HITRUST Adds Privacy Controls to its Common Security Framework | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

HITRUST Adds Privacy Controls to its Common Security Framework

January 7, 2015
by John DeGaspari
| Reprints
The addition of privacy controls will create a fully integrated information security and privacy framework, according to the group

The Health Information Trust Alliance (HITRUST) says it has added privacy controls to version seven of the HITRUST Common Security Framework (CSF) being released later this month. This addition creates a fully integrated privacy and security framework that meets the regulatory requirements of the U.S. healthcare industry, according to the group, which says organizations can now rely on a single framework to manage their information privacy and security risk and compliance.

Developed over the last 18 months by the HITRUST Privacy Working Group, the privacy controls are meant to provide better alignment between healthcare organizations’ security and privacy programs and allow for an integrated approach for protecting health information under Health Information Portability and Accountability Act (HIPAA). After conducting a review of various privacy frameworks, standards and regulations, the working group recommended the inclusion of specific privacy control categories, objectives, specifications and requirements by implementation level.

The HITRUST CSF has evolved into a more comprehensive and robust framework with which organizations can address their security and privacy programs and reduce the burden of compliance with all the applicable healthcare-related requirements, according to the group. Although the HITRUST CSF will incorporate both privacy and security controls, organizations will have the option to obtain certification for privacy, security or both in order to choose the approach and pace most suited to their operational and compliance objectives.

In addition, this release of the HITRUST CSF incorporates the Minimum Acceptable Risk Standards for Exchanges (MARS-E), additional guidance for cyber security, and enhancements to risk factors and assurance methodology. HITRUST is currently updating MyCSF to support the additional privacy controls and enable organizations to perform privacy control assessments, compliance reporting and related remediation tracking within the tool.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Geisinger National Precision Health Hires Illumina Exec to Lead Business Development

Integrated health system Geisinger has hired a high-profile genetic counselor to head up business development for Geisinger National Precision Health, which was created to extend the Geisinger model on the national scene.

$30M VC Fund Launched to Spur Innovation in Cardiovascular Care

The American Heart Association, together with Philips and UPMC, has announced the launch of Cardeation Capital, a $30 million collaborative venture capital fund designed to spur healthcare innovation in heart disease and stroke care.

Epic Wins Labor Dispute in Closely Divided Supreme Court Decision

Epic Systems Corporation won a major labor-law ruling in the Supreme Court on Monday, centering around the extent of corporations’ right to force employees to sign arbitration agreements, and with a 5-4 ruling in its favor

Survey: Two-Thirds of Physician Practices Seeking Out Value-Based Care Consulting Firms

Most physician organizations are not prepared for the move to value-based care, and 95 percent CIOs of group practices and large clinics state they do not have the information technology or staff in-house needed to transform value-based care end-to-end, according to a recent Black Book Market Research.

Cumberland Consulting Buys LinkEHR, Provider of Epic Help Desk Services

Cumberland Consulting Group, a healthcare consulting and services firm, has acquired LinkEHR, which provides remote application support, including Epic help desk services.

Population Health Tool that Provides City-Level Data Expands to 500 Cities

A data visualization tool that helps city officials understand the health status of their population, called the City Health Dashboard, has now expanded to 500 of the largest cities in the U.S., enabling local leaders to identify and take action around the most pressing health needs in their cities and communities.