Leaders From Healthcare, Professional Services, Information Security and
Liability Insurers Committed to Deliver a World-Class Framework
DALLAS, July 1 /PRNewswire/ -- The Health Information Trust Alliance
(HITRUST) today announced that it is on target to deliver the first-ever
Common Security Framework (CSF) by January 2009, thanks to the efforts of
the leading health care organizations, professional services firms,
information security specialists, liability insurers and other
organizations that have joined together to actively participate in the
HITRUST CSF program.
"The HITRUST CSF program is critical to effectively safeguarding
electronic health information," said Daniel S. Nutkis, CEO, HITRUST. "As it
is a substantial and complicated undertaking, we are very fortunate to have
such capable, respected and committed organizations participating as part
of our Drafting and Review Working Groups. I am amazed by the diversity and
number of leading organizations with varying specialties participating in
the HITRUST CSF program," Nutkis added.
"As one of HITRUST's founding organizations, I am very pleased to see
that so many leaders in the industry have chosen to join us and support the
development of a common security framework," said Jonathan Roberts, Senior
Vice President and Chief Information Officer, CVS Caremark. "We at CVS
Caremark have known for some time that the creation of the common security
framework was a vital and missing component to effectively and efficiently
protecting sensitive health information," Roberts added.
The HITRUST CSF is a comprehensive set of tools to aid organizations
that create, store, access or exchange electronic health, financial, and
other sensitive information in protecting their information assets and
managing related risks, costs and complexities. The HITRUST CSF is
comprised of three components -- an Information Security Implementation
Manual, a Standards and Regulations Cross-Reference Matrix, and a Readiness
Assessment Toolkit. The Information Security Implementation Manual is a
certifiable, best-practice based specification that scales according to the
type, size, and complexity of an organization to provide prescriptive
implementation guidance.
"BearingPoint has dedicated significant resources to the development of
the HITRUST CSF," said Dr. Ross Martin, director of Health Information
Convergence for the firm. "As a leading provider of risk, compliance and
security solutions, BearingPoint believes the development of a common
security framework is critical, not just for protecting electronic health
information, but also in minimizing the costs and complexities associated
with securing electronic health information."
"The HITRUST CSF program is creating what has been lacking in the
healthcare industry, relating to information security guidance and clarity.
By being prescriptive, it removes the confusion, inconsistencies and
variability that have existed to date, in how organizations have
implemented security measures. Although it is a new specification, it has
leveraged existing U.S. and internationally accepted security standards
where available and appropriate," said G. Christopher Hall, Partner --
Security, Accenture Technology Consulting.
"The availability of a comprehensive and prescriptive information
security implementation manual, developed and agreed on by so many industry
leaders, will establish a bar for appropriate information security measures
in the healthcare industry, and impact how we as a liability underwriter
evaluate and write potential policies," said Paul Bantick, Senior
Underwriter -- Technology, Media & Business Service, Beazley Group plc.
"As an organization that recognizes the importance of electronic health
record, personal health record, and information exchanges to improving
quality and better management of medical expenses, we also recognize that a
critical component to achieving their potential is confidence by business
partners, regulators and consumers that safeguards are in place to protect
sensitive health information," said Robert Mandel, MD, MBA, Vice President,
Health Care Services, Blue Cross Blue Shield of Massachusetts. "The HITRUST
CSF allows organizations to better understand the appropriate safeguarding
measures and communicate their efforts in a uniform manner to their
partners," Mandel added.
The HITRUST Standards and Regulations Cross-Reference Matrix is a
resource for organizations to understand how implementation of the HITRUST
Information Security Implementation Manual relates to and addresses other
standards, as well as legal, contractual and regulatory requirements.
Organizations who are already certified to or have a mandate for other
standards such as ISO 27001 can easily integrate this with their current
framework. "I see the HITRUST CSF as an opportunity to bring some structure
and consistency to the way information security is implemented in the U.S.
healthcare industry," said John DiMaria, Product Manager -- Business
Continuity and ITSM, BSI Management Systems of America. "Since the HITRUST
Information Security Implementation Manual is prescriptive, it removes the
multiple interpretations that have caused issues with inconsistent
implementations and audits in the past," DiMaria added.
"As an information security professional in the healthcare industry, I
have struggled to identify a practical strategy and approach that
appropriately addresses risk, and which can be implemented and accepted by
management, finance, internal and external auditors, and trading partners.
The HITRUST CSF provides a consistent framework by which a healthcare
organization can address security challenges," said Michael Frederick,
Director -- Office of Information Security and Chief Information Security
Officer, Baylor Health Care System.
"The development of the HITRUST CSF takes the healthcare industry a
giant step forward in managing risk and protecting privacy. It also
establishes a benchmark that can be applied to non-covered entities, such
as those providing personal health records (PHRs) to consumers. The HITRUST
CSF is crucial to address the concerns of patients, policymakers and
others," said Dr. Larry Ponemon, Chairman and founder, Ponemon Institute.
The HITRUST Common Security Framework version 2009 will be available
for license later this year. More information on the HITRUST CSF can be
found on the company's website at http://www.hitrustalliance.org/csf or by
calling (469)-587-2250.
About the HITRUST
The Health Information Trust Alliance (HITRUST) was born out of the
belief that information security should be a core pillar of, rather than an
obstacle to, the broad adoption of health information systems and
exchanges. Security is critical to the broad adoption, utilization of and
confidence in health information systems, medical technologies and
electronic exchanges of health information. This, in turn, is critical to
realizing the related promise of quality improvement and cost containment
in America's healthcare system. HITRUST is collaborating with healthcare,
business, technology, and information security leaders to establish a
certifiable framework that can be used by any and all organizations that
create, access, store or exchange personal health and financial
information. Beyond the establishment of the first-ever common security
framework, HITRUST is also driving adoption and widespread confidence in
the framework and sound risk management practices through awareness,
education, advocacy and other outreach activities. For more information,
visit http://www.hitrustalliance.org.
Media contact:
Mike Breslin
Hill & Knowlton (for HITRUST)
214.683.0379
mike.breslin@hillandknowlton.com
See Also:
- Education More Important Than Immigration to Solve Nursing Shortage, Research Shows
- Clarient Launches New Colorectal Cancer Test
- Nordic Naturals Professional Sales Division Offers Targeted Nutritional Support for Eyes with ProDHA Eye
- Many Health Savings Account Owners Make IRA Transfer
- New Prescription Drug Card Offers Savings to Assist Chicago Area's 1.3 Million Uninsured
[Via Healthcare]
0 коментарі:
Post a Comment