Skip to content Skip to navigation

HITRUST Releases New Guidance for Healthcare Organizations to Assess Cybersecurity Preparedness

April 10, 2013
by John DeGaspari
| Reprints
HITRUST Releases New Guidance for Healthcare Organizations to Assess Cybersecurity Preparedness Rise in Cyber Threats Targeted at the Healthcare Industry Leads to Increased Industry Awareness

In response to heightened awareness and concerns about cyber threats, attacks and incidents, the Health Information Trust Alliance (HITRUST) announced today new guidance for healthcare organizations wanting to assess the state of their cybersecurity preparedness. The guidance identifies an appropriate subset of controls within the HITRUST Common Security Framework (CSF) that are most directly related to detecting and thwarting cyber-related breaches and allows organizations to assess against the cyber-specific controls and receive a snapshot of their cyber capabilities and readiness. 

“As predicted, HITRUST has seen a marked increase in the frequency and sophistication of cyber attacks targeted at healthcare organizations,” said Daniel Nutkis, chief executive officer, HITRUST. “What is raising concerns is the amount of personal health information misappropriated from health plans and providers that is for sale on the various hacker forums. As the sophistication and intensity of cyber attacks increases, HITRUST believes it is more critical than ever that healthcare organizations have the appropriate safeguards in place and a means by which to review their current level of preparedness.”

More than a year ago HITRUST established the HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3). The HITRUST C3 provides cyber threat intelligence and incident coordination specific to healthcare organizations and acts as a vehicle for sharing cyber threat information between healthcare organizations and the government. The signing of the White House Cybersecurity Executive Order in February 2013 has added to the awareness and sensitivity of the risks associated with cyber threats and escalating need for cybersecurity preparedness, according to HITRUST.

The HITRUST Cybersecurity Working Group was established to review the CSF and ensure the controls fully incorporate best practices consistent with the various risk factors related to cybersecurity for healthcare organizations. Given the increasing volume, sophistication and risks associated with cyber attacks perpetrated on healthcare organizations and increased awareness by legislators and regulators, HITRUST believes there is real value in providing additional guidance to organizations wanting to review their current level of preparedness, according to the group.

With this guidance, organizations not yet assessing themselves against all the CSF controls will be able to focus immediately on the specific set of CSF controls that are highly related to cybersecurity. They will then be well positioned to complete a full CSF assessment in the future.

The working group will meet at HITRUST’s annual conference in May 2013 to receive industry comments and finalize the guidance. HITRUST does not expect significant changes to the guidance and is releasing the guidance in its current state so that organizations are not delayed in assessing their cybersecurity preparedness.  The working group is also responsible for coordinating the submission of HITRUST’s recommendations to the National Institute of Standards and Technology (NIST) relating to the development of a national Cybersecurity Framework as outlined in the Executive Order. 

Organizations can download a white paper published by HITRUST that describes a basic risk management framework (RMF) and details the HITRUST RMF. 

The new cybersecurity guidance is available for review via HITRUST Central.

Health IT Summit Series - Focus: CYBER-SECURITY

Get the latest information on Cyber-Security, and attend other valuable sessions at this two-day, intimate event bringing together C-level, physician, practice management and IT decision makers for strategy discussions, knowledge exchange, and one-on-one meetings.

Boston, June 23-24   |   Denver, July 12-13
Topics

News

CMS to Allow ACOs to Join Forthcoming CPC+ Model

May 31, 2016
The Centers for Medicare & Medicaid Services (CMS) has opened up its new Comprehensive Primary Care Plus (CPC+) initiative to 1,500 eligible primary care practices currently in the Medicare Shared Savings Program (MSSP).

Study: Telemedicine Can Improve Diabetes Care for Patients in Correctional Facilities

May 31, 2016
As patients in correctional facilities have difficulty obtaining consultations with specialists, the use of telemedicine can help improve access to endocrinologists. A new study has found that these teleconsultations improved diabetes care for prisoners from 15 correctional facilities.

Nearly All Hospitals Using Certified EHRs, But Children’s and Psychiatric Hospitals Continue to Lag in EHR Adoption

May 31, 2016
In 2015, 84 percent of the nation’s hospitals reported adoption of at least a basic electronic health record (EHR) system, a nine-fold increase since 2008, according to new survey data released by the Office of the National Coordinator for Health IT (ONC).

Arizona HIE Integration Plan Supported by Regional Behavioral Health Authorities

May 31, 2016
Arizona’s three regional behavioral health authorities (RBHAs) have joined in a statewide plan to integrate physical and behavioral health in the statewide health information exchange (HIE), The Network, the Arizona Health-e Connection (AzHeC) announced last week.

CHIME Creates a New Cybersecurity Center and Program Office

May 31, 2016
CHIME announces the creation of a Cybersecurity Center and Program Office with the intention of helping to improve information-sharing and collaboratively develop and spread best practices around cybersecurity

IBM Watson Health Hires Health IT Vet Paul Tang as Chief Health Transformation Officer

May 27, 2016
Paul Tang, M.D., former vice president and chief innovation and technology officer at the Palo Alto Medical Foundation in California, has joined IBM Watson Health as its vice president and chief health transformation officer.

Mayo Clinic Gets $142M to Serve as Precision Medicine Initiative Biobank

May 27, 2016
Rochester, Minn.-based Mayo Clinic will be awarded $142 million in funding over five years by the National Institutes of Health (NIH) to serve as the national Precision Medicine Initiative (PMI) Cohort Program biobank.

House Ways and Means Committee Advances Bill to Provide Regulatory Relief for Docs

May 26, 2016
The U.S. House Committee on Ways and Means has passed a bill that among other provisions, would provide relief to hospital outpatient departments as well as consider patients’ socioeconomic status before penalizing hospitals in the Hospital Readmissions Reduction Program.

Health IT Leaders Address Cybersecurity Responsibilities at HHS during Congressional Hearing

May 25, 2016
During a House Energy and Commerce Subcommittee on Health hearing, healthcare IT leaders and security experts testified in support of proposed legislation to elevate and empower the CISO at the U.S. Department of Health and Human Services (HHS).

Study: Automated, Real-Time Surveillance Significantly Reduced Sepsis Mortality

May 25, 2016
Automated surveillance and real-time analysis led to a significant reduction in sepsis mortality at Alabama’s Huntsville Hospital, according to research recently published in the Journal of the American Medical Informatics Association (JAMIA).

Report: Bill to Fight Zika Could Strip HHS of MACRA Funds

May 25, 2016
With a House bill providing money to fight the Zika virus pending, the Department of Health and Human Services (HHS) may be stripped of funds that it was planning to use for Medicare Access and CHIP Reauthorization Act (MACRA) information technology provisions, according to a Morning Consult report.

Healthcare Organizations Push to Look at New Data Sources to Assess Telemedicine in Medicare

May 24, 2016
Several healthcare organizations have sent a letter to the Congressional Budget Office (CBO) and the Medicare Payment Advisory Commission (MedPAC) regarding the use of alternative data sources for cost estimates and analyses of telemedicine utilization in the Medicare program.

Study: Sharing Visit Notes with Patients Improves Patient Satisfaction, Trust and Safety

May 24, 2016
Improving transparency between physicians and their patients by allowing patients to view their visit notes in their health records can improve patient satisfaction, trust and safety, according to a recently published study.

CareFirst BlueCross BlueShield Awards $3M to Regional Telemedicine Programs

May 24, 2016
Baltimore-based CareFirst BlueCross BlueShield plans to award nearly $3 million to ten healthcare organizations to help develop or expand existing regional telemedicine initiatives.

Intermountain Launches New Telehealth Service

May 24, 2016
Intermountain Healthcare has launched a new telehealth service that connects patients in Idaho and Utah with the health system’s providers 24 hours a day, 7 days a week, through video and audio conferencing on the web.

Pages