HITRUST to update security framework
The Health Information Trust (HITRUST) Alliance will release updates on Dec. 16 to the HITRUST Common Security Framework (CSF), which will incorporate additional and revised security requirements as well as recognition of new technologies and security practices.
Introduced in early 2009 and now in its third version, the CSF was developed in collaboration with healthcare, professional services and IT organizations. The framework incorporates existing security requirements, including federal, state, third-party and other government agencies, according to HITRUST, based in Frisco, Texas.
The framework includes new and ongoing security requirements by interpreting emerging risks and changing standards so that organizations can focus their attention and resources on remediation efforts and other critical security initiatives, the alliance stated.
The CSF is also the foundation of the HITRUST CSF Assurance program for measuring third party information security assurance in the healthcare industry.
Updates to the CSF for 2011 incorporate feedback and best practices from the healthcare industry, including input from organizations that have already adopted the CSF. Enhancements include updates to the CSF requirements and mappings and the integration of the recently released Centers for Medicare & Medicaid Services (CMS) Information Security Acceptable Risk Safeguards (ARS) as an authoritative source.
The CSF is available through HITRUST Central, free to healthcare organizations and their business associates.
Introduced in early 2009 and now in its third version, the CSF was developed in collaboration with healthcare, professional services and IT organizations. The framework incorporates existing security requirements, including federal, state, third-party and other government agencies, according to HITRUST, based in Frisco, Texas.
The framework includes new and ongoing security requirements by interpreting emerging risks and changing standards so that organizations can focus their attention and resources on remediation efforts and other critical security initiatives, the alliance stated.
The CSF is also the foundation of the HITRUST CSF Assurance program for measuring third party information security assurance in the healthcare industry.
Updates to the CSF for 2011 incorporate feedback and best practices from the healthcare industry, including input from organizations that have already adopted the CSF. Enhancements include updates to the CSF requirements and mappings and the integration of the recently released Centers for Medicare & Medicaid Services (CMS) Information Security Acceptable Risk Safeguards (ARS) as an authoritative source.
The CSF is available through HITRUST Central, free to healthcare organizations and their business associates.