Insurers to Business Associates: Standardize Security Best Practices
HITRUST, a health industry consortium best known for developing the Common Security Framework of best practices, now has several of its members that will require business associates to follow the framework and document compliance with it.
HITRUST, a health industry consortium best known for developing the Common Security Framework of best practices, now has several of its members that will require business associates to follow the framework and document compliance with it.
In a report released in December 2012, the consortium estimated that business associates are implicated in 21 percent of protected health information breaches, accounting for 58 percent of breached records. Now, benefit plans CVS Caremark, Health Care Services Corp., Highmark, Humana, UnitedHealth Group and WellPoint will require business associates to adopt the CSF best practices and submit assessment reports demonstrating compliance.
WellPoint presently accepts CSF assessment reports from BAs and has its own approaches to conducting third party risk assessments, says Roy Mellinger, chief information security officer. Now, it is looking for a single process via a CSF assessment that it will mandate.
Standardizing on the CSF assessment reports would help many business associates, who annually receive hundreds of requests from business partners for documentation to ensure compliance with the HIPAA privacy, security and breach rules. Claims clearinghouse Availity supports the CSF approach to reduce the number of non-standard assessments it must conduct, says Trent Gavazzi, chief technology officer.
HITRUST recently issued guidance on how best to use the Common Security Framework to assess an organization’s cybersecurity preparedness.
In a report released in December 2012, the consortium estimated that business associates are implicated in 21 percent of protected health information breaches, accounting for 58 percent of breached records. Now, benefit plans CVS Caremark, Health Care Services Corp., Highmark, Humana, UnitedHealth Group and WellPoint will require business associates to adopt the CSF best practices and submit assessment reports demonstrating compliance.
WellPoint presently accepts CSF assessment reports from BAs and has its own approaches to conducting third party risk assessments, says Roy Mellinger, chief information security officer. Now, it is looking for a single process via a CSF assessment that it will mandate.
Standardizing on the CSF assessment reports would help many business associates, who annually receive hundreds of requests from business partners for documentation to ensure compliance with the HIPAA privacy, security and breach rules. Claims clearinghouse Availity supports the CSF approach to reduce the number of non-standard assessments it must conduct, says Trent Gavazzi, chief technology officer.
HITRUST recently issued guidance on how best to use the Common Security Framework to assess an organization’s cybersecurity preparedness.
More for you
Loading data for hdm_tax_topic #reducing-cost...