New Guidance Designed to Bring Structure, Detail, and Clarity to Healthcare Information Security

Article

The Common Security Framework, a Web-based set of principles that will help companies abide by federal, private, and security standards in the use of EHR and related data, was unveiled Monday.

The Common Security Framework, a Web-based set of principles that will help companies abide by federal, private, and security standards in the use of electronic health records (EHR) and related data, was unveiled Monday by a group of more than 50 participating health industry companies.

Randall Spratt, CIO and executive vice president of McKesson, said that the new approach, created by the Health Information Trust Alliance, also known as HITRUST, will “accelerate adoption of new technologies to improve health-care safety and efficiency, while safeguarding patient privacy.”

Supporters of the new framework said that the program can be used by both small and large health corporations to routinely put information technology (IT) security programs in place and that it will also allow participating groups to keep up to date with industry best practices.

“Until now, the lack of widely accepted information security standards has kept many providers on the healthcare IT sidelines,” Spratt said.

The new framework is also intended to help participants improve already-existing internal IT security systems. Those who use the program will be able to stay alert for possible security breaches and unauthorized use of private information. The HITRUST Alliance has been under development for about two years, initiated from concerns from large corporations that an overhaul of health care data was needed to protect and ensure security and privacy. In addition, according to the article, fears that smaller corporations would be unknowledgeable or unable to move forward also spurred the alliance. According to the Health Information Trust, the Common Security Framework:

- Leverages existing, globally recognized standards

- Scales according to type, size and complexity of an implementing organization

- Provides prescriptive requirements to ensure clarity

- Follows a risk-based approach offering multiple levels of implementation requirements determined by risks and thresholds

- Allows for the adoption of alternate controls when necessary

- Evolves according to user input and changing conditions in the healthcare industry and regulatory environment

Related Videos
Related Content
Alexandra Sinclair, MBChB, PhD

GLP-1 Receptor Agonists Could Find Additional Role for Headache Relief

March 14th 2023
Article
Helping Your Patients Avoid the Migraine Trigger Trap

Helping Your Patients Avoid the Migraine Trigger Trap

November 24th 2021
Article
Lifestyle Change for Migraine Management: Practical Tips for the Neurologist and PCP, Part 2

Lifestyle Change for Migraine Management: Practical Tips for the Neurologist and PCP, Part 2

August 23rd 2021
Article
Lifestyle Change for Migraine Management: Practical Tips for the Neurologist and PCP, Part 1

Lifestyle Change for Migraine Management: Practical Tips for the Neurologist and PCP, Part 1

August 2nd 2021
Article
Migraines Linked to IBS, Peptic Ulcers

Migraines Linked to IBS, Peptic Ulcers

July 27th 2021
Article
New Migraine Treatment Prevents Pain Progression

New Migraine Treatment Prevents Pain Progression

April 10th 2020
Article
© 2024 MJH Life Sciences

All rights reserved.