HITRUST Common Security Framework

HITRUST
believes that a common security framework for use by all organizations
that create, access, store, or exchange personal health information is
necessary to advance the goals of health information technology.
Standardizing a higher level of security will build greater trust in
the electronic flow of information through the healthcare system.

The HITRUST common security framework will be comprehensive, leveraging
existing industry standards and best practices where appropriate. The
framework also will be flexible to adjust to an evolving security
environment and scale according to type, size and complexity of the
organizations that create, access, store, or exchange health
information. Additionally, the common security framework will:

  • Reduce confusion by implementing a single framework across multiple organizations
  • Increase confidence by consumers, regulators and legislators
    in the industry’s ability to address these issues and to proactively
    protect sensitive information and healthcare systems
  • Establish a single standard for organizations for internal and external measurement
  • Reduce the number and complexity of security audits or reviews that organizations impose upon their trading partners

HITRUST provides all healthcare organizations an opportunity/OR/opportunities
to influence the direction of the common trust framework by applying to
participate in the development of the security standards. Participant benefits
include:

  • Interaction with peers and industry experts
  • Access to work papers and background materials
  • Serving on working groups to develop common trust framework
  • Ability to comment, influence and deliberate on framework drafts and final papers