Industry alliance recently concluded 18 month coordinated effort to develop a Common Security Framework for protecting health information

Feb 17, 2009

Dallas – February 17, 2009 – The Health Information Trust Alliance (HITRUST) today released its position on the importance of privacy and security in the American Recovery and Reinvestment Act of 2009. The act, approved by Congress on February 13, recognizes that privacy and security are fundamental to the adoption of health information technologies – and without real and meaningful information security, concerns arise regarding who has access to personal health and sensitive information and leaves patients skeptical and wary of electronic health information systems and exchanges.

The HITRUST alliance was born out of the belief that information security is critical to the broad adoption, utilization and confidence in health information systems, medical technologies and electronic exchanges of health information, and in turn realizing the promise for quality improvement and cost containment in the American healthcare system.

For the past 18 months, HITRUST has been working with industry to develop a Common Security Framework (CSF) that will enable greater and more efficient protection of health information. The effort was led by a full-time team and supported by knowledgeable and experienced healthcare, professional services, information technology and security organizations. The CSF is a prescriptive and certifiable framework that is the only approach today that makes it cost effective and practical for organizations of any type and size – scaling from private practices, hospitals and health plan providers to pharmacies, pharmaceutical manufacturers, data exchanges and clearing houses – to implement security programs in a consistent way and determine compliance against the myriad of business and partner requirements as well as evolving state and federal standards and regulations.

By normalizing the variances and inconsistencies regarding “how” to implement various standards, regulations and policies, the CSF will help healthcare organizations with the efficient interpretation of and compliance with regulations, such as those imposed by the American Recovery and Reinvestment Act of 2009. Ultimately, the CSF will help increase the level of information protection, reduce complexity, and increase efficiencies – all while creating an effective means for certification and a consistent method of reporting information security compliance to regulators and business partners.

“Industry has recognized the importance of more effective and efficient information security for this nation’s healthcare system and came together over 18 months ago to address these issues. It has been a significant undertaking and the tens of thousands of hours invested by those involved, spanning the healthcare industry and related technology disciplines, demonstrates how industry has stepped up to do the right thing with leadership and commitment on these important issues. As organizations now begin to comply with the CSF we will continue to work towards our goal of greater trust in the protection of health information,” stated Daniel Nutkis, CEO, HITRUST.

“Early results are proving that industry has created an effective security framework and, as importantly, an effective process to address evolving regulatory, business practices, technologies and threats. Rather than reacting to compliance deadlines at the last minute, an approach that tends to be ineffective and costly, organizations are adopting practical approaches to security that are designed and recommended by the industry, for the industry in alignment with government requirements. We look forward to working with the Department of Health and Human Services to share our lessons learned and aid the process as they begin to implement the provisions of The American Recovery and Reinvestment Act of 2009,” said Cliff Baker, Chief Strategy Officer, HITRUST.

Editorial Note: HITRUST will make the CSF generally available to the public, coinciding with a launch event on March 2nd in San Francisco, CA. For more information on the launch event please visit www.HITRUSTalliance.net/launch.

About HITRUST
The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. Security is critical to the broad adoption, utilization of and confidence in health information systems, medical technologies and electronic exchanges of health information. This, in turn, is critical to realizing the related promise of quality improvement and cost containment in America’s healthcare system. HITRUST is collaborating with healthcare, business, technology, and information security leaders to establish a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. Beyond the establishment of the first-ever common security framework, HITRUST is also driving adoption and widespread confidence in the framework and sound risk management practices through awareness, education, advocacy and other outreach activities. For more information, visit www.HITRUSTalliance.net.
#########

All product and company names herein may be trademarks of their respective owners.

Media Contact:
Leslie Kesselring
Kesselring Communications, LLC (for HITRUST)
503.358.1012
leslie@kesselring.net