HITRUST like many others has recognized that smaller organizations are struggling with the selection, acquisition, implementation, operation, and training associated with information security tools and processes necessary to demonstrate compliance and manage cyber risk. To address this challenge, HITRUST established CyberAid, an innovative approach designed to help smaller healthcare organizations—specifically physician practices with less than 75 employees—address growing cyber risks and information protection challenges by providing them with a cyber security solution designed to support their small business environment.
HITRUST and Children’s Health℠, the leading pediatric health care system in North Texas, are working together to launch HITRUST CyberAid at 80 physician practices in North Texas, before the program is rolled out nationally in September 2016.
HITRUST CyberAid evaluates and identifies solutions and processes that can be implemented, managed and operated cost effectively by organizations with limited technical and financial resources, while ensuring the selected solutions meet the security control requirements and provide an effective level of cyber threat protection. It only selects solutions that support and align with broader industry objectives, such as the ability for organizations to automatically consume and contribute IOCs with the HITRUST CTX in a manner transparent to the participating organization.
The HITRUST CyberAid “offering” consists of installation assistance, hardware, software, monitoring services, training, and support. Recovery support relating to incidents will be made available. HITRUST will perform ongoing measurement of the program’s effectiveness through evaluation of the following package components:
- Ability to mitigate cyber risks
- Practicality of use within small organizations
- Capacity to support cyber threat information sharing of indicators of compromise (IOCs)
- Proficiency in facilitating routine, streamlined security assessments
- Acquisition and maintenance affordability
The initial technology and service bundles a cloud-hybrid network security appliance, endpoint security software (supporting Windows, Mac OSX, and mobile devices with Android, IOS), installation assistance, monitoring services and support.
HITRUST has engaged and evaluated information security vendors to ensure these solutions are providing the required technical and operational capabilities needed to deliver the expected results over time in a cost effective manner. Through its collaboration with vendors and its work with the physician community to understand the cost considerations, HITRUST has defined the optimum price points in the $25 to $60 per user, per year for a complete CyberAid package. It is anticipated additional CyberAid packages will be added in the future to expand the available choices.
The HITRUST CyberAid program also encourages and will support organizations in outreach and education regarding CyberAid to the physicians and practices in their local community.
View the HITRUST CyberAid press release
Organizations wanting more information on the HITRUST CyberAid program or organizations wanting to partner to help physicians in their community can visit here.