Participants in the Common Security Framework Assurance Program analyze their own security systems against the risk-management oversight and assessment methodology created by HITRUST.
Based in Frisco, Texas, HITRUST was founded in 2007 by a coalition of payers, providers and technology companies. Its Common Security Framework Assurance Program aims to guide healthcare organizations in health information security best practices. CVS Caremark, Highmark and Humana were among the eight co-founders of HITRUST.
According to a HITRUST analysis of healthcare breach data, 21% of breaches involved business associates of healthcare organizations, but those also tended to be the larger ones, noting they accounted for 58% of the records breached.
Having a trusted, outside organization participate in the security risk assessment process for both primary healthcare organizations and their business associates promotes efficiency, according to Roy Mellinger, vice president of information technology security and chief information security officer for WellPoint.
“We accept the CSF assessment reports from our business partners as well as maintain the capability to support our own approach to conducting third party risk assessments,” Mellinger said in the news release. “Unfortunately, we've found that managing and coordinating two separate approaches adds costs and inefficiencies for us and our partners. What we need is a single integrated approach—such as provided by a CSF assessment, which we can achieve with the right leadership to help coordinate and advance adoption across the healthcare industry, covered entities and business associates alike.”
Follow Joseph Conn on Twitter: @MHJConn