HITRUST launches health IT security program
The Health Information Trust Alliance (HITRUST) has established the common security framework (CSF) program to develop criteria and provide consistency in how information security products and services are evaluated.
The HITRUST CSF is an IT security framework specially designed for healthcare information. The new program will help healthcare organizations—tasked with identifying and implementing security solutions as they adopt EHRs—reduce the complexity of the information security procurement process.
According to HITRUST, industry leaders from the security assurance and information security communities are participating in the CSF Ready Program, which will be coordinated by a steering committee that includes co-chairs ICSA Labs and McAfee, and founding members CA, Cisco Systems, nCircle, NSS Labs, RSA, the security division of EMC, Symantec, Trend Micro and VeriSign. An advisory committee, consisting of security professionals representing healthcare organizations, is also being established
The steering committee’s objectives will center on creating criteria to aid organizations in assessing an information security product’s capabilities, functionality, effectiveness and support of security practices, and usefulness for HITRUST CSF compliance.
This criteria will be used to assess whether products or services can achieve CSF Ready status—a designation that will allow organizations to find out if a product or service does what it is supposed to do and meets CSF requirements.
HITRUST said it does not replace other information security certifications, but instead establishes an "alternative for organizations trying to streamline compliance costs while at the same time working to comply with the numerous evolving state and federal regulations and industry standards.”
It will do this, HITRUST said, by identifying and leveraging acceptable information security capabilities and those existing certifications that meet or exceed them. Products that have already obtained those certifications will, most likely, have an easier time getting the CSF Ready designation, and, by extension, products with CSF Ready status should be able to use that as a stepping stone to get other high security designations.
Click here for more information on the CSF Ready Program.
The HITRUST CSF is an IT security framework specially designed for healthcare information. The new program will help healthcare organizations—tasked with identifying and implementing security solutions as they adopt EHRs—reduce the complexity of the information security procurement process.
According to HITRUST, industry leaders from the security assurance and information security communities are participating in the CSF Ready Program, which will be coordinated by a steering committee that includes co-chairs ICSA Labs and McAfee, and founding members CA, Cisco Systems, nCircle, NSS Labs, RSA, the security division of EMC, Symantec, Trend Micro and VeriSign. An advisory committee, consisting of security professionals representing healthcare organizations, is also being established
The steering committee’s objectives will center on creating criteria to aid organizations in assessing an information security product’s capabilities, functionality, effectiveness and support of security practices, and usefulness for HITRUST CSF compliance.
This criteria will be used to assess whether products or services can achieve CSF Ready status—a designation that will allow organizations to find out if a product or service does what it is supposed to do and meets CSF requirements.
HITRUST said it does not replace other information security certifications, but instead establishes an "alternative for organizations trying to streamline compliance costs while at the same time working to comply with the numerous evolving state and federal regulations and industry standards.”
It will do this, HITRUST said, by identifying and leveraging acceptable information security capabilities and those existing certifications that meet or exceed them. Products that have already obtained those certifications will, most likely, have an easier time getting the CSF Ready designation, and, by extension, products with CSF Ready status should be able to use that as a stepping stone to get other high security designations.
Click here for more information on the CSF Ready Program.