Leading healthcare organizations will soon be requiring their business associates to participate in the HITRUST Common Security Framework (CSF) Assurance Program and submit CSF assessment reports as part of their information protection programs.
According to a HITRUST analysis of U.S. healthcare data breaches, business associates accounted for 58 percent of the records breached, and they were implicated in 21 percent of the breaches. Additionally, business associates and suppliers struggle with the need to address a multitude of assessment processes utilized by the many healthcare organizations they service, which introduces significant complexities and inefficiencies that can impact the effectiveness of a security program. These redundant assessment processes also increase costs for covered entities, their business associates and the healthcare system as a whole.
As a result, five major health insurance carriers and drugstore chain CVS announced earlier this month that they now require their business associates to participate in the HITRUST security program. HITRUST is an integrated security framework that includes regulations and standards from HIPAA, NIST, ISO, PCI, FTC and COBIT.
Get Real Health applauds this effort to increase the adoption of the HITRUST standard. According to Get Real Health CTO Jason Harmon, “HITRUST is a huge improvement over earlier data protection standards which were developed primarily for financial data. It is comprehensive and specific to personal health data and offers clear and appropriately rigorous guidance on how to effectively protect private health information.”
Get Real Health’s InstantPHR™ SaaS offering has been HITRUST certified since November 2012. “It was an honor to be selected by Get Real to conduct their CSF certification, and it was easy to work with an organization that appreciates the value of security. Get Real has established executive commitment to ensure their product is exceeding industry best practices and their clients are provided with the necessary confidence with this recognized certification,” said Nancy Spizzo, Managing Director Healthcare and Risk Assurance at Fortrex Technologies.
“We believe patients and clinicians will be more willing to exchange relevant patient health information if effective privacy and security safeguards are in place,” said CEO Mark Heaney. “Seeing the HITRUST certification should give healthcare organizations and consumers extremely high levels of confidence that certified vendors, like us, are adhering to the absolute highest levels of data security and privacy protections.