The Health Information Trust Alliance, commonly known as HITrust, a consortium of health plans, pharmacy benefit managers, information technology vendors and data-miners formed to address health IT security issues, has announced the formal launch of a two-tier health IT security and privacy certification program.
The HITrust CSF Assurance Program is based on compliance with the Common Security Framework, a platform for security certification developed by the consortium and released this spring.
Consultants serve as on-site compliance “certifiers” that work with so-called “covered entities” and their “business associates” as defined by the Health Insurance Portability and Accountability Act of 1996.
Organizations in full compliance with the Common Security Framework are deemed to be CSF-certified, while those in partial compliance but on a path toward full compliance may be designated as CSF-validated.
“A lot of the health plans (have) between 2,500 and 3,000 business associates,” said HITrust CEO Daniel Nutkis. The Common Security Framework is scalable, and certification is based on the risks applicable to an organization, Nutkis said, but achieving full certification is on a pass-fail basis, “an arduous process” than no organization, as yet, has passed since the framework was released in March.
