HITRUST to seek government certification authority

TalkBack 1 of 2:

Next »

• Thread View
• Flat View

HITRUST - More Than Another System Certification

Thank you, Dana, for helping bring clarity to these important issues. HITRUST believes that establishing trust in our healthcare system is critical for the successful adoption of electronic health records and other health information systems. Toward this end there is a need for many different types of certifications and standards - supported by recent HHS statements and press recognition - and HITRUST wishes to clarify a few points attributed in your recent post.

As you point out, the HITRUST Common Security Framework (CSF) addresses the need for a broader level of security certification - for the organization as a whole (people, processes, policies) and not just the systems (technology) where organizations such as CCHIT predominantly address. In fact, these two approaches support each other: an organization can adopt a CCHIT certified system meeting their security requirements, but if the application, underlying database or operating system aren?t appropriately configured, the system is left exposed and vulnerable. This is one of the areas that the HITRUST CSF addresses.

HITRUST is committed to providing a framework that is flexible enough to meet the requirements of whatever the federal government deems to be appropriate under the ?privacy and security requirements of meaningful use," as well as other federal and state regulations governing the protection of health information applicable to healthcare organizations.

By adopting a single security framework, healthcare organizations can move away from redundant audits and gain the guidance they need now to protect their systems in a consistent and efficient manner - while ensuring compliance with evolving regulations.

My comments around seeking government support related specifically to providing some assurances and safe harbor for those organizations proactively adopting the HITRUST CSF as a means of safeguarding health information. The role of HITRUST is not to certify health information systems.

We are thrilled that the HITRUST CSF has become the defacto-standard for the protection of health information and addresses this critical need of a single assessment and overarching certification, and we welcome further discussion with you, your readers and government.

Posted by: Dan Nutkis, HITRUST   Posted on: 07/25/09  (Edited: 07/25/2009 @ 01:04) You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the costs of maintain ever larger data centers?or building ... Download Now
• Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
• The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now