- HealtheConnections is working to achieve HITRUST Certification in accordance with the HITRUST Common Security Framework (CSF) to improve secure health data exchange for the 11 counties of central New York.
The health information exchange is partnering with healthcare security provider BluePrint Healthcare IT in an effort to comply with the HITRUST health data security framework.
HealtheConnections is one of eight regional HIEs in New York assisting providers in securely accessing patient EHRs at no cost.
“We take pride in continuous growth and development of new, innovative technologies to better support our participants,” said HealtheConnections President & CEO Rob Hack. “The HITRUST Certification is another layer of assurance that the information our healthcare professionals rely on is as secure as possible.”
“It clearly demonstrates to all our stakeholders — the New York State Department of Health, all healthcare organizations in Central and Northern New York, and the 1.5 million patients we serve — that our security program is reliable,” he continued.
Currently, the New York HIE collects data from more than 200 data sources including VA, the Department of Defense (DoD), and many healthcare organizations throughout the New York area.
“Cyber threats and organized targeting of healthcare data are on the rise and the HITRUST CSF has become the ‘gold standard’ for measuring and certifying security management programs,” said BluePrint Healthcare IT President & CEO of Vikas Khosla. “Because of the unique and paramount role that HealtheConnections plays in value-based, shared care, it’s prudent to adopt a scalable security framework that addresses the most widely trusted standards in cybersecurity.”
HealtheConnections is a qualified participant of the State Health Information Network of New York (SHIN-NY).
The HITRUST CSF framework is the most widely-adopted security framework in the country. The framework is continually updated in keeping with new federal regulations and security risks.
The ninth iteration of the HITRUST CSF will be released this month and is expected to address the NIST Cybersecurity Framework requirements as well for a more efficient way to report a healthcare organization’s cybersecurity posture.
HealtheConnections expects to pass the rigorous HITRUST Certification in 2018.
The Delaware Health Information Exchange Earns HITRUST Certification
Elsewhere in health data exchange, the Delaware Health Information Exchange (DHIN) recently earned HITRUST CSF Certification — also with the help of BluePrint Healthcare IT.
The HIE announced last week that all DHIN implemented systems have achieved certified status for information security by the Health Information Trust Alliance. DHIN now joins a small group of HIEs in the country to hold such a designation.
DHIN underwent a year of exhaustive analysis of all its existing security and privacy measures. Following the analysis, the HIE strengthened its security policies and procedures as needed to meet the requirements of HITRUST CSF.
“More than 2.2 million patients have entrusted DHIN with their sensitive information,” said DHIN CIO Mark Jacobs. “Receiving HITRUST CSF Certification gives practitioners, payers and consumers added assurance that DHIN meets the highest standards of security, privacy and compliance.”
The two-year certification is an ongoing process. Those with the certification must continue monitoring their privacy controls and maintain a record of no reportable data breaches. Additionally, HITRUST CSF Certified healthcare organizations must complete interim reviews in a timely manner.
“HITRUST has been working with the industry to ensure the appropriate information protection requirements are met when sensitive health information is accessed or stored in a cloud environment,” said HITRUST Chief Compliance Officer Ken Vander Wal. “By taking the steps necessary to obtain HITRUST CSF Certified status, DHIN is distinguished as an organization that people can count on to keep their information safe.”