HITRUST launches simplified security program for small healthcare organizations
HITRUST has made enhancements to its Common Security Framework, including a new CSF initiative aimed at helping smaller healthcare organizations with their risk management programs.
Officials said the move comes after HITRUST heard from smaller practices who were looking for ways to to meet regulatory requirements and bolster their own cybersecurity. The pilot program, called CSFBASICs – CSF Basic Assurance and Simple Institution Cybersecurity – was developed in collaboration with physicians as a way to offer lower-risk organizations simplified requirements and a streamlined assessment approach that is easier to understand and implement.
"I really don't know many small practices that can comply with all our regulatory obligations, including HIPAA," said J. Stefan Walker, MD, of Texas-based Corpus Christi Medical Associates, in a statement. "We generally don't have the staff or the expertise, nor can we hire consultants, to manage these programs on an ongoing basis."
The opportunity to pilot CSFBASICs – which is scheduled for general availability in Q3 2017 – has helped his five-physician practice do that, he said.
HITRUST has also made updates to its CSF and CSF Assurance Programs, officials said, broadening and enhancing their scope to keep pace with proliferating security threats.
"HITRUST is expanding the controls required for HITRUST CSF Certification, from 66 to no more than 75, to enhance its support for an organization's certification of compliance with the NIST Cybersecurity Framework," said Bryan Cline, vice president, standards and analytics, HITRUST. "CSF Certified organizations will be able to provide both HIPAA and NIST Cybersecurity Framework compliance scorecards based on a single CSF assessment, which are incorporated into the HITRUST CSF Assessment Report."
Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com