HITRUST releases proposed security framework
In recent times, we've been telling you about new requirements for health IT security, including a new requirement from the FTC that since healthcare providers are creditors, they need to have identity theft policies in place by next year.
Now, in an effort to make implementing these protections simpler, on top of other security efforts, a group of large healthcare companies is attempting to create a set of security practices that can be standardized. The standards, which were just released in draft form from the non-profit Health Information Trust Alliance LLC (HITRUST), are the work of the nine large healthcare organizations that created the organization.
The HITRUST Common Security Framework (.pdf) includes a broad framework and three separate components. These include an information security implementation manual addressing common standards like HIPAA, NIST SPS 800, ISO/IEC 27799 and COBIT 4.1; a tool cross-referencing HITRUST standards with well known standards and regs from other groups; and a readiness toolkit.
If this looks good to you, prepare to make a big investment, as single-entity licenses are $8,500 and enterprise-wise licenses are $31,000.
To learn more about the new draft standards:
- read this Wall Street Journal piece (reg. req.)