Program promotes education and collaboration on risk management and cybersecurity through community outreach
July 26, 2017 – Frisco, TX – HITRUST announced today the launch of a Community Extension Program that will provide healthcare organizations of all types and sizes an opportunity to engage with local peers to discuss the challenges, best practices and lessons learned in effectively implementing a risk management program and improving cybersecurity practices by leveraging the HITRUST CSF, HITRUST cyber threat sharing and response, and other HITRUST programs. The program will promote education and collaboration in communities across the U.S. and will feature town hall events in 50 cities with more added based on demand over the next 12 months.
With the persistence of cyber related threats, healthcare organizations are striving not just to enhance and improve their information risk management, regulatory compliance and cyber resilience programs – but do so in an efficient and effective manner. Because the HITRUST CSF, CSF Assessment and cyber threat sharing and response programs are so widely adopted and are key components of many organization and third-party vendor strategies, this program will aid in streamlining adoption and promoting greater collaboration between organizations across the country. In addition, the growing number of CSF Assessors, currently over 65, will be leveraged as resources across the country and will enable more ongoing community collaboration.
“We encouraged HITRUST to launch this program and are extremely pleased to be a part of it in Boston,” said Taylor Lehmann, CISO, Tufts Medical Center. “The importance of improving the overall cyber resilience of organizations cannot be overstated. Although it’s a difficult goal, HITRUST provides a number of programs that make the goal achievable and sharing best practices, lessons learned and remediation strategies makes the community stronger.”
These town hall events will be coordinated by HITRUST, hosted by organizations within the community and facilitated by HITRUST CSF Assessors. Some of the topics that will be covered include:
- Structuring and implementing an information risk management program
- Considerations in implementing the HITRUST CSF
- Leveraging the HITRUST CSF to implement the NIST Cybersecurity Framework
- Considerations regarding a HITRUST CSF Assessment and reporting options
- Leveraging the HITRUST Cyber Threat Catalogue
- Implementing a third-party assurance program and effective vendor risk management
- How to align information risk management and cyber insurance programs
- Engaging in cyber information sharing and how it supports cyber threat management regardless of size or cyber maturity
HITRUST’s experience has shown that education and knowledge transfer play a fundamental role in simplifying the process, shortening the time in adopting its programs and maximizing their value. In addition, many benefits are gained in collaborating with peers to share lessons learned, discuss best practices and establish relationships that support ongoing knowledge transfer and collaboration as it relates to implementing the HITRUST CSF or addressing the latest cyber threats.
These sessions will be held initially in 50 communities across the U.S. and will be expanded or duplicated over the coming year based on demand, the first six being:
- Boston, MA – hosted by Tufts Medical Center, facilitated by PwC
- Houston, TX – hosted by Texas Children’s Hospital, facilitated by Deloitte
- Denver, CO – hosted by Centura Health, facilitated by Coalfire
- Dallas, TX – hosted by Blue Cross Blue Shield of Texas, facilitated by Deloitte
- Cleveland, OH – hosted by Cleveland Clinic, facilitated by Beyond LLC
- Seattle, WA – hosted by Microsoft, facilitated by Coalfire
“We are very excited to be launching this new program and furthering HITRUST’s engagement with local communities,” said Michael Parisi, vice president, assurance strategy and community development, HITRUST. “This program provides significant value by allowing organizations to engage with, and learn from, others in the community about how they approach the challenges related to managing risk, controlling compliance costs while effectively implementing a strong security posture and defending against cyber threats.”
More information on the dates, locations, agenda and registration requirements can be found here.
View the official press release here.
Founded in 2007, the HITRUST Alliance, a not for profit, was born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST—in collaboration with public and private healthcare technology, privacy and information security leaders—has championed programs instrumental in safeguarding health information and managing information risk while ensuring consumer confidence in the organizations that create, store or exchange their information.
HITRUST develops, maintains and provides broad access to its common risk and compliance management and de-identification frameworks, and related assessment and assurance methodologies, as well as programs supporting cyber sharing, analysis and resilience. HITRUST also leads many efforts in advocacy, awareness and education relating to information protection.
For more information, visit www.HITRUSTalliance.net.