A group of over 60 companies in the health care industry have came together last year to create a set of security & privacy best practices that will go above and beyond those laid out in the Health Insurance Portability and Accountability Act (HIPAA). The Health Information Trust Alliance (HITRUST) consortium this week released a Common Security Framework (CSF) "for industry in commitment to greater electronic health information protection and growing regulatory compliance."
“Until now, the lack of widely accepted information security standards has kept many providers on the health care IT sidelines, and has been a source of apprehension for many patients when it came to electronically sharing their medical information... the HITRUST framework should help accelerate the adoption of technologies that will dramatically improve the safety and efficiency of America’s health care system." - Randall N. Spratt, Chief Information Officer and Executive Vice President, McKesson
The CSF is a certifiable framework that will provide organizations with structure and clarity related to information security for the healthcare industry, something more and more important as health information moves online and as data becomes more portable.
The framework is based upon recognized standards such as COBIT, NIST and ISO 270001. The framework is meant to scale according to the type, size and complexity of the organization and follows a risk-based approach that can evolve based on needs and changes in the industry and regulatory environment.
The stimulus bill that was passed in January in the U.S. called for the computerization of health care records within 5 years. The legislation contained stringent privacy and security controls above and beyond HIPAA, just like the new HITRUST CSF does.
Via SC Magazine