The Schellman Blog

HITRUST, or the Health Insurance Trust Alliance, is a security organization and the creator of the Common Security Framework (CSF), "a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health, and financial information." Also, HITRUST developed a standard security report that addresses risk and compliance issues and helps compare security issues for an organization with others across the industry.

Effective compliance and risk management goes far beyond a set of policies. To be effective, a company’s compliance and risk management program must be embedded in its culture. All too often, companies see compliance as a separate activity that does not need to be integrated into the day-to-day business operations. All employees should share responsibility, and an intelligent risk framework should be created that brings compliance out in the open — letting employees know the importance of compliance while allowing them to communicate. But that’s often easier said than done.

Despite years of preparation and billions of dollars in spending, today’s businesses still aren’t prepared for cyber-attacks. Just turn on the evening news and you’ll be greeted with the name of the latest company to suffer an attack.

The more advanced technology gets, the more chief information security officers have to worry about. And with hackers waging significant wars on major organizations like JPMorgan Chase and Anthem, their job has become more important than ever.

The ultimate goal of a compliance program is not only to make sure your organization meets the requirements for compliance, but to also ensure employees do the right thing. But it can be difficult to determine the success of your organization’s compliance. What do you measure? How often do you measure? What do you focus on?

The Health Information Trust Alliance is a U.S.-based organization that works with healthcare, technology and information security leaders to establish a Common Security Framework (CSF). A CSF is a body of controls for all organizations to follow to create, access, store and exchange private or regulated data. The Health Information Trust Alliance believes security should be a core pillar of health information systems and exchanges, not an obstacle to be hurtled, hence its mission to normalize security controls via the CSF. The CSF includes:

If you remember the film Pirates of the Caribbean: Dead Man’s Chest, the villain Davy Jones cuts his heart from his chest and locks it away, hiding it from the world and protecting it from the ravages of grief. Bit of a drastic action if you ask us, but we—like most people—can understand taking serious lengths to protect the things we care about. That includes information. In this day and age of the Internet, where so much of life takes place, it can be tough to safeguard such data, especially when malicious attackers are constantly seeking to steal it and take advantage.

When the Romans perfected aqueducts, those channels that transported fresh water from the source to established cities and towns became the backbone of those areas. Though the Romans were excellent civil engineers, the creation and implementation of aqueducts still required a lot of planning—projects could consist of different elements like pipes, tunnels, canals, and bridges, as well as combinations of these.