HITRUST Certification is Key: Every Day is Cybersecurity Day for Healthcare IT11.01.2017
While October was National Cybersecurity Month, increasing security measures is something healthcare IT teams need to focus on every day. A main focus to protect against security breaches is the number of data sources on a network and the number of people, inside and outside the organization, who have access to the network.
Every time a disparate data source is added or removed from a network there is an increased chance of a security breach, according to a recent Healthcare IT News article.
The article suggests tips that urge healthcare systems to: maintain an accurate inventory of hardware, software and data flow; enable visibility into these systems through audit trails that track who is accessing them and when that access is occurring, and of course, inventory all data stored on them.
It makes sense. The more doors and windows to a network create more opportunities for hackers to gain entrance. Besides the systems themselves, it is critical to protect and monitor vendor access to the network and ensure that any outside company has up to date security measures in place.
Most hospitals require a Business Associate Agreement (BAA) that vendors are required to sign prior to doing business. Recent changes to many BAA’s now include a provision that states: If a subcontractor or business associate errs and data becomes compromised, they can be sued directly. In a recent article in HealthIT Security, the status of government penalties against healthcare breaches now are focusing on organizations that are very knowingly carrying these risks and just not making an attempt or any effort at all to mitigate their risk and uphold their responsibilities.
EHR vendors are at the top of the IT technology vendor food chain and are expected to employ robust security protocols. Yet, not all EHR products or security protocols are created equal.
HITRUST ensures vendors have adequate IT security measures
The HITRUST Assessment Exchange, a third-party security organization, is the most widely adopted security framework and certification program in healthcare. It was created to integrate with, and not replace, an organization’s existing vendor risk management system, allowing specific vendors and assessments to be assigned to the HITRUST Assessment Exchange and to receive the HITRUST CSF Assessment report in a fully consumable format – eliminating the manual posting of key assessment details. This certification and standard reporting protocol ensures an apples to apples comparison among vendors and eases the burden of security fact checking by the requesting healthcare organization.
HITRUST certification is not only for large healthcare systems, recently the group released a cybersecurity framework, which will assist smaller healthcare organizations create stronger risk management programs, cybersecurity measures, and help them achieve NIST Cybersecurity Framework (NIST CSF) certification, which is from the National Institute of Standard and Technology as well as HITRUST certification.
For more information about the HITRUST Alliance, visit their website.
Are you ready to take a close look at all the doors and windows (disparate systems and legacy data sources) that are hanging on your network? Our team provides secure, cost-effective solutions to help you safely retire legacy software and minimize the number of locations data exists on your network.
Harmony Healthcare IT can guide your organization through the legacy EHR and/or ERP streamlining process and give your organization something to celebrate.