In an increasingly technology driven world, information security has become an essential business process in today’s healthcare industry. Healthcare providers rely more and more on emerging technologies to create, access, store and transmit sensitive data. This reliance on technology, as well as publicized, large-scale healthcare data breaches, has led to more healthcare organizations becoming aware of increasing cybersecurity risks.
The Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), a build upon of HIPAA information security guidelines and requirements, has become the information protection framework for the healthcare industry. The HITRUST CSF is a collaboration of healthcare, technology, and information security leaders charged with creating a certifiable framework that provides organizations with a comprehensive, flexible and efficient approach to regulatory compliance and risk management.
In the past, the standard for information security in the healthcare industry was the Health Insurance Portability and Accountability Act (HIPAA). Instituted in 1996, the primary goal of HIPAA is to make it easier for people to keep their health insurance, to protect sensitive healthcare information, and to reduce healthcare administrative costs. HIPAA standards require healthcare providers to ensure the confidentiality, integrity and availability of any data they create, access, store or transmit, and also provide reasonable protection of this sensitive data. Oftentimes however, HIPAA guidelines are too vague and allow too much latitude in their interpretation. As a result, healthcare providers that adhere to HIPAA requirements are often unsure of what constitutes “reasonable and appropriate” protections. At times, providers may introduce security policies that are unnecessary, or even at times, inadequate.
HITRUST helps organizations by laying out a comprehensive and efficient framework for managing security requirements described in HIPAA. HITRUST should be looked at as an important, industry-managed approach to meeting HIPAA security requirements.
Many healthcare providers, including Anthem, Health Care Services Corp., Highmark, Humana and UnitedHealth Group, are requiring business associates to demonstrate compliance with the HITRUST CSF. Providers are requiring their business associates to obtain HITRUST CSF certification as a means of demonstrating effective security and privacy practices aligned with the requirements of the healthcare industry.
Skoda Minotti is an approved HITRUST CSF assessor and can help covered entities and business associates with HITRUST readiness assessments, including CSF self-assessments, implementation and consulting, and validated reports with certification. To learn more about Skoda Minotti’s HITRUST services and readiness assessment, please contact Chris Shaffer today—call 440-449-6800 or email Chris.