christian.heinrich at owasp.org
Mon Oct 11 03:03:18 EDT 2010
UnitedHealth Group are part of http://www.hitrustalliance.net/council.php
As far as I am aware (i.e. I could be wrong) HITECH (i.e. *not*
HITRUST) is the recent amendment to HIPAA.
That stated, http://www.hitrustalliance.net/commonsecurityframework/
appears (i.e. I could be wrong) to be a "turnkey" governance framework
for the healthcare industry for both HIPAA and HITECT and other
governance frameworks i.e. COBIT, PCI, ISO 27001 and incorporates an
independent assessment process i.e.
I have a friend in Australia who is the Australian security manager
for a US Healthcare Provider not listed on
http://www.hitrustalliance.net/council.php - I am more then willing to
approach him for an independent view on HITRUST if this would be of
On Mon, Oct 11, 2010 at 3:33 AM, Lorna Alamri <lorna.alamri at owasp.org> wrote:
> I spoke with the guy that runs UnitedHealth Group's app security group
> asking him if there were any organizations which were similar it PCI for
> health care. He pointed me in the direction of HITRUST.
> What do you think? They are organized similarly to PCI Council however the
> model is much more for profit.
More information about the Global_industry_committee