The Health Information Trust Alliance (HITRUST) has reported an expansion of the healthcare industry’s use of the CSF Assurance program in support of efforts to efficiently and effectively manage the third-party assurance process.
An increasing number of healthcare organizations will now require their business associates within the healthcare industry to obtain CSF Certification within the next 24 months. The CSF Assurance Program is already the most widely adopted assessment approach by healthcare organizations and business associates to evaluate and communicate their information privacy and security posture.
HITRUST said healthcare organizations are recognizing the increasing cyber threats and the significance of the role played by their business associates, and acknowledging the systemic risk that interconnected companies across the health industry pose.
Many healthcare organizations have been leveraging the HITRUST CSF Assurance program as part of their third-party assurance process. Historically, each organization has determined which aspects of the program they would utilize, ranging from accepting CSF Assessment reports to requiring a CSF Certification.
HITRUST said a growing number of healthcare organizations, including Anthem, Health Care Services Corp, Highmark, Humana, and UnitedHealth Group will now require their business associates to obtain CSF Certification as a means of demonstrating effective security and privacy practices aligned with the requirements of the health industry. This will require an additional 7,500 organizations that do not currently have a CSF Certification to do so with within the next 24 months.
“Teaming up with HITRUST has enabled us to provide athenahealth Marketplace partners with a third-party verification of security integrity, irrespective of their size,” said Kyle Armbrester, chief product officer, athenahealth. “This makes it easier for partners, particularly startups, to prove value, while assuring clients that information is secure.”
HITRUST, CSF Assurance program, US,