NetSPI Forms HITRUST SIG

Minneapolis, May 4, 2010 — NetSPI, the information-security consulting firm, announced the organization of a Special Interest Group (SIG) dealing with adoption of the Common Security Framework (CSF), developed by the HITRUST Alliance for information security in the healthcare industry.

The HITRUST Alliance came into being in response to the often-confusing array of security mandates, guidelines and rules that affect healthcare providers, pharmacies, payers, service providers and other organizations affected by healthcare regulatory requirements. In addition to well-known federal laws such as HIPAA and HITECH, there are additional organizations, regulations and standards that impact the healthcare industry, such as:

• Centers for Medicare & Medicaid Services (CMS)
• Healthcare for Information Technology Standards Panel (HITSP)
• Healthcare Information and Management Systems Society (HIMSS)
• Electronic Healthcare Network Accreditation Commission (EHNAC)
• Genetic Information Nondiscrimination Act (GINA)
• Department of Health and Human Services (HHS)
• Individual State Requirements

Furthermore, there are also industry mandates such as PCI-DSS, which affect organizations that accept credit or debit cards in payment, which almost all healthcare organizations do.

Some of these standards are more general, while others are quite prescriptive. The HITRUST Alliance has developed what it calls the Common Security Framework, or CSF, which is based largely on the ISO 27000 series of standards. The framework is meant to aggregate, reconcile, and map these multiple standards, so that organizations can reference a single source of security controls that would satisfy multiple regulatory requirements. Additionally, HITRUST has created a certification program by which organizations can attest to meeting the current healthcare industry-accepted minimum level of security.

In order to help organizations that are affected by healthcare regulations better evaluate and begin implementing the HITRUST CSF, NetSPI has formed a Special Interest Group (SIG) attended by several leading healthcare organizations and service providers in the Twin Cities. In the group's monthly meetings, members explore different topics dealing with regulatory compliance, privacy or security, and evaluate how the CSF can be used to further the member organizations' Information Security Management Programs. The informal structure of the meetings is designed to support the sharing of knowledge and experiences, as well as to encourage collaborating on possible solutions to complex problems.

"This is a very dynamic and interactive forum," said Yan Kravchenko, Security Team Lead for NetSPI and the facilitator of the group's meetings. "There is no substitute for face-to-face exchanges and learning from your peers who are facing the same challenges."

More information about the next SIG meeting can be obtained at: http://hitrustsigmn.web.officelive.com/

Attendance at the meetings is free of charge.

About NetSPI (www.netspi.com)

NetSPI is a privately held information-security consulting company founded in 2001. By using its consulting team's deep security knowledge and its CorrelatedVM vulnerability management & reporting solution, the company is a trusted advisor to large enterprises. NetSPI provides a range of assessment and advisory services designed to analyze and mitigate risks and ensure compliance with relevant regulations and industry standards. Clients include large financial services firms, retailers, healthcare organizations and technology companies. More information is available at www.netspi.com.