HITRUST Updates Security Framework

The Health Information Trust Alliance has enhanced its HITRUST Common Security Framework for protecting health information to reflect the impact of the HITECH Act.

The 2010 version of the framework adds certification control requirements to protect against Web application vulnerabilities, improve password strength and management and manage electronic media and hard copy destruction in accordance with the guidance in the HITECH Act. The framework also includes improved tools and templates for applying it at a variety of organizations.

Introduced in 2009, the framework incorporates existing security requirements of healthcare organizations. Those include federal (HIPAA, HITECH), state, third-party (PCI and COBIT) and other government agencies (NIST, FTC, CMS). It's available at hitrustcentral.net.

The framework is a component of the HITRUST CSF Assurance program, which provides healthcare organizations and their business associates with a common approach to managing security assessments and reporting their results.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.