The latest version of a security framework for health care organizations will include new privacy controls which will help entities meet regulatory requirements, such as HIPAA.
In a Wednesday release, the Health Information Trust Alliance (HITRUST) announced that version 7 of its Common Security Framework (CSF) will be released later this month and “incorporate both privacy and security controls” for a fully integrated framework. “Organizations will have the option to obtain certification for privacy, security or both in order to choose the approach and pace most suited to their operational and compliance objectives,” HITRUST added.
Over 18 months, the HITRUST Privacy Working Group worked to update the CSF with specific privacy control categories, specifications and requirements by implementation level, and objectives for organizations. HITRUST, formed in 2007, has taken the lead in cyber attack readiness exercises called CyberRX, among other health care initiatives.