From: iHealthBeat
CVS Caremark and five health insurers will require their business associates to participate in a program established by the Health Information Trust Alliance to measure the security of their information systems, Modern Healthcare reports.
Background
HITRUST was formed in 2007 by a coalition of payers, providers and technology companies. The organization developed its security-assessment effort — called the Common Security Framework Assurance Program — to guide health information security best practices (Conn, Modern Healthcare, 5/8).
According to HITRUST, business associates with inadequate security practices can increase the risk that a health care organization will experience a data breach.
An earlier HITRUST analysis of health data breaches between 2009 and 2012 found that:
- 21% of the breaches involved business associates; and
- Of the total patient records exposed, 58% stemmed from breaches involving business associates.
Details of Collaboration
Several health care organizations accept Common Security Framework assessment reports from their business associates but do not require them (HITRUST release, 5/8).
However, the new requirement to participate in HITRUST’s Common Security Framework Assurance Program will affect business associates of:
- CVS Caremark;
- Health Care Services;
- Highmark;
- Humana;
- UnitedHealth Group; and
- WellPoint (Modern Healthcare, 5/8).
Leave a Reply