April 24, 2014, brought an end to the HITRUST 2014 conference. This year’s event featured a diverse group of attendees representing all segments of the healthcare industry from both small and large healthcare organizations, government and technology companies. The annual HITRUST conference is dedicated to exploring all aspects of healthcare information protection, from building an information security organization to utilization of the HITRUST CSF to preparing for OCR audits.

Preceding HITRUST 2014, the Cyber Health Summit revealed eye-opening results from the Spring 2014 CyberRX Excercise. The conference included U.S. Congressman Michael C. Burgess and other great speakers that taught the audience firsthand about their experiences in a wide array of thought provoking topics. The Cyber Health Summit revealed eye opening results from the first ever health industry cyber exercise – CyberRX. CyberRX is a series of industry-wide exercises used to evaluate the response and threat preparedness of healthcare organizations against attacks and attempts to disrupt U.S. healthcare operations. In response to the CyberRX findings, HITRUST has established a “Health Industry Cybersecurity Roadmap” to ensure it is supporting the needs of industry. We encourage you to review the CyberRX Spring 2014 Report.

HITRUST was delighted to host U.S. Congressman Michael C. Burgess as this year’s keynote speaker. Dr. Burgess said, “I recognize that it is often difficult to legislate difficult issues and that the industry is best suited to do develop the processes.  That is why I commend the participants in the CyberRX exercise a few weeks ago and each of you for working to collaborate on developing a common framework to address safeguarding information privacy and security thru organizations like HITRUST which is creating and establish the C3 (cyber center), HITRUST CSF and performing cyber exercises similar to CyberRX.  While the results show several areas of improvement, it also shows that there is the emergence of greater collaboration within the health IT sector and the development of continued collaboration with the federal government. Collaborating within industry must be challenging so I can only imagine how difficult it is to collaborate with the various government agencies so I am encouraged that HHS was a participant in the CyberRX exercises this month and that they are participating with you this week to discuss and encourage further collaboration and support.”

Dr. Burgess also explained, “One of the key goals of advancing this Nation’s cyber security is building trust and relationships between the government and the private sector.  Part of that effort includes heightening awareness about cybersecurity threats.  This is certainly one of the goals of HITRUST 2014.  I am encouraged when the private sector begins to explore healthcare information protection and utilization of tools such as the HITRUST CSF and CSF Assurance Program.  These are just two examples of innovation that is taking place as a means to securing a more robust health care IT system.”

The conference also included panels which provided attendees with practical and actionable knowledge regarding the topics including, “Obtaining CSF Certification.” The panel shared valuable lessons-learned and had lots of questions met with influential advice from those who’ve experienced it. Another panel spoke on, “Building an Information Security Organization,” which encouraged information security professionals as well as reinforced the importance of the topic. Additional highlights from the general sessions was about the relationship between Privacy and Security as seasoned professionals shared secrets for a collaborative and productive partnerships with security and privacy professionals with their counterparts. “Lessons Learned from Recent HIPAA Enforcement Actions, Breaches and Audits,” was a good step for the audience in moving forward toward recognition of the most widely-adopted framework. The audience took advantage of OCR’S presence at the conference during an extremely popular session that brought out lots of questions, discussions and had great feedback. Furthermore, “Using the CSF and CSF Assurance to Support an OCR Audit and Resolution Agreement,” was another popular topic for attendees to take away what going through a breach and audit is actually like, what to expect as well as proven advice on how to farewell.

Another highlight of the conference publicized that Children’s Medical Center Dallas announced it is the first and currently the only hospital in Texas to receive the Texas Covered Entity Privacy and Security Certification by the Texas Health Services Authority (THSA) and the Health Information Trust Alliance (HITRUST). By achieving this certification, Children’s is recognized as a health care leader demonstrating Children’s commitment to protect the privacy of our patients’ health care information. “We are pleased to be the first hospital in the state to receive this important certification, which recognizes the rigorous effort we have made to enhance quality and safety through information technology,” said Chris Durovich, Children’s Chief Executive Officer.

The event ended with the, “CSF Roadmap for 2015 and Beyond,” helping individuals gain insight into HITRUSTs’ plans for enhancements and additions and gave attendees the opportunity to provide feedback and suggestions about what they’d like to see addressed next. HITRUST 2014 was a successful event and we hope to see you next year at HITRUST 2015!

* These fields are required.