Advertisement
"The HITRUST CSF program is critical to effectively safeguardingelectronic health information," said Daniel S. Nutkis, CEO, HITRUST. "As itis a substantial and complicated undertaking, we are very fortunate to havesuch capable, respected and committed organizations participating as part ofour Drafting and Review Working Groups. I am amazed by the diversity andnumber of leading organizations with varying specialties participating in theHITRUST CSF program," Nutkis added.
Advertisement
"As one of HITRUST's founding organizations, I am very pleased to see thatso many leaders in the industry have chosen to join us and support thedevelopment of a common security framework," said Jonathan Roberts, SeniorVice President and Chief Information Officer, CVS Caremark. "We at CVSCaremark have known for some time that the creation of the common securityframework was a vital and missing component to effectively and efficientlyprotecting sensitive health information," Roberts added.
The HITRUST CSF is a comprehensive set of tools to aid organizations thatcreate, store, access or exchange electronic health, financial, and othersensitive information in protecting their information assets and managingrelated risks, costs and complexities. The HITRUST CSF is comprised of threecomponents -- an Information Security Implementation Manual, a Standards andRegulations Cross-Reference Matrix, and a Readiness Assessment Toolkit. TheInformation Security Implementation Manual is a certifiable, best-practicebased specification that scales according to the type, size, and complexity ofan organization to provide prescriptive implementation guidance.
"BearingPoint has dedicated significant resources to the development ofthe HITRUST CSF," said Dr. Ross Martin, director of Health InformationConvergence for the firm. "As a leading provider of risk, compliance andsecurity solutions, BearingPoint believes the development of a common securityframework is critical, not just for protecting electronic health information,but also in minimizing the costs and complexities associated with securingelectronic health information."
"The HITRUST CSF program is creating what has been lacking in thehealthcare industry, relating to information security guidance and clarity. Bybeing prescriptive, it removes the confusion, inconsistencies and variabilitythat have existed to date, in how organizations have implemented securitymeasures. Although it is a new specification, it has leveraged existing U.S.and internationally accepted security standards where available andappropriate," said G. Christopher Hall, Partner -- Security, AccentureTechnology Consulting.
"The availability of a comprehensive and prescriptive information securityimplementation manual, developed and agreed on by so many industry leaders,will establish a bar for appropriate information security measures in thehealthcare industry, and impact how we as a liability underwriter evaluate andwrite potential policies," said Paul Bantick, Senior Underwriter --Technology, Media & Business Service, Beazley Group plc.
"As an organization that recognizes the importance of electronic healthrecord, personal health record, and information exchanges to improving qualityand better management of medical expenses, we also recognize that a criticalcomponent to achieving their potential is confidence by business partners,regulators and consumers that safeguards are in place to protect sensitivehealth information," said Rob
