From: HealthIT Security
Author Name : Patrick Ouellette
The Health Information Trust Alliance (HITRUST) is telling healthcare organizations that they are still able to submit their recommendations to the HITRUST Cybersecurity Working Group in relation to the HITRUST Common Security Framework (CSF). But there is also more immediate guidance available from HTRUST for those looking to assess their healthcare cybersecurity capabilities.
Organizations are encouraged to provide opinions on cybersecurity controls, the associated risk factors, and any other suggestions or other appropriate guidance. The HITRUST working group is also responsible for coordinating the submission of HITRUST’s recommendations to the National Institute of Standards and Technology (NIST) per the Cybersecurity Framework outlined in the executive order. HITRUST will review the working group’s recommendations for updates to related CSF controls, but only after the NIST Cybersecurity Framework has been fully-formed.
As healthcare organizations look to assess and test their levels of cybersecurity, they can view HITRUST’s specific set of CSF controls that are related to cybersecurity. These organizations can also use the MyCSF assessment option for data collecting and reporting.
It looks as though organizational feedback is a big part of HITRUST being closer to a mature set of standards than when it sent out a release in December saying that it was still refining the CSF. When it was creating the initial set of cyber-related controls that are listed below, HITRUST considered healthcare industry breach data and external guidance on cybersecurity safeguards. In all, there are 135 CSF controls broken up into three main categories based on their threat-level significance:
(Download the CSF guidance PDF here.)
Leave a Reply