Skip to content Skip to navigation

HITRUST Updates Security Framework, Adds Web-Based Tool

December 19, 2012
by Gabriel Perna
| Reprints

According to the Frisco,Texas-based Health Information Trust Alliance (HITRUST), its latest updates to the HITRUST Common Security Framework (CSF), will allow healthcare organization to more easily perform and manage CSF assessments, through a newly-created web-based tool and other upgrades. HITRUST, a collaboration of various healthcare, security, and risk management leaders, has created the CSF for healthcare organizations to “manage their information protection programs.”

The web-based tool, called MyCSF, integrates the CSF with other sources on data security protection and. It also has a customizable view, where healthcare organizations can see various views of the CSF based on multiple factors. HITRUST says this will allow organizations to capture unique risk information for its environment.  

“HITRUST offers comprehensiveness, scalability and simplicity within a single framework - built for healthcare - that is now supported by a full-featured and user-friendly tool that streamlines the CSF assessment and compliance process,” Daniel Nutkis, chief executive officer, HITRUST.

 According to HITRUST, the web-based tool also allows users to create dashboards and reports, based on the information they find, with a drag-and-drop application. The tool also can help organizations compare themselves to others at a “macro-level and a more granular level.”

In addition, the latest version of the CSF will have updates related to Stage 2 meaningful use requirements, and incorporate new standards and regulations, including “NIST SP 800-53 revision 4, Texas House Bill 300, the CORE security requirements, and a mapping to relevant COBIT 5 controls.” HISTRUST also says there have been updates to the CSF in regards to mobile, cloud, encryption, and third-party assurance.

Topics

News

Allegheny Health Network, VA Pittsburgh Integrate EMR Systems

Allegheny Health Network (AHN), based in Pittsburgh, and VA Pittsburgh Healthcare System (VAPHS), have announced the successful integration of their electronic medical record (EMR) platforms.

Wisconsin Urology Group Notifies Patients of Data Breach Due to Ransomware Attack

Wauwatosa, Wis.-based Metropolitan Urology Group has notified its patients of a breach of unsecured patient health information due to a ransomware attack back in November 2016.

Study: For Post-Op Patients, Mobile Apps for Follow-Up Care Led to Fewer In-Person Visits

For patients undergoing ambulatory surgery, those who used a mobile app for follow-up care attended fewer in-person visits post- operation than patients who did not use the app, according to a study in JAMA Surgery.

Information Blocking is Routine and Fairly Widespread, Survey of HIEs Finds

In a survey, 50 percent of HIE leaders said electronic health record (EHR) vendors "routinely" engage in information blocking, and 25 percent reported that hospitals and health systems routinely engage in business practices that interfere with electronic health information exchange.

ONC Updates SAFER Guides to Address EHR Safety

The Office of the National Coordinator for Health IT (ONC) published updated safety best practices, called the Safety Assurance Factors for Electronic Health Record Resilience (SAFER) Guides, to identify recommended practices to optimize the safety and safe use of electronic health records (EHRs).

Survey: Healthcare Organizations Remain Underprepared for MACRA

Two-thirds of healthcare providers report that they are “unprepared” or “very unprepared” for managing and executing Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) initiatives, according to a survey from Pittsburgh-based Stoltenberg Consulting Inc.