Addition of Privacy Controls will Create an Integrated Privacy and
With the expectation that more reliance will continue to be placed on electronic health records (EHRs) and on interoperable health information exchanges (HIEs) to improve patient care, minimize errors, reduce disparities, control costs and support public health initiatives, HITRUST believes the healthcare industry must be equipped to protect patient privacy while supporting the flow of health data in a way that benefits individuals and society.
Developed by the
“From the beginning, HITRUST has been committed to ensuring the CSF remains relevant and current to the needs of the healthcare industry and organizations utilizing it; privacy was always a component of the initial vision,” said
By incorporating privacy controls, the benefits of adopting the CSF become even greater by providing organizations with a more comprehensive and flexible framework for managing their security programs and reducing the burden of compliance with all the requirements that apply to healthcare organizations. The newly integrated framework will incorporate both privacy and security controls, but organizations will be able to choose if they wish to obtain certification against the privacy requirements, security or both, allowing them to pursue the approach and pace best suited to their needs.
“Given the multitude of federal and state regulations with privacy and security requirements, having a fully integrated privacy and security framework provides both privacy and security professionals advantages over disparate approaches,” said