HITRUST/Healthcare Advisory Services

The landscape of information security in healthcare can be very confusing. There are federal laws such as HIPAA and HITECH. Then there is the PCI standard imposed by financial institutions on any organization that takes credit or debit cards as payment. Some of these standards are more general, while others are quite prescriptive. Some have the power of law, while others are private initiatives that are gaining governmental blessing.

To make matters more confusing, there are frequent changes to these standards. The FTC, for instance, has issued new “Red Flags Rules” concerning how organizations should identify, prevent, and respond to activities (red flags) that could indicate identity theft.

The HITRUST Alliance has brought a number of existing standards into the ISO-based Common Security Framework, or CSF, as a systematic way for organizations to deal with these various requirements. NetSPI can help organizations comply with HIPAA regulations, and to use the CSF to find their way through the maze of healthcare information security.

The HITRUST Alliance, a consortium of healthcare, business, technology and information security leaders, has established the Common Security Framework (CSF), a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. The CSF harmonizes the requirements of existing standards and regulations, including federal (HIPAA, HITECH), third party (PCI, COBIT) and government (NIST, FTC). The CSF provides healthcare organizations with the structure, detail, and clarity they need to deal effectively with information security. NetSPI offers practical, step-by-step assistance in using the CSF.

A HIPAA gap analysis compares current practices and methodologies against HIPAA requirements in four areas: Administrative, Technical, Physical, and Documentation. The gap analysis establishes the benchmark for the subsequent mandated risk analysis.