HITRUST – A Common Information Security Framework for the Health Care Industry
20 November, 2008
Transcendent Group is participating and provide feedback to the Health Information Trust Alliance (HITRUST) information security framework. HITRUST is an outstanding framework that combines well accepted security standards such as the ISO27000-series, ISO27799, NIST, COBIT and regulatory or other external requirements such as SOX, HIPAA and PCI.
HITRUST is collaborating with healthcare, business, technology and information security leaders to establish a certifiable framework that can be used by any and all organizations that create, access, store or exchange sensitive health and financial information. Beyond the establishment of the first-ever Common Security Framework, HITRUST is also driving adoption and widespread confidence in the framework and sound risk management practices through awareness, education, advocacy and other outreach activities.
The CSF is compromised of three components:
- The Information Security Implementation Manual: A certifiable, best practice-based specification that includes required sound security governance practices (e.g., organization, policies, etc.) and sound security controls practices (e.g., people, process, technology) that scales according to type, size and complexity of organization to provide prescriptive implementation guidance.
- The Standards and Regulations Cross-Reference Matrix: A tool to help reconcile the framework to common and different aspects of general adopted standards
- The Readiness Assessment Toolkit: A toolkit that enables assessment (self or third party) and scoring of and organization’s information security environment against the Information Security Implementation Manual.
Our analysis at this point is that the framework is very comprehensive and will be an excellent tool for healthcare organizations in the US.