What is HITRUST CSF Certification?
Taylor Lehmann, Chief Information Security Officer at Wellforce/Tufts, and John Houston, Vice President of Privacy and Information Security and Associate Council at UPMC, described their work as founding members of the Council during a presentation at the Top of Mind 2019 Summit.
The organizations on the Council, including Wellforce/Tufts, UPMC, Cleveland Clinic, and others, will require their third-party vendors to become HITRUST CSF Certified within the next 24 months. The certification will serve as their standard for vendors that access to patient or sensitive information. Certification will be accepted by all of the council’s participating organizations.
“We’re actually providing the playbook for how to securely operate and work with large health systems two to three years before you’re actually ready to do so,” Lehmann said during the Top of Mind 2019 Summit.
Becoming certified allows vendors to save time and effort answering questions from every health system they want to do business with, and instead use that time creating more secure products, Lehmann said. It’s a win for health systems because they don’t need to spend extra time vetting the security of every vendor.
“I would have to summarize this in one word: Frictionless. We’re trying to build a frictionless environment while ensuring a high level of security,” Houston said.
See more videos from the Top of Mind 2019 Summit:
Learn more about: