HITRUST applauds Senate action to improve nation's ability to defend against cyber attacks
Frisco, TX, October 28 - The Health Information Trust Alliance (HITRUST), the leading organization supporting the healthcare industry in advancing the state of information protection, announced today that it continues to fully support S.754, the Cybersecurity Information Sharing Act (CISA) of 2015, because it formalizes the process for information sharing, encouraging private entities to share amongst themselves and with the government. The Act provides legal certainty that companies sharing information have safe harbor against frivolous lawsuits when voluntarily sharing and receiving threat indicators and defensive measures in real time, as well as when taking actions to mitigate cyber attacks.
HITRUST opposed any amendment that would weaken significant provisions including the need to safeguard privacy and civil liberties or weaken liability protection for information sharing, and encouraged establishment of appropriate roles for government agencies and departments to continue to collaborate with industry.
CISA also directs the Secretary to evaluate how to most effectively disseminate cyber threat information from the government to industry. This critical process has received much attention over the last year and HITRUST supports this direction.
Additionally, CISA recognizes the importance of a health industry specific cybersecurity framework as well as associated guidance and best practices, leveraging industry standards that are developed through a public and private process. This development reinforces the significance of efforts already underway by HITRUST In coordination with the Healthcare and Public Health (HPH) Government and Private Sector Partnership for Critical Infrastructure Security and Resilience (CISR) to develop an industry-specific framework and guidance.
Although industry is making improvements in cyber readiness and response, by singling out the healthcare industry, the Act sends a clear message that law makers are concerned with the pace of this progress.
HITRUST looks forward to continued engagement with the Department of Health and Human Services (HHS) as the Secretary rolls out the provisions of CISA.
HITRUST Cyber Leadership
HITRUST continually endeavors to elevate the level of information protection by ensuring greater collaboration between the healthcare industry and government. With extensive experience in developing an information privacy and security framework, HITRUST has many valuable lessons to share.
Further, as an official Information Sharing and Analysis Organization (ISAO), HITRUST operates the healthcare sector’s most active cyber threat exchange, the HITRUST CTX, which has engagement from over 1100 members and acts as an industry cyber threat early warning system and automates indicator of compromise (IOC) distribution. HITRUST collaborates with the Department of Homeland Security (DHS) and HHS relating to cyber information sharing as well as providing other programs including monthly industry cyber threat briefings and CyberRX health industry cyber threat preparedness exercises.
Founded in 2007, the Health Information Trust Alliance (HITRUST) was born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST - in collaboration with public and private healthcare technology, privacy and information security leaders - has championed programs instrumental in safeguarding health information systems and exchanges while ensuring consumer confidence in their use.
HITRUST programs include the establishment of a common risk and compliance management framework (CSF); an assessment and assurance methodology; educational and career development; advocacy and awareness; and a federally recognized cyber Information Sharing and Analysis Organization (ISAO) and supporting initiatives. Over 84 percent of hospitals and health plans, as well as many other healthcare organizations and business associates, use the CSF, making it the most widely adopted security framework in the industry. For more information, visit http://www.HITRUSTalliance.net.