HITRUST adds privacy controls to security framework

The Health Information Trust Alliance (HITRUST) will include privacy controls in version seven of its Common Security Framework.

The privacy controls will make the framework the only one organizations need to rely on to manage their information privacy and security risk and compliance, according to an announcement.

"The new HITRUST CSF privacy domain facilitates an integrated approach to protect personal health information, aids in regulatory compliance, is consistent with healthcare industry trends, and enhances the current HITRUST CSF," Angela Holzworth, senior information risk analyst, Highmark Health and HITRUST Privacy Working Group Chairwoman, says.

The framework incorporates the Minimum Acceptable Risk Standards for Exchanges (MARS-E), additional guidance for cybersecurity and enhancements to risk factors and assurance methodology. Announcement

Suggested Articles

An assessment looking at 12 health systems that allow patients to download their health records to their smartphones via APIs finds modest uptake.

The National Institutes of Health-led All of Us precision medicine project has enrolled 230,000 participants with another 40,000 people registered.

Hospitals must pursue a deliberate strategy for managing their public image—and a powerful tool for doing so is inpatient clinical data registries.