[Global_industry_committee] HITRUST

Christian Heinrich christian.heinrich at owasp.org
Mon Oct 11 03:03:18 EDT 2010


UnitedHealth Group are part of http://www.hitrustalliance.net/council.php

As far as I am aware (i.e. I could be wrong) HITECH (i.e. *not*
HITRUST) is the recent amendment to HIPAA.

That stated, http://www.hitrustalliance.net/commonsecurityframework/
appears (i.e. I could be wrong) to be a "turnkey" governance framework
for the healthcare industry for both HIPAA and HITECT and other
governance frameworks i.e. COBIT, PCI, ISO 27001 and incorporates an
independent assessment process i.e.

I have a friend in Australia who is the Australian security manager
for a US Healthcare Provider not listed on
http://www.hitrustalliance.net/council.php - I am more then willing to
approach him for an independent view on HITRUST if this would be of

On Mon, Oct 11, 2010 at 3:33 AM, Lorna Alamri <lorna.alamri at owasp.org> wrote:
> All,
> I spoke with the guy that runs UnitedHealth Group's app security group
> asking him if there were any organizations which were similar it PCI for
> health care. He pointed me in the direction of HITRUST.
> http://www.hitrustalliance.net/about/
> What do you think?  They are organized similarly to PCI Council however the
> model is much more for profit.

Christian Heinrich

More information about the Global_industry_committee mailing list