Security and configuration scanning and auditing is an essential requirement for compliance with most security and privacy regulations and standards and a cornerstone of any security program. The new service from HITRUST and nCircle enables healthcare organizations to audit their IT systems for known vulnerabilities, identifying the highest risks to an organization's network. The service provides step-by-step, actionable guidance on how to address discovered weaknesses, reducing the risk from external threats and getting ahead of mounting compliance deadlines and penalties by consolidating reporting against the myriad of healthcare related requirements.
Healthcare organizations may register for a free trial of the service at HITRUST Central at www.HITRUSTcentral.net, located within the "Audit" tab. This offer is valid through November 15, 2009.
"We have used the HITRUST Security Audit Service and were impressed with its ease of use," said Leo Dittemore, Director, IS Security, HealthCare Partners. "It helped us uncover issues quickly and efficiently and provided us with specific guidance on how to fix those issues. These tools definitely can help secure an organization's network."
The HITRUST Security and Configuration Auditing Service, powered by nCircle, is a critical first step for an organization in achieving HITRUST Certification against the Common Security Framework (CSF), a certifiable framework that provides organizations with the needed structure, detail and clarity relating to information security tailored to the healthcare industry. Organizations can achieve HITRUST Certification by successfully demonstrating compliance with security control requirements and documenting a corrective action plan to address any gaps with alternate security controls.
"HITRUST developed the CSF in collaboration with healthcare, business, technology and information security leaders, and in doing so, consolidated requirements from the HITECH Act, HIPAA, PCI and NIST, effectively establishing an accountability standard for all U.S. healthcare organizations," Steve Katz, President, Security Risk Solutions LLC, noted. "Now, introducing this scanning service significantly reduces the complexity of healthcare compliance. By creating this affordable service, HITRUST is helping accelerate the process of making secure electronic health records a reality."
"The broader adoption of effective information security programs and practices benefits the industry as a whole, which is why we recently made the CSF available at no charge," said Daniel Nutkis, CEO, HITRUST. "Compliance and information security challenges are universal issues and it is our hope that every organization that is dedicated to achieving compliance and improving security will take advantage of the free trial."
"nCircle provides a complete suite of security and compliance solutions to the healthcare industry, and we are pleased to partner with HITRUST to deliver this service," said Abe Kleinfeld, CEO at nCircle. "Secure exchange of information between healthcare organizations is a significant challenge, and this service will provide an accessible way of improving security for small medical practices to large organizations, without having to deploy and maintain solutions internally."
Services such as the one announced today are a critical component of HITRUST's mission to provide a holistic suite of tools and services to assist healthcare organizations with efficiently and consistently protecting sensitive health information. In line with this mission, HITRUST is developing Security Configuration Packs (SCPs) for the CSF to address the lack of guidance that users of third-party health information systems—including electronic health records systems and medical devices—face in securely configuring these systems. nCircle's CTO Tim Keanini is leading the working group developing the first SCP for Epic Systems EpicCare EMR, a software solution that enables healthcare organizations to input and share patient health information electronically. Users and system experts are encouraged to review the SCP, provide comments and participate in the working group. The Epic SCP is available for public comments through November 15, 2009, at www.HITRUSTcentral.net in Forums -> Security Configuration Packs. As a reminder, registration to HITRUST Central is available at no charge.
The service is now available and is priced at $25 per IP for 90 days of unlimited auditing for the designated IP addresses after the free trial. Volume discounts are available and resellers may purchase auditing services for their customers.
About nCircle nCircle is the leading provider of automated security and compliance auditing solutions. More than 4,000 enterprises, government agencies and service providers around the world rely on nCircle's proactive solutions to manage and reduce security risk and achieve compliance on their networks. nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto. Additional information about nCircle is available at www.ncircle.com.
About HITRUST The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the Common Security Framework (CSF), a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. Beyond the establishment of the CSF, HITRUST is also driving the adoption of and widespread confidence in the framework and sound risk management practices through awareness, education, advocacy and other outreach activities. For more information, visit HITRUSTalliance.net.