HITRUST Updates Security Framework
The Health Information Trust Alliance has enhanced its HITRUST Common Security Framework for protecting health information to reflect the impact of the HITECH Act.The 2010 version of the framework adds certification control requirements to protect against Web application vulnerabilities, improve password strength and management and manage electronic media and hard copy destruction in accordance with the guidance in the HITECH Act. The framework also includes improved tools and templates for applying it at a variety of organizations.
Introduced in 2009, the framework incorporates existing security requirements of healthcare organizations. Those include federal (HIPAA, HITECH), state, third-party (PCI and COBIT) and other government agencies (NIST, FTC, CMS). It's available at hitrustcentral.net.
The framework is a component of the HITRUST CSF Assurance program, which provides healthcare organizations and their business associates with a common approach to managing security assessments and reporting their results.