Navigation Links
HITRUST Confirms Release Date for First-Ever Common Security Framework for Electronic Health Information

Leaders From Healthcare, Professional Services, Information Security and

Liability Insurers Committed to Deliver a World-Class Framework

DALLAS, July 1 /PRNewswire/ -- The Health Information Trust Alliance (HITRUST) today announced that it is on target to deliver the first-ever Common Security Framework (CSF) by January 2009, thanks to the efforts of the leading health care organizations, professional services firms, information security specialists, liability insurers and other organizations that have joined together to actively participate in the HITRUST CSF program.

"The HITRUST CSF program is critical to effectively safeguarding electronic health information," said Daniel S. Nutkis, CEO, HITRUST. "As it is a substantial and complicated undertaking, we are very fortunate to have such capable, respected and committed organizations participating as part of our Drafting and Review Working Groups. I am amazed by the diversity and number of leading organizations with varying specialties participating in the HITRUST CSF program," Nutkis added.

"As one of HITRUST's founding organizations, I am very pleased to see that so many leaders in the industry have chosen to join us and support the development of a common security framework," said Jonathan Roberts, Senior Vice President and Chief Information Officer, CVS Caremark. "We at CVS Caremark have known for some time that the creation of the common security framework was a vital and missing component to effectively and efficiently protecting sensitive health information," Roberts added.

The HITRUST CSF is a comprehensive set of tools to aid organizations that create, store, access or exchange electronic health, financial, and other sensitive information in protecting their information assets and managing related risks, costs and complexities. The HITRUST CSF is comprised of three components -- an Information Security Implementation Manual, a Standards and Regulations Cross-Reference Matrix, and a Readiness Assessment Toolkit. The Information Security Implementation Manual is a certifiable, best-practice based specification that scales according to the type, size, and complexity of an organization to provide prescriptive implementation guidance.

"BearingPoint has dedicated significant resources to the development of the HITRUST CSF," said Dr. Ross Martin, director of Health Information Convergence for the firm. "As a leading provider of risk, compliance and security solutions, BearingPoint believes the development of a common security framework is critical, not just for protecting electronic health information, but also in minimizing the costs and complexities associated with securing electronic health information."

"The HITRUST CSF program is creating what has been lacking in the healthcare industry, relating to information security guidance and clarity. By being prescriptive, it removes the confusion, inconsistencies and variability that have existed to date, in how organizations have implemented security measures. Although it is a new specification, it has leveraged existing U.S. and internationally accepted security standards where available and appropriate," said G. Christopher Hall, Partner -- Security, Accenture Technology Consulting.

"The availability of a comprehensive and prescriptive information security implementation manual, developed and agreed on by so many industry leaders, will establish a bar for appropriate information security measures in the healthcare industry, and impact how we as a liability underwriter evaluate and write potential policies," said Paul Bantick, Senior Underwriter -- Technology, Media & Business Service, Beazley Group plc.

"As an organization that recognizes the importance of electronic health record, personal health record, and information exchanges to improving quality and better management of medical expenses, we also recognize that a critical component to achieving their potential is confidence by business partners, regulators and consumers that safeguards are in place to protect sensitive health information," said Robert Mandel, MD, MBA, Vice President, Health Care Services, Blue Cross Blue Shield of Massachusetts. "The HITRUST CSF allows organizations to better understand the appropriate safeguarding measures and communicate their efforts in a uniform manner to their partners," Mandel added.

The HITRUST Standards and Regulations Cross-Reference Matrix is a resource for organizations to understand how implementation of the HITRUST Information Security Implementation Manual relates to and addresses other standards, as well as legal, contractual and regulatory requirements. Organizations who are already certified to or have a mandate for other standards such as ISO 27001 can easily integrate this with their current framework. "I see the HITRUST CSF as an opportunity to bring some structure and consistency to the way information security is implemented in the U.S. healthcare industry," said John DiMaria, Product Manager -- Business Continuity and ITSM, BSI Management Systems of America. "Since the HITRUST Information Security Implementation Manual is prescriptive, it removes the multiple interpretations that have caused issues with inconsistent implementations and audits in the past," DiMaria added.

"As an information security professional in the healthcare industry, I have struggled to identify a practical strategy and approach that appropriately addresses risk, and which can be implemented and accepted by management, finance, internal and external auditors, and trading partners. The HITRUST CSF provides a consistent framework by which a healthcare organization can address security challenges," said Michael Frederick, Director -- Office of Information Security and Chief Information Security Officer, Baylor Health Care System.

"The development of the HITRUST CSF takes the healthcare industry a giant step forward in managing risk and protecting privacy. It also establishes a benchmark that can be applied to non-covered entities, such as those providing personal health records (PHRs) to consumers. The HITRUST CSF is crucial to address the concerns of patients, policymakers and others," said Dr. Larry Ponemon, Chairman and founder, Ponemon Institute.

The HITRUST Common Security Framework version 2009 will be available for license later this year. More information on the HITRUST CSF can be found on the company's website at or by calling (469)-587-2250.

About the HITRUST

The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. Security is critical to the broad adoption, utilization of and confidence in health information systems, medical technologies and electronic exchanges of health information. This, in turn, is critical to realizing the related promise of quality improvement and cost containment in America's healthcare system. HITRUST is collaborating with healthcare, business, technology, and information security leaders to establish a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. Beyond the establishment of the first-ever common security framework, HITRUST is also driving adoption and widespread confidence in the framework and sound risk management practices through awareness, education, advocacy and other outreach activities. For more information, visit

Media contact:

Mike Breslin

Hill & Knowlton (for HITRUST)


SOURCE Health Information Trust Alliance
Copyright©2008 PR Newswire.
All rights reserved

Related medicine news :

1. Air Methods Corporation Confirms Mid-Air Collision in Arizona
2. Pennsylvania Department of Health Confirms Fifth Salmonella Case Linked to National Outbreak
3. Perrigo Confirms Filing for Generic Version of VANOS(R)
4. Report confirms increased risk of smoking, substance abuse in bipolar adolescents
5. Study presented at DDW 2008 Confirms that New Device Significantly Improves Detection of Polyps in the Colon
6. Pennsylvania Department of Health Confirms Rabid Kitten Found in Adams County
7. ASCO Study Confirms Importance of Histology in Treatment of Non-Small Cell Lung Cancer With ALIMTA (pemetrexed for injection)
8. Air Methods Corporation Confirms Fatal Accident in Wisconsin
9. New Smoking Cessation Guideline Confirms That Now is the Time to Quit Smoking
10. Study by Texas A&M University-Corpus Christi Confirms Training With Vision Software Enhances Hitting Skills
11. Perrigo Confirms Patent Challenge of Monistat(R) 1 Combination Pack
Post Your Comments:
(Date:11/27/2015)... ... November 27, 2015 , ... ... Microsoft Dynamics SL User Group (MSDSLUG). Recognized as Microsoft’s official group for end ... Microsoft Dynamics SL software users, partners, industry experts and representatives. Intellitec Solutions’ membership ...
(Date:11/27/2015)... ... November 27, 2015 , ... The ... and prominent nonprofit healthcare organizations in the country. They have overseen financial turnarounds, ... and helped advance the healthcare industry as a whole through their advocacy and ...
(Date:11/26/2015)... Vegas, NV (PRWEB) , ... November 26, 2015 , ... ... shopping strategy. Many customers choose to buy during the Black Friday and Cyber ... gifts. Shoppers don’t need to search the Internet high and low to find the ...
(Date:11/26/2015)... ... November 26, 2015 , ... PRMA Plastic Surgery is updating their record books ... their 6,000th free flap breast reconstruction surgery! , “What an accomplishment for the PRMA ... rebuild lives and it’s an honor to have served all of these women.” , ...
(Date:11/25/2015)... OAK BROOK, Ill. (PRWEB) , ... November 25, ... ... sometimes larger and potentially more aggressive than those found on mammography, according to ... cases MRI findings of additional cancers not seen on mammography may necessitate a ...
Breaking Medicine News(10 mins):
(Date:11/26/2015)... DUBLIN , November 26, 2015 /PRNewswire/ ... the addition of the "2016 Future ... Drugs of Abuse Testing Market: Supplier Shares, ... report to their offering. --> ... of the "2016 Future Horizons and ...
(Date:11/26/2015)... Research and Markets ( ) has ... Market by Type (Dressings, Therapy Devices, Active Wound Care), ... Facility), and Geography - Global Forecast to 2020" ... --> The purpose of this report ... the global advanced wound care market. It involves deep ...
(Date:11/26/2015)... , November 26, 2015 /PRNewswire/ ... --> adds "Global ... and "Investigation Report on China Repaglinide ... 2021 forecasts data and information to ... . --> ...
Breaking Medicine Technology: