HITRUST believes that a common security framework for use by all organizations that create, access, store, or exchange personal health information is necessary to advance the goals of health information technology. Standardizing a higher level of security will build greater trust in the electronic flow of information through the healthcare system.
The HITRUST common security framework will be comprehensive, leveraging existing industry standards and best practices where appropriate. The framework also will be flexible to adjust to an evolving security environment and scale according to type, size and complexity of the organizations that create, access, store, or exchange health information. Additionally, the common security framework will:
- Reduce confusion by implementing a single framework across multiple organizations
- Increase confidence by consumers, regulators and legislators in the industry's ability to address these issues and to proactively protect sensitive information and healthcare systems
- Establish a single standard for organizations for internal and external measurement
- Reduce the number and complexity of security audits or reviews that organizations impose upon their trading partners
HITRUST provides all healthcare organizations an opportunity/OR/opportunities to influence the direction of the common trust framework by applying to participate in the development of the security standards. Participant benefits include:
