HITRUST adds privacy controls to security framework

The Health Information Trust Alliance (HITRUST) will include privacy controls in version seven of its Common Security Framework.

The privacy controls will make the framework the only one organizations need to rely on to manage their information privacy and security risk and compliance, according to an announcement.

"The new HITRUST CSF privacy domain facilitates an integrated approach to protect personal health information, aids in regulatory compliance, is consistent with healthcare industry trends, and enhances the current HITRUST CSF," Angela Holzworth, senior information risk analyst, Highmark Health and HITRUST Privacy Working Group Chairwoman, says.

The framework incorporates the Minimum Acceptable Risk Standards for Exchanges (MARS-E), additional guidance for cybersecurity and enhancements to risk factors and assurance methodology. Announcement