provides a guide to implementing security controls, include updates on compliance with federal regulations as well as recognition of new technologies and security practices, says Chris Hourihan, HITRUST"s manager of development and programs.
Dec 9, 2010
By Samuel Greengard
Getting a handle on potential legal and legislative changes can determine whether an organization ratchets down risk and steers clear of trouble or finds itself in the crosshairs of government and media scrutiny. Making matters worse, the global nature of today’s business environment means that it"s necessary to monitor legal and legislative trends around the world. Many countries—particularly those in Europe—are looking to toughen laws surrounding privacy and security.
Comprehensiveness and usability of framework drives increasing adoption
Nov 16, 2010
Frisco, TX – November 16, 2010 – The Health Information Trust Alliance (HITRUST) announced today it will release updates on December 16, 2010, to the HITRUST Common Security Framework (CSF), the most comprehensive and widely-adopted security framework in the U.S. healthcare industry. The updates incorporate additional and revised security requirements as well as recognition of new technologies and security practices.
Mediregs Integrates HITRUST Common Security Framework with ComplyTrack to Accelerate Health Care Information Privacy and Security
Sep 2, 2010
MediRegs, a leading provider of compliance and risk management, reimbursement and workflow solutions for the health care industry, announced today that it will incorporate the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) within its ComplyTrack Suite to offer clients a concise means of addressing privacy and security risks. MediRegs is part of Wolters Kluwer Law & Business (wolterskluwerlb.com).
ViPs General Dynamics Information Technology
Aug 31, 2010
Jason Taule, Managing Director of Corporate Risk at ViPS General Dynamics Information Technology, delves into the significance of increased regulation and enforcement, and how the HITRUST Common Security Framework (CSF) can help those in the healthcare industry accomplish this. To learn more about Jason's views on utilizing the HITRUST Certification as a means of securing confidentiality for your healthcare organization
Health Info Security
Aug 26, 2010
A total estimated price tag of nearly $1 billion for dealing with the aftermath of major breaches reported to federal authorities so far should motivate healthcare organizations to take aggressive steps to improve security, one analyst advises.
Deloitte Becomes a HITRUST Common Security Framework (CSF) Assessor; Active in CSF Assurance Program
Jul 29, 2010
NEW YORK, July 29 /PRNewswire/ -- As the dramatic rise in breaches, theft of patient health data and increasingly complex regulatory environment continues to put health care organizations and their business relationships under intense pressure and scrutiny regarding security and privacy, Deloitte, a global leader in risk consulting and security advisory services, today announced it has been designated as a Common Security Framework (CSF) Assessor status from the Health Information Trust Alliance (HITRUST).
Humana Endorses HITRUST Program to Promote Health Care Information Security and Achieve Cost Savings
Jul 27, 2010
LOUISVILLE, Ky.--(BUSINESS WIRE)--Humana Inc. (NYSE: HUM) announced today it will accept the results of assessments conducted under the HITRUST (Health Information Trust Alliance) Common Security Framework (CSF) Assurance program as a means to evaluate and verify its business partners" capabilities for protecting health information. The HITRUST CSF Assurance program provides Humana and its business partners with a common approach for managing security assessments that reduces the time, costs and complexities associated with today"s compliance efforts.
CSF adoption and assessments grow as organizations become
Jul 22, 2010
Frisco, TX – July 22, 2010 – The Health Information Trust Alliance (HITRUST) announced today that more than 50 percent of hospitals and 70 percent of health plans with more than 500,000 members are utilizing the HITRUST Common Security Framework (CSF). In addition, the number of organizations undergoing HITRUST CSF assessments is increasing at the same time that a growing number of healthcare organizations have committed to accepting the assessment results as a means of evaluating their business associates' capabilities for protecting health information. The CSF Assurance program, through which the assessments are conducted, was created in response to the information security challenges and inefficiencies associated with evaluating compliance with various regulations and proprietary third party assessment approaches. The program has also become the most widely-used approach for measuring third party information security assurance in the healthcare industry.
Jun 1, 2010
The upside of consumer education is that people are more careful when it comes to their personal, financial and medical data. The downside is that consumers expect entities handling their sensitive data to do so without blemish.
WellPoint First in Industry to Accept HITRUST CSF Assessment Results as Assurance for Health Care Information Security
WellPoint, Inc. Press Release
May 28, 2010
INDIANAPOLIS, May 28, 2010 /PRNewswire via COMTEX/ --WellPoint, Inc. (NYSE: WLP), the nation's largest health insurer by medical membership, announced today it will accept the results of HITRUST Common Security Framework (CSF) assessments as a way to evaluate and verify its business partners' capabilities for protecting health information.
CSA launches Cloud Controls Matrix Tool, incorporating HITRUST Common Security Framework
Apr 27, 2010
London and Frisco, TX – April 27, 2010 – The Health Information Trust Alliance (HITRUST) and Cloud Security Alliance (CSA) today announced a joint collaboration focused on addressing cloud security initiatives related to improving the state of security and compliance in the healthcare industry. The two organizations will work together on cloud-based healthcare information security issues and with one another's respective communities to develop and promote security best practices.
Roy R. Mellinger to Help Drive HITRUST's Mission to Increase Trust Among the Healthcare Industry
Apr 8, 2010
Frisco, TX – April 8, 2010 – The Health Information Trust Alliance (HITRUST) announced today it has elected Roy R. Mellinger, CISSP-ISSAP, ISSMP, CIM, Vice President of Information Technology Security and Chief Information Security Officer for WellPoint, Inc., to the Executive Council. HITRUST is led by a seasoned management team and governed by the Executive Council, which is comprised of leaders from across the healthcare industry and other HITRUST supporting organizations. WellPoint is the nation's largest health benefits company by membership, with more than 33 million members in its affiliated health plans.
Information Security Magazine
Mar 3, 2010
The health care industry was buzzing with the news: For the first time ever, a hospital was being audited for compliance with HIPAA security requirements. The audit of Piedmont Hospital in Atlanta by the U.S. Department of Health and Human Services' inspector general in 2007 was surprising for hospitals, health insurers and others in an industry accustomed to a lack of enforcement of federal privacy and security requirements.
Agiliance Inc. Press Release
Feb 25, 2010
San Jose, Calif. February 24, 2010 – Agiliance Inc., the leading independent provider of integrated Governance, Risk and Compliance (GRC) solutions, today announced that Highmark, Inc., a leading health insurer, is deploying the Agiliance RiskVision™ platform to automate the compliance process, reduce audit costs and ensure Highmark meets strict healthcare industry mandates for HITRUST, HIPAA, and DIACAP.
Feb 22, 2010
FREDERICK, Md., Feb. 22 /PRNewswire/ -- Fortrex Technologies Inc., a trusted security and risk management advisor to its clients throughout the world, today announced it has achieved Common Security Framework (CSF) Assessor status from the Health Information Trust Alliance (HITRUST). As a CSF Assessor, Fortrex is now approved to perform readiness assessment, remediation and certification work associated with the CSF, the standard for protecting health information that harmonizes the requirements of existing standards and regulations, including federal (HIPAA, HITECH), third-party (PCI, COBIT) and government (NIST, FTC).
Healthcare Info Security
Feb 15, 2010
Too many hospitals fail to involve a cross-section of staff in efforts to ensure the security of health information, one security director says. At many hospitals, "The risk management office and the security office don't talk well to each other and that's a big issue to address," says Bryan Cline, Ph.D., director of information security at Catholic Health East, a 34-hospital system based in Newtown Square, Pa.
General Dynamics and Kaiser Permanente recognized for outstanding leadership and contributions
Feb 4, 2010
Frisco, TX – February 4, 2010 – The Health Information Trust Alliance (HITRUST) announced today the recipients of the HITRUST InfoSec Awards for 2009. The InfoSec Awards recognize organizations and individuals that have demonstrated outstanding contributions to the advancement of information security in the healthcare industry. The organization honored for its contributions is Kaiser Permanente and the individual recognized is Jason Taule, Director, Corporate Information Security for ViPS, a General Dynamics Information Technology company.
Healthcare Information Security Podcasts
Feb 3, 2010
For too many healthcare organizations, information security is about regulatory compliance - requirements and checklists. It's time for patients, privacy and true information security to be prioritized, says Cliff Baker, Chief Strategy Officer with the HITRUST Alliance.
Updates to industry's most widely-adopted framework reflect new regulations and user experiences
Feb 1, 2010
Frisco, TX – February 1, 2010 – The Health Information Trust Alliance (HITRUST) announced today enhancements to the HITRUST Common Security Framework (CSF), the healthcare industry framework for protecting health information.
Health Management Technology E-Newsletter
Jan 26, 2010
If your estimated cost to establish compliance with the Health Insurance Portability and Accountability Act (HIPAA) across a company were $1 million but the penalties for a breach were capped at $50,000, what risk decision would you make? It’s a no-brainer. You could suffer 20 breaches before the cost of compliance would equal the penalties for non-compliance, so from a risk management perspective the risk of non-compliance is minimal.
Advance for Health Information Executives
Jan 13, 2010
Why do information security at all? It's an interesting question.and one that's simple to answer. We "secure" or protect information that has value. Often-cited examples include national security information, battlefield intelligence and trade secrets. In the health care industry, patients and their families entrust us with their personal information along with their personal health and safety. A violation of this trust can have consequences ranging from personal embarrassment to medical identity theft.
Dec 7, 2009
Security solution providers can leverage the Health Information Trust Alliance's (HITRUST) Common Security Framework (CSF) to simplify and standardize their healthcare customers' path to HIPAA compliance.
HITRUST Expands Certification Program to Target Inefficiencies, Complexities and Risk in Healthcare Compliance Reporting
Common and cost-efficient approach simplifies assessment and reporting process for healthcare industry
Nov 16, 2009
Frisco, TX – November 16, 2009 – The Health Information Trust Alliance (HITRUST) announced today a program that significantly alters how the healthcare industry assesses security and reports compliance for HIPAA, HITECH, state and other third-party requirements.
Nov 16, 2009
The Health Information Trust Alliance (HITRUST) has unveiled a new program that helps streamline how healthcare organizations report to their business associates their status of compliance to security regulations such as HIPAA and others.
Pool of CSF Certifiers expanding as more organizations adopt the Common Security Framework
Oct 13, 2009
Frisco, TX – October 13, 2009 – The Health Information Trust Alliance (HITRUST) announced today that two more organizations have joined the growing list of professional services firms designated as HITRUST CSF Certifiers. Lattimore Black Morgan & Cain (LBMC), the largest regional accounting and professional services firm based in Tennessee, and Solutionary, an information security company with a wide range of managed security solutions and professional services, have received CSF Certifier status during a time when HITRUST continues to experience an increase in the number of healthcare organizations beginning the certification phase of the CSF.
Broad representation of industry and business organizations serve healthcare industry well in advancing the state of health information protection
Oct 8, 2009
Frisco, TX – October 8, 2009 – The Health Information Trust Alliance (HITRUST) announced today it has elected two new members to the HITRUST Executive Council. Kimberly Gray, Chief Privacy Officer, Americas Region, IMS Health, and Mark Kinnunen, Information Security Officer, Express Scripts have been appointed to the Executive Council for two-year terms. HITRUST is led by a seasoned management team and governed by the Executive Council, which is comprised of leaders from across the healthcare industry and other HITRUST supporting organizations.
Information Security Magazine
Oct 8, 2009
The healthcare industry's increasing reliance on technology during this decade has been embraced by consumers, and this has created increased challenges for an already highly regulated industry. The need for superior information security is understandable, after all, consumers entrust us with their health and their wealth. By that, of course, I mean that Humana's subscribers and those of our peer companies are relying on us to help enable their quality of life securely and reliably.
Healthcare IT News
Oct 6, 2009
SAN FRANCISCO – A new healthcare auditing program is designed to help smaller physician practices ensure that their electronic healthcare records are safe and secure.
Oct 6, 2009
On October 16, states will submit their health information exchange, or HIE, grant applications in order to receive their incentives under the American Recovery and Reinvestment Act of 2009.
Sep 10, 2009
As the federal government builds a framework for investing some $20 billion in health IT, the health care industry is grappling with one of the most controversial and potentially contentious elements of that framework -- privacy and security of electronic health information.
Sep 9, 2009
The HITECH Act was a long-time coming, especially because it holds business associates of covered entities accountable for compliance with the HIPAA Security Rule and the use of disclosure provisions of the privacy rule.
Sep 1, 2009
A new certification program could make it easier for healthcare organizations to decide whether their IT security products meet their compliance needs. The Health Information Trust Alliance--HITRUST--which was launched in 2007 by an alliance of healthcare professional service and IT vendors, announced today a program to evaluate and certify IT security products used in healthcare settings.
New Information Security Product Certification to Address Complexities and Inconsistencies in Product Selection and Simplify Compliance Efforts
HITRUST to streamline process of identifying and evaluating information security solutions for healthcare industry
Aug 31, 2009
Frisco, TX – August 31, 2009 – The Health Information Trust Alliance (HITRUST) announced today it is working with the security assurance, information security and healthcare communities to aid healthcare organizations in evaluating and selecting information security products and services. As the healthcare industry increases its adoption of electronic health records in support of the HITECH Act and enhances its strategy for health information protection, organizations are looking to HITRUST for assistance in identifying solutions that aid in compliance with HIPAA, other security regulations and the HITRUST Common Security Framework (CSF), the first IT security framework developed specifically for healthcare information.
Federal Computer Week
Aug 31, 2009
The Health Information Trust Alliance (HITRUST) announced today the creation of a program to certify IT security products against its Common Security Framework for information. The CSF Ready program will be guided by a steering committee of major IT security companies and labs. It will develop criteria for independent evaluation of health IT security products and services that will enable compliance not only with the framework but also with federal regulations for handling and securing the sensitive information.
HITRUST Advances Health Information Protection by Offering Greater Access to Common Security Framework and Launching Community-based Education Program
Guidance and Resources for Healthcare Information Security Professionals
Aug 19, 2009
Frisco, TX – August 19, 2009 - The Health Information Trust Alliance (HITRUST) announced today that the Common Security Framework (CSF), the first IT security framework developed specifically for healthcare information, is now available at no charge. The CSF is available through HITRUST Central, the healthcare industry's first managed online community for information security professionals.
Aug 10, 2009
The economic recession probably brought healthcare CEOs closer to their organizations' day-to-day activities. New federal HIPAA laws should have too. Daniel Nutkis, CEO of The Health Information Trust Alliance (HITRUST), believes compliance with HIPAA privacy and security starts from the top.
Adoption of the Common Security Framework occuring across every industry segment
Jul 16, 2009
Frisco, TX – July 16, 2009 – The Health Information Trust Alliance (HITRUST) announced today that the first healthcare organizations are beginning the certification phase of the Common Security Framework (CSF). In addition, HITRUST is experiencing a significant increase in licenses of the Common Security Framework across all segments of the healthcare industry: health plans, providers, pharmacies, data exchanges and service providers. Besides providing prescriptive guidance and greater efficiencies for the implementation of information security and privacy programs, motivation driving adoption of the framework includes business partner compliance, health information exchanges, HIPAA compliance and the move to protect Electronic Health Records as part of the HITECH Act (part of the American Recovery and Reinvestment Act, or ARRA).
HITRUST Creates Forum to Foster Corporate Leadership for Information Security in the Healthcare Industry
Supporting the expanding role of the healthcare CISO in a time of greater responsibility
Jun 29, 2009
Frisco, TX – June 29, 2009 – The Health Information Trust Alliance (HITRUST) announced today the Leadership Roundtable to support the growing role of the healthcare chief information security officer (CISO), as corporate responsibility for the protection of electronic health information takes the public stage. The new forum is the first to bring together information security executives representing the diverse segments of the healthcare industry - from providers, health plans and pharmacies to distributors, health data exchanges and pharmaceutical manufacturers – and help advance their careers through networking, learning and driving industry direction.
Vulnerability and Configuration Scanning Service Helps Healthcare Organizations Improve Security with an Accessible, Easy to Use, Cost Effective Solution
Jun 11, 2009
San Francisco – June 11, 2009 – nCircle, the leader in security and compliance auditing solutions, and Health Information Trust Alliance (HITRUST) announced today that nCircle has been selected as the provider of vulnerability and configuration assessments as a service for the HITRUST Central portal. The nCircle Suite360™-based offering is an easy-to-use, Internet accessible service that enables healthcare organizations to scan their IT systems for known vulnerabilities and to ensure their IT systems and medical devices are securely configured. This service enables healthcare organizations from the smallest physician’s offices to the largest global organizations to reduce their risk from external threats and ensure that sensitive personal and financial health data is protected. The service dramatically reduces the complexities and costs associated with demonstrating compliance with regulations and standards such as the HITECH Act, HIPAA and PCI.
Jun 1, 2009
Security cannot take a backseat in health care, says Bryan Cline at the Childrens Hospital of Philadelphia, reports Dan Kaplan. To Bryan Cline, IT security in health care is playing catch-up with other industries that also view data as their most prized asset.
Jun 1, 2009
CVS Caremark Corp., parent company of the largest pharmacy chain in the nation, has implemented a chain-wide shredding program in light of the $2.25 million fine handed down in February by the Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC) for potential breaches of millions of patient records.
Enhancements to the Common Security Framework reduce time, resources and expense of HITECH Act compliance for healthcare organizations and their business partners
May 5, 2009
Frisco, TX – May 5, 2009 – The U.S. Department of Health and Human Services under the Health Information Technology for Economic and Clinical Health Act (HITECH Act) issued its guidance concerning protection of personally identifiable health information for purposes of security breach notifications. This is the first in a series of announcements for which compliance may require the expenditure of significant time and expense by healthcare organizations. These organizations also have many concerns about the impact and implications of the announcements on how they govern the security of information exchanged with their business partners.
Integrated Security Configuration Packs simplify and strengthen the protection of 3rd party Health Information Systems including EHRs and medical devices
Apr 3, 2009
Frisco, TX – April 3, 2009 – With the industry on the verge of broad scale adoption of health information technology – including the move to electronic health records by 2014 as mandated by the American Recovery and Reinvestment Act of 2009 - the Health Information Trust Alliance (HITRUST) today announced the development of Security Configuration Packs for the HITRUST Common Security Framework (CSF). The packs address the lack of guidance that users of third-party health information systems—including electronic health records systems and medical devices—face in securely configuring these systems. Coming on the heels of the Common Security Framework launch in March 2009, today’s announcement represents another major milestone for HITRUST in its mission to create a higher level of trust in the industry by providing a holistic suite of tools and services to assist healthcare organizations with efficiently and consistently protecting sensitive health information.
HITRUST Alliance Announces First Awards Program to Honor Outstanding Achievements in the Advancement of Information Protection in the Healthcare Industry
Mar 17, 2009
Frisco, TX – March 17, 2009 – The Health Information Trust Alliance (HITRUST) today announced the creation of the first annual awards program that aims to identify and distinguish outstanding achievements in the advancement of information protection in the healthcare industry. The HITRUST InfoSec Awards aim to recognize innovation and leadership in the areas of Security and Privacy, Education and Training, Awareness and Culture, Crisis Response, and Industry Contributions.
HITRUST Alliance and Healthcare Leaders Collaborate to Change the Way Health Information is Protected
Release of Common Security Framework major milestone for industry in commitment to greater electronic health information protection and growing regulatory compliance
Mar 2, 2009
San Francisco – March 2, 2009 – With the dramatic rise in breaches, theft of patient health data and the increase in regulatory requirements such as those mandated by the American Recovery and Reinvestment Act of 2009 - healthcare organizations and their business partners are now under intense pressure and scrutiny regarding security and privacy. But without a fundamental change in approach the industry will continue to see inconsistencies in the interpretation of regulations, inefficiencies and unacceptably high costs in the exchange of health information, and lagging adoption of standards (such as HIPAA) that have plagued the protection of health information technology in this complex market.
Health Information Trust Alliance (HITRUST) Concurs with The American Recover and Reinvestment Act of 2009 Stimulus Bill on Importance of Privacy and Security
Industry alliance recently concluded 18 month coordinated effort to develop a Common Security Framework for protecting health information
Feb 17, 2009
Dallas – February 17, 2009 – The Health Information Trust Alliance (HITRUST) today released its position on the importance of privacy and security in the American Recovery and Reinvestment Act of 2009. The act, approved by Congress on February 13, recognizes that privacy and security are fundamental to the adoption of health information technologies - and without real and meaningful information security, concerns arise regarding who has access to personal health and sensitive information and leaves patients skeptical and wary of electronic health information systems and exchanges.
Leaders in place to help set and drive agenda for information security in the Health Care Industry
Dec 3, 2008
Dallas – December 3, 2008 – The Health Information Trust Alliance (HITRUST) - a healthcare industry organization that aims to build greater trust between patients, physicians, organizations, government and technology companies by ensuring information security becomes a core pillar in the adoption of technology and the exchange of data - today announced it has elected two new members to the HITRUST Executive Council and appointed a new member to its management team.
Health Information Trust Alliance (HITRUST) Kicks Off Educational Webcast Series on Information Security in Healthcare, First Deliverable of New Education and Outreach Committee
Organizations who create, access, store or exchange personal health and financial information to learn from security, governance, risk and compliance expert panels
Sep 11, 2008
Dallas – September 11, 2008 – The Health Information Trust Alliance (HITRUST) - the first industrydriven certifiable security standard developed by a collaboration of healthcare, business, technology and information security leaders - today announced it is offering the “Educational Webcast Series on Information Security in Healthcare,” an ongoing series of educational programs delivered via webcast on information security relating to the healthcare industry. As the first deliverable of the new HITRUST Education and Outreach Committee, the complimentary 60-minute webinars will be moderated, interactive panels featuring industry experts and end-users addressing the challenges IT security, risk and compliance professionals face as well as case studies and best practice approaches. Produced every six weeks and running through to 2010, all twelve sessions will be recorded and available online for 12 months for those who cannot attend the live meetings.
Sep 9, 2008
The Health Information Trust Alliance, an industry consortium, has expanded its executive council to include additional stakeholders. The alliance, known as HITRUST, is developing a Common Security Framework for industry release in January. The framework will be a set of certifiable and standardized best practices for complying with the HIPAA security rule and other regulatory mandates, as well as internal security policies to provide a uniform way of verifying the security of health information. While adoption of the best practices is voluntary, some organizations may require their business associates to become certified, notes Daniel Nutkis, CEO of HITRUST.
Prepares for release of first-ever industry-driven health care security framework
Sep 9, 2008
Dallas – September 9, 2008 – The Health Information Trust Alliance (HITRUST) - the first industry-driven certifiable security standard developed in collaboration with healthcare, business, technology and information security leaders - today announced that it has expanded its Executive Council with the election of two new members: Patrick Heim, Chief Information Security Officer, Kaiser Permanente and Robert Mandel, MD, Vice President, Health Care Services, Blue Cross Blue Shield of Massachusetts. Today’s announcement points to the growing industry support and maturing of the HITRUST organization, which is preparing to release its highly anticipated Common Security Framework (CSF) in January 2009.
Aug 19, 2008
When a hospital's patient data is compromised, the results are often costly and always embarrassing for those charged with protecting that information from prying eyes.
HITRUST Confirms Release Date for First-Ever Common Security Framework for Electronic Health Information
Jul 1, 2008
Dallas – July 1, 2008 – The Health Information Trust Alliance (HITRUST) today announced that it is on target to deliver the first-ever Common Security Framework (CSF) by January 2009, thanks to the efforts of the leading health care organizations, professional services firms, information security specialists, liability insurers and other organizations that have joined together to actively participate in the HITRUST CSF program.
Health Information Technology Executives Overwhelmingly Believe the Industry Needs to Work Together on Information Security
Mar 3, 2008
DALLAS—March 3, 2008—A new survey shows that 96 percent of health information technology (HIT) executives think it is important to have a uniform way for verifying the security of sensitive healthcare information, and 85 percent think it is time for the industry to come together and develop a comprehensive framework that can provide that uniformity.
Feb 13, 2008
Coalition of companies is working on new protections for patient data.
Dec 26, 2007
An initiative including health industry leaders and several IT security companies will try to set the bar for security practices applied to electronic-protected health information (EPHI) in an effort to level the playing field between companies sharing sensitive data.
Healthcare Industry and Business Leaders Announce Initiative to Develop a Common Health Information Security Framework
Initiative Seeks to Build Greater Trust in the Electronic Flow of Information Through the Healthcare System
Dec 5, 2007
DALLAS— In an effort to improve the security of sensitive health information, major organizations from across the healthcare and employer spectrum have united to participate in the development of the first ever common security framework for the protection of health information.