Skip to content Skip to navigation

HITRUST Updates Security Framework, Adds Web-Based Tool

December 19, 2012
by Gabriel Perna
| Reprints

According to the Frisco,Texas-based Health Information Trust Alliance (HITRUST), its latest updates to the HITRUST Common Security Framework (CSF), will allow healthcare organization to more easily perform and manage CSF assessments, through a newly-created web-based tool and other upgrades. HITRUST, a collaboration of various healthcare, security, and risk management leaders, has created the CSF for healthcare organizations to “manage their information protection programs.”

The web-based tool, called MyCSF, integrates the CSF with other sources on data security protection and. It also has a customizable view, where healthcare organizations can see various views of the CSF based on multiple factors. HITRUST says this will allow organizations to capture unique risk information for its environment.  

“HITRUST offers comprehensiveness, scalability and simplicity within a single framework - built for healthcare - that is now supported by a full-featured and user-friendly tool that streamlines the CSF assessment and compliance process,” Daniel Nutkis, chief executive officer, HITRUST.

 According to HITRUST, the web-based tool also allows users to create dashboards and reports, based on the information they find, with a drag-and-drop application. The tool also can help organizations compare themselves to others at a “macro-level and a more granular level.”

In addition, the latest version of the CSF will have updates related to Stage 2 meaningful use requirements, and incorporate new standards and regulations, including “NIST SP 800-53 revision 4, Texas House Bill 300, the CORE security requirements, and a mapping to relevant COBIT 5 controls.” HISTRUST also says there have been updates to the CSF in regards to mobile, cloud, encryption, and third-party assurance.

Health IT Summit Series - Focus: CYBER-SECURITY

Get the latest information on Cyber-Security, and attend other valuable sessions at this two-day, intimate event bringing together C-level, physician, practice management and IT decision makers for strategy discussions, knowledge exchange, and one-on-one meetings.

Boston, June 23-24   |   Denver, July 12-13
Topics

News

House Ways and Means Committee Advances Bill to Provide Regulatory Relief for Docs

May 26, 2016
The U.S. House Committee on Ways and Means has passed a bill that among other provisions, would provide relief to hospital outpatient departments as well as consider patients’ socioeconomic status before penalizing hospitals in the Hospital Readmissions Reduction Program.

Health IT Leaders Address Cybersecurity Responsibilities at HHS during Congressional Hearing

May 25, 2016
During a House Energy and Commerce Subcommittee on Health hearing, healthcare IT leaders and security experts testified in support of proposed legislation to elevate and empower the CISO at the U.S. Department of Health and Human Services (HHS).

Study: Automated, Real-Time Surveillance Significantly Reduced Sepsis Mortality

May 25, 2016
Automated surveillance and real-time analysis led to a significant reduction in sepsis mortality at Alabama’s Huntsville Hospital, according to research recently published in the Journal of the American Medical Informatics Association (JAMIA).

Report: Bill to Fight Zika Could Strip HHS of MACRA Funds

May 25, 2016
With a House bill providing money to fight the Zika virus pending, the Department of Health and Human Services (HHS) may be stripped of funds that it was planning to use for Medicare Access and CHIP Reauthorization Act (MACRA) information technology provisions, according to a Morning Consult report.

Healthcare Organizations Push to Look at New Data Sources to Assess Telemedicine in Medicare

May 24, 2016
Several healthcare organizations have sent a letter to the Congressional Budget Office (CBO) and the Medicare Payment Advisory Commission (MedPAC) regarding the use of alternative data sources for cost estimates and analyses of telemedicine utilization in the Medicare program.

Study: Sharing Visit Notes with Patients Improves Patient Satisfaction, Trust and Safety

May 24, 2016
Improving transparency between physicians and their patients by allowing patients to view their visit notes in their health records can improve patient satisfaction, trust and safety, according to a recently published study.

CareFirst BlueCross BlueShield Awards $3M to Regional Telemedicine Programs

May 24, 2016
Baltimore-based CareFirst BlueCross BlueShield plans to award nearly $3 million to ten healthcare organizations to help develop or expand existing regional telemedicine initiatives.

Intermountain Launches New Telehealth Service

May 24, 2016
Intermountain Healthcare has launched a new telehealth service that connects patients in Idaho and Utah with the health system’s providers 24 hours a day, 7 days a week, through video and audio conferencing on the web.

Kansas Heart Hospital Hit With Ransomware; Hackers Do Not Unlock Files After Receiving Ransom Payment

May 23, 2016
Wichita, Kan.-based Kansas Heart Hospital was hit with a ransomware attack last Wednesday, but after the hospital paid an undisclosed ransom, the hackers demanded more, according to local news reports.

Intermountain Healthcare Names New CEO

May 23, 2016
Salt Lake City-based Intermountain Healthcare has appointed A. Marc Harrison, M.D., as its new president and CEO to take the helm when current CEO Charles Sorenson, M.D., retires in October.

Study: Hospitals Making Significant Investments in Smartphone-Based Communications

May 20, 2016
Sixty-three percent of hospitals and health systems have deployed or plan to deploy a mobile communications platform supporting more than 500 smartphones in the next year, according to a new survey from Spyglass Consulting Group.

UConn Health Appoints Dirk Stanley, M.D., as First CMIO to Oversee EMR Implementation Project

May 20, 2016
The University of Connecticut Health Center (UConn Health), based in Farmington, Conn., has announced the appointment of Dirk Stanley, M.D., as its first Chief Medical Information Officer.

Potential Data Breach at Children’s National Health System Due to Vendor Misconfiguration

May 20, 2016
Children’s National Health System, based in Washington, D.C., has issued a notice about a potential data breach after a third-party vendor inadvertently misconfigured a file site that enabled patient information to be accessed online.

CHIME, AEHIS, Offer Suggestions to Lawmakers for Improved Cybersecurity

May 20, 2016
The College of Healthcare Information Management Executives (CHIME) and the Association for Executives in Healthcare Information Security (AEHIS) have written a statement to lawmakers offering suggestions for how to bolster healthcare cybersecurity.

MUSC Health Invests $36M in Patient Monitoring Technology Partnership

May 20, 2016
Charleston-based Medical University of South Carolina Health (MUSC Health) announced an 8-year, $36 million strategic partnership with Philips to implement integrated patient monitoring technologies.

Pages