WellPoint First in Industry to Accept HITRUST CSF Assessment Results as Assurance for Health Care Information Security

INDIANAPOLIS, May 28 /PRNewswire-FirstCall/ -- WellPoint, Inc. (NYSE: WLP), the nation's largest health insurer by medical membership, announced today it will accept the results of HITRUST Common Security Framework (CSF) assessments as a way to evaluate and verify its business partners' capabilities for protecting health information.

WellPoint is the first health benefits company to accept the results of HITRUST CSF assessments from its business partners as evidence that they have the necessary controls in place to effectively manage information security risks within their environment. Organizations undergoing assessments through the HITRUST CSF Assurance program can choose to become either CSF Validated or CSF Certified, both of which leverage the same processes, tools and requirements, but offer different degrees of assurance.

"HITRUST certification and assurance programs allow WellPoint to ensure the companies with which we partner and exchange protected health information meet specific requirements for information security, and that they have standardized assessment and reporting processes," said Roy R. Mellinger, vice president, IT Security, and Chief Information Security Officer for WellPoint.

"We are responsible for the security and privacy of health information belonging to more than 33 million Americans who have entrusted their information to us. We take this responsibility very seriously, and we ask the same of our business partners," Mellinger continued.

About WellPoint, Inc.

WellPoint works to simplify the connection between Health, Care and Value. We help to improve the health of our communities, deliver better care to members, and provide greater value to our customers and shareholders. WellPoint is the nation's largest health benefits company, with more than 33 million members in its affiliated health plans. As an independent licensee of the Blue Cross and Blue Shield Association, WellPoint serves members as the Blue Cross licensee for California; the Blue Cross and Blue Shield licensee for Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri (excluding 30 counties in the Kansas City area), Nevada, New Hampshire, New York (as the Blue Cross Blue Shield licensee in 10 New York City metropolitan and surrounding counties and as the Blue Cross or Blue Cross Blue Shield licensee in selected upstate counties only), Ohio, Virginia (excluding the Northern Virginia suburbs of Washington, D.C.), and Wisconsin. In a majority of these service areas, WellPoint does business as Anthem Blue Cross, Anthem Blue Cross and Blue Shield or Empire Blue Cross Blue Shield (in the New York service areas). WellPoint also serves customers throughout the country as UniCare. Additional information about WellPoint is available at www.wellpoint.com.


The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the Common Security Framework (CSF), a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. Beyond the establishment of the CSF, HITRUST is also driving adoption and widespread confidence in the framework and sound risk management practices through education, advocacy and other outreach activities. For more information, visit www.HITRUSTalliance.net.

SOURCE WellPoint, Inc.