Compliance & Legal

HITRUST launched a security program to help start-up companies bolster their privacy and security foundations, including the adoption of the most comprehensive risk management, compliance and security services. WHY IT MATTERS The goal is to support startups in adopting best practices as they grow. HITRUST is working closely with those small businesses to ensure these security features are baked into their products from the beginning. To accomplish this, HITRUST is bundling and pricing its programs to align with small businesses that have been in business for less than three years, have fewer than 50 employees and less than $10 million in annual revenue. The program will streamline HITRUST adoption. ON THE RECORD “Navigating risk management and compliance requirements can be costly and a strain on internal resources and can be daunting for any company, but it can be compounded in start-ups that are focusing on bringing their vision to market,” Mike Parisi, HITRUST’s vice president of assurance strategy and community development, said in a statement. THE TREND HITRUST was formed in 2007 and is seen as one of the industry’s gold standards for security. In May, it launched a certification program for the NIST Cybersecurity Framework for hospitals and health systems to ensure security compliance. The RightStart Program will ensure these startups embed these security standards into “their evolving business models,” Parisi added. HITRUST officials stressed that often these types of security measures are seen as a barrier to adoption. And as a result, companies will add programs in an ad hoc way, which leads to a loss of time and money, without a guaranteed improved risk posture. To Hoala Greevy, Paubox CEO, the hope is that the program will give the company the ability to adopt a security framework that will scale with the organization. “HITRUST provides us with the tools for secure, compliant growth needed to increase our bottom line,” Greevy said in a statement. “Our customer focus demands we have security, compliance, and risk management in place by design and not as an afterthought.” .jumbotron{ background-image: url("http://www.healthcareitnews.com/sites/default/files/u2231/cybersecurity-jumbotron-712.jpg"); background-size: cover; color: white; } .jumbotron h2{ color: white; } Focus on Cybersecurity In October, we take a deep dive into security strategy and pressing threats. Twitter: @JF_Davis_ Email the writer: jessica.davis@himssmedia.com

As HIPAA was written when most providers still used paper charts, the framework today has plenty of room for improvement.

Part two of our cyber insurance series highlights the need for healthcare organizations to compare prices and find a carrier willing to partner on cybersecurity.

An employee uploaded a file containing member information to a public-facing website in April, but officials did not discover the error until July.

Though not without critics, the FDA has advanced regulatory processes for apps, medical devices, genomics and clinical decision support.

An Internet of Things expert from Travelers discusses equipment maintenance software, smart screens and IoT-linked cabinets.

Company says expanding coverage for Amazon, Google Cloud, Microsoft and others, makes it easier for hospitals to comply with a host of data privacy regulations.

A new communication process in the emergency department helped the hospital reduce the time it took a patient to get to their new unit by almost half an hour.

Just one year after it settled with the DOJ for $155 million, OIG dinged the cloud-based EHR vendor for violating the settlement terms in its corporate integrity agreement.