HITRUST updates security compliance certification

The Health Information Trust Alliance (HITRUST) is revamping its Common Security Framework Assurance Program, a certification scheme that helps healthcare organizations identify and remedy inefficient practices in security compliance reporting. The new program offers two levels of testing, CSF Validated and CSF Certified. The latter tests organizations against HITRUST CSF standards and offers standardized plans for corrective action. The more comprehensive Certified track verifies that organizations meet all CSF requirements, which the alliance says allows for greater operational efficiencies.

"The current method of measuring and reporting compliance is fraught with rampant inconsistencies and tremendous waste of time and resources, all of which work against the goals of healthcare reform from both an efficiency and information protection perspective," HITRUST CEO Daniel Nutkis says, according to Healthcare IT News. "The confirmation of the need for a new approach is evident in the fact that so many healthcare organizations are already requiring or encouraging their business associates to participate in the CSF Assurance Program. In addition, we are seeing many business associates proactively take part in the program prior to a request being made," Nutkis said.

The news comes just days after HIMSS Analytics reported [1] that many HIPAA business associates are not prepared for new privacy and security standards, particularly the requirement to notify individuals if their personal data is breached.

For more information:
- take a look at this Healthcare IT News story [2]

Related Articles:
HITRUST releases proposed security framework [3]
U.S. hospitals have security "blind spot" [4]