HITRUST updates security framework

The Health Information Trust Alliance (HITRUST) has released version 4.0 of the HITRUST Common Security Framework (CSF) and an updated version of the CSF Assurance Program, which includes changes pertaining to the National Institute of Standards and Technology’s (NIST) 800-53 revision 3.

Updates have been made to the CSF Assurance Program so that the program's components accurately reflect both regulatory and market dynamics. Twelve controls were added and one removed from the controls required for certification under the 2012 CSF Assurance Program.
Other advancements related to the CSF Assurance Program include the availability of an integrated Common Health Information Protection (CHIP) Questionnaire and CSF Compliance Worksheet, as well as new illustrative guidance for the CHIP Questionnaire, clarification of assessment and documentation requirements and tighter alignment of scoring criteria with NIST's capability maturity model to better support assessment scoping and execution.

The Frisco, Texas-based IT security collaboration regularly updates the CSF and the CSF Assurance Program to ensure compliance with HIPAA, as well as various other state and federal regulations, according to a Jan. 12 statement. Going forward, HITRUST will incorporate privacy requirements into the CSF to create an integrated security and privacy framework. Available in December, the integrated framework will initially incorporate the new privacy control catalog in the recent release of NIST SP 800-53 r4 as well as changes resulting from ISACA's release of COBIT 5 in 2012.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.