The Health Information Trust Alliance is a U.S.-based organization that works with healthcare, technology and information security leaders to establish a Common Security Framework (CSF). A CSF is a body of controls for all organizations to follow to create, access, store and exchange private or regulated data. The Health Information Trust Alliance believes security should be a core pillar of health information systems and exchanges, not an obstacle to be hurtled, hence its mission to normalize security controls via the CSF. The CSF includes:

NOTE: Schellman has since updated and expanded on this information in an article here. Nobody likes a compliance audit, but they serve a necessary purpose in the business world. If an organization is lacking in its adherence to global compliance regulations, there could be serious fallout. Employees or customers may lose trust. Your company’s reputation could be damaged, and worse — lawsuits and fines can significantly damage financial health. For this reason, chief compliance officers must change the way they think about audits. Painstaking as they may be, an audit provides you the opportunity to rectify issues before they become larger problems. Instead of dreading and avoiding an upcoming audit, here’s how compliance leaders can prepare their company to make the review process less agonizing.

The HIPAA Omnibus Rule which took effect on September 23, 2013, has led to the evolution of the HIPAA Compliance environment. Now more than ever it is important to understand what the security and privacy obligations are of a business associate (BA) or a subcontractor of a BA. BA’s are now mandated to comply with the HIPAA Privacy and Security rule requirements. Below are some high level requirements that BA’s need to be aware of when assessing their compliance environment: