Reporting Health IT Security Compliance Gets Easier - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Leadership
Commentary
11/16/2009
03:15 PM
50%
50%

Reporting Health IT Security Compliance Gets Easier

The Health Information Trust Alliance (HITRUST) has unveiled a new program that helps streamline how healthcare organizations report to their business associates their status of compliance to security regulations such as HIPAA and others.

The Health Information Trust Alliance (HITRUST) has unveiled a new program that helps streamline how healthcare organizations report to their business associates their status of compliance to security regulations such as HIPAA and others.The HITRUST Common Standard Framework(CSF)Assurance program makes it easier for healthcare organizations to report to their business associates--which often number in the hundreds to thousands--about the status of their compliance to security requirements of states, federal agencies, third-parties, and others.

In the past, healthcare organizations did not have a standard approach or processes to assess and then report their compliance to various security regulations to the array of business associates, vendors, and other seeking such assurances, says Dan Nutkis, CEO of HITRUST.

However, the new HITRUST CSF Assurance program provides tools--including questionnaires--to help healthcare organizations access and score their level of security compliance, and report the findings to business associates and other parties seeking the information.

In addition to the score cards, the Assurance program tools provide healthcare organizations with a vehicle to report corrective action plans and other details to help flesh out information about its security compliance, says Nutkis.

"The score cards provide a snapshot," of a healthcare organization's understood compliance with the HITRUST CSF, says Nutkis

HITRUST's CSF represents a comprehensive security framework of healthcare industry security regulations, including HIPAA and upcoming meaningful use requirements. HITRUST's CSF certification program was unveiled in September.

The new Assurance programs include two levels of assurance--CSF Validated or CSF Certified--based on the size, risk profile and reporting requirements of healthcare organizations.

HITRUST says both the CSF Validated and Certified programs leverage the same tools, processes and security requirements. However, here are the differences, according to HITRUST:

CSF Validated allows organizations to be measured and report their progress against the CSF, as well as providing valuable information such as standardized corrective action plans.

CSF Certified provides additional efficiencies by verifying that an organization has met all of the industry defined certification requirements of the CSF.

Both "reduce the complexity" in reporting compliance to business associates, said Nutkis.

In related developments, HITRUST's CSF is also gaining interest from states looking to standardize the security requirements for their health information exchanges, said Nutkis. So far, Tennessee is among states whose public-private health information exchanges are leaning to standardize its security requirements based on the CSF, said Nutkis.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Why 2021 May Turn Out to be a Great Year for Tech Startups
John Edwards, Technology Journalist & Author,  2/24/2021
News
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
Slideshows
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll