[BreachExchange] How HITRUST Gives Healthcare Organization Executives An Inherent Advantage

Audrey McNeil audrey at riskbasedsecurity.com
Fri Oct 6 15:46:02 EDT 2017


https://www.healthitoutcomes.com/doc/how-hitrust-gives-
healthcare-organization-executives-an-inherent-advantage-0001

Because healthcare organizations have a great deal of patients’ personal
information, including credit card data, insurance details, and sensitive
medical information, they are an appealing target for hackers. Hospital
data breaches accounted for 34.5-percent of a record-high 1,093 total
breaches in 2016. A data breach would put patients at risk for identity
theft and ransom – something no executive wants for their organization.

Recovering from a data breach means minimizing the negative effects of the
breach, reevaluating and changing security protocols, and rebuilding trust.
It’s much more effective – and safer for patients – to make sure data is
secure before a hacking attempt, so the company can avoid this problem in
the first place.

That’s why Health Information Trust (HITRUST) is the source for health
information systems protection. The HITRUST Common Security Framework (CSF)
offers proven protection to help organizations efficiently follow HIPAA
security requirements. It allows them to painlessly transition to new
protocols, while keeping practices consistent across the board.

A company can do everything right as an organization – but what about their
vendors? From the software companies that do the billing, to the companies
that sell the equipment, requiring them all to be HITRUST certified will
help protect patient info.

The CSF can be scaled for any organization, no matter how large or small,
and can be customized as needs change over time. This level of flexibility
allows executives to make any changes they see fit for their organization,
without worrying that security protocols will hold them back.

Holding healthcare vendor organizations to a higher standard benefits
everyone, from patients to executives. While making business decisions for
an organization, it’s important to plan for a future that includes data
security and patient trust. This higher standard also adds credibility to
an institution, allowing partners to feel confident in future business
arrangements.

Once a company’s vendors achieve HITRUST certification, it will be possible
to showcase a commitment to security and allow people to feel safer in
trusting the organization.

The best time to start is now. Work with an independent CSF assessor to
help evaluate the organization’s level of compliance and make the
transition as easy as possible.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171006/950528d6/attachment.html>


More information about the BreachExchange mailing list