Skip to content Skip to navigation

HITRUST Releases New Guidance for Healthcare Organizations to Assess Cybersecurity Preparedness

April 10, 2013
by John DeGaspari
| Reprints
HITRUST Releases New Guidance for Healthcare Organizations to Assess Cybersecurity Preparedness Rise in Cyber Threats Targeted at the Healthcare Industry Leads to Increased Industry Awareness

In response to heightened awareness and concerns about cyber threats, attacks and incidents, the Health Information Trust Alliance (HITRUST) announced today new guidance for healthcare organizations wanting to assess the state of their cybersecurity preparedness. The guidance identifies an appropriate subset of controls within the HITRUST Common Security Framework (CSF) that are most directly related to detecting and thwarting cyber-related breaches and allows organizations to assess against the cyber-specific controls and receive a snapshot of their cyber capabilities and readiness. 

“As predicted, HITRUST has seen a marked increase in the frequency and sophistication of cyber attacks targeted at healthcare organizations,” said Daniel Nutkis, chief executive officer, HITRUST. “What is raising concerns is the amount of personal health information misappropriated from health plans and providers that is for sale on the various hacker forums. As the sophistication and intensity of cyber attacks increases, HITRUST believes it is more critical than ever that healthcare organizations have the appropriate safeguards in place and a means by which to review their current level of preparedness.”

More than a year ago HITRUST established the HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3). The HITRUST C3 provides cyber threat intelligence and incident coordination specific to healthcare organizations and acts as a vehicle for sharing cyber threat information between healthcare organizations and the government. The signing of the White House Cybersecurity Executive Order in February 2013 has added to the awareness and sensitivity of the risks associated with cyber threats and escalating need for cybersecurity preparedness, according to HITRUST.

The HITRUST Cybersecurity Working Group was established to review the CSF and ensure the controls fully incorporate best practices consistent with the various risk factors related to cybersecurity for healthcare organizations. Given the increasing volume, sophistication and risks associated with cyber attacks perpetrated on healthcare organizations and increased awareness by legislators and regulators, HITRUST believes there is real value in providing additional guidance to organizations wanting to review their current level of preparedness, according to the group.

With this guidance, organizations not yet assessing themselves against all the CSF controls will be able to focus immediately on the specific set of CSF controls that are highly related to cybersecurity. They will then be well positioned to complete a full CSF assessment in the future.

The working group will meet at HITRUST’s annual conference in May 2013 to receive industry comments and finalize the guidance. HITRUST does not expect significant changes to the guidance and is releasing the guidance in its current state so that organizations are not delayed in assessing their cybersecurity preparedness.  The working group is also responsible for coordinating the submission of HITRUST’s recommendations to the National Institute of Standards and Technology (NIST) relating to the development of a national Cybersecurity Framework as outlined in the Executive Order. 

Organizations can download a white paper published by HITRUST that describes a basic risk management framework (RMF) and details the HITRUST RMF. 

The new cybersecurity guidance is available for review via HITRUST Central.

Health IT Summit Series - Focus: CYBER-SECURITY

Get the latest information on Cyber-Security, and attend other valuable sessions at this two-day, intimate event bringing together C-level, physician, practice management and IT decision makers for strategy discussions, knowledge exchange, and one-on-one meetings.

Boston, June 23-24   |   Denver, July 12-13
Topics

News

Moffitt Cancer Center Deploys Private Network to Improve Data Sharing Between Researchers and Physicians

June 27, 2016
Tampa, Fla.-based Moffitt Cancer Center is deploying its own private enterprise network to link medical imaging, electronic health records (EHRs) and molecular medicine to facilitate collaboration between physicians, researchers and clinicians.

Report: Meaningful Use Payments Total $34.7 Billion

June 27, 2016
Since the beginning of the meaningful use program and through May 2016, the Centers for Medicare & Medicaid Services (CMS) has allocated $34.69 billion in meaningful use incentives payments, according to CMS data.

Physician Organizations Voice Concerns About Complexity, Timing of MIPS/APMs Proposed Rule

June 27, 2016
Numerous physician organizations have submitted comments to the Centers for Medicare & Medicaid Services (CMS) calling for the agency to reconsider the timing and complexity of a massive proposed rule that implements Medicare’s new physician payment system.

Medical Imaging Collaborative Aims to Bring Cognitive Computing to Radiology

June 24, 2016
A collaborative of 16 health systems, academic medical centers, ambulatory radiology providers and imaging technology vendors formed by IBM Watson aims to bring cognitive imaging into daily practice.

Research: Prescription Drug Monitoring Programs Prove Worthwhile in Preventing Opioid Deaths

June 24, 2016
The implementation of state prescription drug monitoring programs (PDMPs) was associated with the prevention of approximately one opioid-related overdose death every two hours on average nationwide, according to a new Vanderbilt-led study published in Health Affairs.

VA Officials Discuss Modernizing EHR System During Senate Committee Hearing

June 24, 2016
U.S. Department of Veterans Affairs (VA) officials indicated that the agency will likely look for a commercial electronic health record system during a discussion about its 40-year-old homegrown system at a Senate committee hearing this week.

Maine’s HIE Reports Strong Growth in Usage, Expansion of Analytics Capabilities

June 23, 2016
In its latest annual report, Maine’s state HIE, HealthInfoNet, reports a 52 percent growth in the number of users accessing the system since 2014 and a 69 percent increase in the number of patients whose records have been viewed across the largely rural state.

HHS Names New Members to HIT Policy and Standards Committees

June 23, 2016
The U.S. Department of Health and Human Services (HSS) Secretary Sylvia Burwell named eight new members of the Health Information Technology Standards Committee (HITSC) and one new member to the Health IT Policy Committee (HITPC).

OpenNotes and AMDIS Partner to Advance Medical Record Transparency

June 22, 2016
The Association of Medical Directors of Information Systems (AMDIS) and OpenNotes have announced a partnership to advance transparency in health care and enhance patient and clinician communication.

McKesson Considers Merging IT Unit with Change Healthcare, Media Report Says

June 22, 2016
Health information technology (IT) vendor McKesson has held talks about merging its IT unit with healthcare technology company Change Healthcare, according to a Reuters article.

Study: 77 Percent of Healthcare Organizations Will Use Public Cloud This Year, But Security Concerns Persist

June 21, 2016
More than half of surveyed healthcare executives have reported moving “Tier 1” applications to the cloud or software-defined data centers and 77 percent said they plan to move additional systems to the public cloud this year, according to a report from HyTrust.

HL7, IHE Renew Agreement for Interoperability, FHIR Collaboration

June 21, 2016
Health Level Seven International (HL7) and Integrating the Healthcare Enterprise (IHE) have renewed their cooperation agreement to advance the goal of interoperability of health information.

Survey: Payers, Providers Project Value-Based Reimbursement Will Eclipse Fee-for-Service by 2020

June 21, 2016
According to the results of a new survey, value-based payment has hit the tipping point, with bundled payment projected to grow rapidly in the next five years and as payers’ network strategies are changing, getting narrower and more selective. The survey results also reveal that payers and hospitals are somewhat struggling to scale these complex strategies.

HHS Announces $100M in Funding to Help Small Practices with MACRA

June 21, 2016
The Department of Health and Human Services (HHS) has announced $20 million each year over the next five years to fund on-the-ground Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) training and education for Medicare clinicians in individual or small group practices.

AMA CEO: “Digital Snake Oil” Remarks Have Initiated Much-Needed Discussion

June 20, 2016
The American Medical Association’s (AMA) CEO and executive vice president, James Madara, M.D., discussed further his recent comments about digital health products being “snake oil of the early 21st century.”

Pages