Posted and filed under Compliance, Cybersecurity, Technology.

We would like to thank HITRUST, our friends Schellman & Company, LLC, as well as today’s host, Orlando Health, for inviting us to join them in the HITRUST Community Extension Program Orlando.

We’ve discussed HITRUST in previous blog posts and presentations, but we find that it’s important to revisit this topic as the year comes to an end. More and more organizations are navigating their way through various cybersecurity and privacy certifications, with the most notable being HITRUST.

The HITRUST organization was founded in 2007, and has since introduced the Common Security Framework (CSF) to the healthcare industry. CSF has since been adopted by 10,000 healthcare vendors – and the numbers keep climbing. HITRUST provided education and certification to these vendors that assist with risk mitigation, safe Intelligence Sharing, and Incident Response Plans.

Did you know that the HITRUST Response Center offers access to intelligence on many known and unknown threats impacting all industries, even those outside of healthcare. With over 300 million sensors deployed worldwide, the Response Center strives to provide quick response, intelligence and threat mitigation.  The Response Center also offers unique capabilities that are a significant advancement in aiding organizations across varying cybersecurity maturity levels to combat the more ever evolving cyber threats.

More than efficiency, HITRUST helps organizations ensure that their program complies with HIPAA’s risk analysis requirements. The HIPAA Security Rule requires organizations to “conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic protected health information… [and] implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.” [HIPAA § 164.308(a)(1)(ii)(A)-(B)] Further, HHS references HITRUST’s approach in its Guidance on Risk Analysis Requirements under the HIPAA Security Rule.

HITRUST is fulfilling an immediate need in the industry.

Healthcare technology is always evolving:

  • Patients are using more mobile devices
  • Telehealth and telemedicine is growing rapidly
  • EHR implementation comes with added convenience and risk
  • Increased utilization of third party vendors

We are all familiar with the cost of healthcare across the continuum, from unnecessary services to inefficient care delivery, however there are so many new costs associated with the risks around data. Accessibility is a beautiful concept, but there are certainly some hefty associated costs.

The size of the EMR market was $28 billion in 2016

Expected to rise briskly, predicted to be $36.6 billion by 2021.

Cybersecurity has always been an issue with the EMR market, however, Ransomware events have given more color to the level of importance.

One of the top emerging and disruptive trends for the EMR market is the threat of ransomware.

In 2016, a facility resolved a situation by paying a ransom of $17,000 to obtain a decryption key to restore its data.

But… what exactly is ransomware? We’ll tell you. Follow us on Twitter and stay tuned for another blog post on this prominent threat.

HITRUST leverages the ‘Assess Once, Report Many’ approach, what we have truly found with our clients is dramatically different.  Join our Security podcast on Dec 20th, where we talk about this year in security from the perspective of a healthcare vendor.