FRISCO, TX – The Health Information Trust Alliance (HITRUST) has expanded its certification program to target inefficiencies in healthcare compliance reporting and help organizations realize benefits sooner.

The HITRUST Common Security Framework Assurance Program provides healthcare organizations and their business associates with a common approach to managing security assessments that create efficiencies and contain costs associated with multiple and varied assurance requirements.

The program leverages the HITRUST CSF, a comprehensive security framework that incorporates the existing security requirements of healthcare organizations, including federal, state, third party (e.g., PCI and COBIT) and other government agencies (e.g., NIST, FTC and CMS).

The program offers two levels of assurance, CSF Validated and CSF Certified, which provide organizations with an incremental path to compliance according to size, risk profile and reporting requirements.

"The current method of measuring and reporting compliance is fraught with rampant inconsistencies and tremendous waste of time and resources, all of which work against the goals of healthcare reform from both an efficiency and information protection perspective," said Daniel Nutkis, chief executive officer for HITRUST, based in Frisco, Texas.

"The confirmation of the need for a new approach is evident in the fact that so many healthcare organizations are already requiring or encouraging their business associates to participate in the CSF Assurance Program. In addition, we are seeing many business associates proactively take part in the program prior to a request being made," he said.

The program allows organizations to choose either CSF Validated or CSF Certified, both of which leverage the same processes, tools and requirements. CSF Validated allows organizations to be measured and report their progress against the CSF and provides information such as standardized corrective action plans. CSF Certified provides additional efficiencies by verifying that an organization has met all of the industry defined certification requirements of the CSF.

"As a leader in healthcare reform and innovation, the Health Information Partnership for Tennessee is working with HITRUST to adopt the CSF as part of its health information exchange initiatives," said Bob Gordon, chairman of the board for HIP TN. "A single, comprehensive assessment approach would ensure we aren't adding complexity and cost to the healthcare system, while at the same time enabling the protection of health information. The CSF and the CSF Assurance Program should provide the needed mechanisms to ensure trust in the healthcare organizations that connect to the state's health information exchanges."

Officials say a critical element in the CSF Assurance Program is the oversight and governance provided by HITRUST.

"As a partner to healthcare organizations in establishing trust in the industry, HITRUST takes its role seriously in ensuring the quality, accuracy and fairness of assessments and the resulting reports," said Kenneth Vander Wal, chief compliance officer for HITRUST. "We are committed to providing greater confidence in security across the industry."