HITRUST

Recent headlines regarding security breaches at major healthcare companies have only stressed the need for companies to work harder at securing their environments. One way for companies to measure their programs effectiveness is through audited compliance with established security frameworks. Popular frameworks in one form or another, such as those from NIST and ISO, are the foundation of many security programs. But this choice of different frameworks, or the customization of one, has created a problem when companies try to compare their programs with business associate companies for compliance.

Currently in the healthcare industry there is no standard security framework. What this means is that companies that have selected a framework to follow and look to validate vendors and business associates (BA) against that standard for compliance are creating a burdensome environment. Vendors find themselves responding to long questionnaires and providing large amounts of documentation as auditors try to find the similarities between programs. This is an inefficient process and keeps many people busy in the audit process in lieu of working on other security initiatives.

One organization, HITRUST, is looking to become the healthcare industry standard security framework. Based primarily on the ISO international standard with a melding of the best of all the frameworks, and healthcare security as the focal point, they hope to give healthcare companies a standard that we can all agree on. Third party attestations of compliance would streamline the company to company audit process significantly. MRIoA is taking a serious deep dive evaluation of HITRUST compliance. Our hope is that an industry standard can be established someday for the betterment of healthcare security and the efficiencies in the audit process it would provide. I would love you hear your feedback on HITRUST and if your respective company is considering it. Please email me your thoughts at don.murphy@mrioa.com.

Don Murphy, Jr. MS, CISSP
Vice President, Information Technology

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Leave a Reply

SALES INQUIRIES

JOIN OUR PANEL

HITRUST

Related Posts

Medical Review Institute of America (MRIoA) Sponsors AMCP 2023

MRIoA Washington Insider Webinar

Medical Review Institute Of America (MRIoA) Wishes You And Your Family A Happy, Healthy and Joyful 2022 Holiday Season!

Author Steve Low

Leave a Reply

SALES INQUIRIES

JOIN OUR PANEL