Guidance and Resources for Healthcare Information Security Professionals

Aug 19, 2009

Frisco, TX – August 19, 2009 – The Health Information Trust Alliance (HITRUST) announced today that the Common Security Framework (CSF), the first IT security framework developed specifically for healthcare information, is now available at no charge. The CSF is available through HITRUST Central, the healthcare industry’s first managed online community for information security professionals.

HITRUST is responding to the industry’s request for open access to HITRUST Central and the CSF, which will aid organizations in complying with HIPAA and the HITECH Act, supporting health information exchanges, and addressing third-party risk. These actions will ultimately result in increased adoption of the CSF and organizations being able to more broadly manage costs, reduce complexities and increase public trust in the protection of health information.

“Information protection involves more than just protecting our own environment; it is also about ensuring our business partners are complying with the same requirements,” said Sharon Black, Chief Information Security Officer, BlueCross BlueShield of Tennessee. “Having the CSF widely available will be extremely valuable to us as we implement the ARRA and HITECH requirements related to our business associates.”

“As more organizations participate in health information networks, the need to have a consistent and measurable level of how well organizations protect information is crucial to ensuring trust,” said Deb LaMarche, Program Manager, Utah Telehealth Network. “Our network sees enormous benefit in providing healthcare providers of all sizes and types with the guidance and best practices needed to ensure technology is adopted and information is shared appropriately, while maintaining security.”

Continuing with its efforts to facilitate collaboration and greater understanding of information security practices, approaches and requirements, HITRUST is launching the HITRUST Community Extension Program, a community adoption program centered around providing a local venue for healthcare information security professionals to network with peers, share experiences, and receive guidance on a multitude of information security topics. It is HITRUST’s belief that community support and collaboration, especially for smaller or less technically savvy organizations, is fundamental for overall protection of health information.

The Community Extension Program will be rolled out in Boston, Central New Jersey, Dallas-Fort Worth, Nashville, New York City, Philadelphia, San Francisco and Washington, DC. Additional cities will be added in the coming months. At least one session will occur monthly and will be broadcast live via the Internet to allow remote participation. A forum for each community will also be established in HITRUST Central to allow participants to collaborate with each other, facilitators and HITRUST support staff between in-person sessions. Each session will be facilitated by a recognized healthcare information security leader, all of which are CSF Certified Practitioners. The program is supported by Accenture, Deloitte & Touche, VeriSign, Verizon Business and Cisco Systems. Participation is open and free of charge to any healthcare organization.

“We are experiencing increasing adoption of the CSF, which continues to be the de facto framework for responsibly and practically addressing information security as part of an organization’s overall compliance program; this includes organizations requiring their business associates to become compliant with the CSF,” said Daniel Nutkis, Chief Executive Officer, HITRUST. “By making the CSF more widely available and providing a community-based outreach program we are removing any barriers or impediments that would limit organizations – large or small – from understanding the expectations and requirements of information protection.”

Since its March launch, HITRUST Central has served as a unique destination for healthcare information security professionals to gather relevant and important information – ranging from information security threats and vulnerabilities to implementation approaches and system considerations.

Current subscribers to HITRUST Central will continue with a Professional subscription, which provides online access to the CSF and Alternate Controls as well as online support and other resources not available through the new Standard subscription. The Standard subscription, available at no-charge, provides the CSF in a PDF format.

Visit www.HITRUSTalliance.net/starthere for more information on HITRUST Central and to learn more about the Community Extension Program.

About HITRUST
The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption and utilization of health information technologies and exchanges. This, in turn, is critical to realizing the related promise of quality improvement and cost containment in America’s healthcare system. HITRUST is collaborating with healthcare, business, technology, and information security leaders to establish a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. Beyond the establishment of the first common security framework, HITRUST is also driving adoption and widespread confidence in the framework and sound risk management practices through awareness, education, advocacy and other outreach activities. For more information, visit https://www.HITRUSTalliance.net.

#########

All product and company names herein may be trademarks of their respective owners.

Media Contact
Leslie Kesselring
Kesselring Communications, LLC (for HITRUST)
503.358.1012
pr@HITRUSTalliance.net

© 2009 HITRUST, INC.