HITRUST Launches Community Extension Program to Promote Collaboration on Risk Management

HITRUST has launched a new community extension program that will see town hall events taking place in 50 major cities across the United States over the course of the next 12 months. The aim of the community extension program is to improve education and collaboration on risk management and encourage greater community collaboration.

With the volume and variety of cyber threats having increased significantly in recent years, healthcare organizations have been forced to respond by improving their cybersecurity programs, including adopting cybersecurity frameworks and taking part in HITRUST programs. Healthcare organizations have been able to improve their resilience against cyberthreats, although the process has not been easy.

HITRUST has learned that the process can be made much easier with improved education and collaboration between healthcare organizations. The community extension program is an ideal way to streamline adoption of the HITRUST CSF and other HITRUST programs, while promoting greater collaboration between healthcare organizations and encouraging greater community collaboration.

The events will allow healthcare organizations to share best practices and the lessons they have learned from conducting their own risk management programs, including discussing some of the many challenges they have faced.

Tufts Medical Center played an important role in the development of the community extension program, encouraging HITRUST to run the community sessions. Tufts Medical Center CISO, Taylor Lehmann, said “The importance of improving the overall cyber resilience of organizations cannot be overstated. Although it’s a difficult goal, HITRUST provides a number of programs that make the goal achievable and sharing best practices, lessons learned and remediation strategies makes the community stronger.”

HITRUST Assurance Strategy and Community Development Vice President Michael Parisi said, “This program provides significant value by allowing organizations to engage with, and learn from, others in the community about how they approach the challenges related to managing risk, controlling compliance costs while effectively implementing a strong security posture and defending against cyber threats.”

The time it takes to adopt HITRUST programs can be shortened through education and knowledge transfer, which will be a key component of the community extension program sessions.

Some of the main topics that will be covered at the events include:

  • Structuring and implementing an information risk management program
  • Considerations in implementing the HITRUST CSF
  • Leveraging the HITRUST CSF to implement the NIST Cybersecurity Framework
  • Considerations regarding a HITRUST CSF Assessment and reporting options
  • Leveraging the HITRUST Cyber Threat Catalogue
  • Implementing a third-party assurance program and effective vendor risk management
  • How to align information risk management and cyber insurance programs
  • Engaging in cyber information sharing and how it supports cyber threat management regardless of size or cyber maturity

HITRUST Community Extension Program Dates

The events will take place at town halls in major cities and will be hosted by healthcare organizations from each community, assisted by HITRUST CSF assessors. There will be no charge for attendees.

The events are likely to be popular and HITRUST will add more locations to meet demand over the course of the next 12 months.

The first six events will be held in Boston, MA, hosted by Tufts Medical Center; Houston, TX, hosted by Texas Children’s Hospital; Denver, CO, hosted by Centura Health; Dallas, TX hosted by Blue Cross Shield of Texas; Cleveland, OH, hosted by Cleveland Clinic; and Seattle, WA, hosted by Microsoft.

The first event in Boston is scheduled to take place on September 14, 2017, with further dates to be confirmed. Interested parties can now register for the first event and view details of future events on this link.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.