Formed in late 2007, the group is based in Frisco, Texas, comprises 155 entities and includes national hospital chains like HCA and insurance firms like Humana. Last month, it released a draft outline of its proposed security framework, and, according to its Web site, will make the 2009 HITRUST Common Security Framework (CSF) available starting in January.
The CSF includes three components, starting with Hitrust's Information Security Implementation Manual, which is founded on the ISO/IEC 27001:2005 and ISO/IEC 27002:2005 standards for information management and a code of practice, and includes the implementation aspects for a range of the industry's major standards and certifications, including ISO/IEC 27799 health informatics, the NIST SP 800 series, HIPAA, COBIT 4.1, PCI DSS Version 1.1 and 21CFR Part 11.
The second piece is a Standards and Regulations Cross-Reference Matrix, which syncs up the details of many of those standards and certifications. Third is the Readiness Assessment Toolkit, a tool for health-care providers to test their own security practices against what the CSF lays out in the manual. Single entity licenses are priced at $8,500 and enterprisewide licenses (up to 25 partially owned and controlled affiliates) at $31,000. Hitrust will also offer an XML version.
Hitrust highlights three particular areas the group says aren't adequately addressed by current specifications:
-- How do we address access for shared workstations in common areas?
-- To what degree is the industry using automated tools for user registration and termination?
-- Is two-factor authentication required for remote access to my network by physicians? Are other organizations maintaining this standard?
Organizations involved in Hitrust would see significant cost savings if Hitrust's certification is adopted. Having one certification to work from would relieve them of time and resources devoted to working around numerous organization-specific security practices.
"Every time [doctors] say, 'The place across the street doesn't make me do this,' it puts pressure on us," Michael Frederick, information security officer for Baylor Health Care System, told The Wall Street Journal.
Watch for more from the Hitrust camp in the coming months.
- Juniper Honors 12 Americas Partners
- Facebook And Four More Web Sites We Love To Hate
- Cisco Honors Top Partners During 2010 Partner Summit
- HP Salutes Top Partners At APC 2010 Award Show
- Upclose And Personal With AMD And friends
- Will Oracle's Phillips' Affair Revelation Be A Distraction?
- Apple, Microsoft Unlikely Allies Against Google
- HP-Microsoft Cloud Partnership Needs To Show Us The Goods
- Blog: It's Time For A Cybercrime Public Service Announcement
- Nortel Sell-Off Continues: Ethernet Business To Ciena?
- Want To Deploy Exchange 2007 SP2 In A Server 2008 R2 Domain? Sorry
- Apple Improves iTunes 9 With Syncing, Visual Enhancements
- Oracle Ad Refutes Sun Hardware Fears
- U.S. Copyright Chief Rips Google Book Deal In Testimony
- Apple Slashes iPod Price Tags
- Price Is Right? Asus To Launch Low-Cost E-Reader
- Microsoft Xbox 360 Consoles Fail More Often Than Wii, PS3
- Privacy Group To Congress: Stop Online Advertisers In Their Tracks
- Microsoft, Intel Tout Their Collaboration On Windows 7
- Tech Data Adds Integration Services With New Center
| • |
| • |
| • |
| • |
| • |
| • |
| • |
|
|
