The Health Information Trust Alliance has joined with insurance broker Willis Towers Watson for a new program that could enable providers and vendors certified under HITRUST Common Security Framework to save on insurance premiums.
The two groups have worked together to educate cyber insurers about HITRUST CSF, and to encourage them to consider it during the cyberrisk underwriting process.
[Also: 10 things to consider before purchasing cyber insurance]
They said that CSF's comprehensive controls framework, which aims to accurately and consistently measure residual cyberrisk, has shown some appeal to insurers looking to cover healthcare organizations operating in a fraught cybersecurity threat environment.
"We are working with a number of cyber insurers that we expect will offer CSF Assessment-based programs over the coming months," said Geoffrey K. Allen, executive vice president of FINEX North America, a division of Willis Towers Watson Group, in a statement.
One of the first insurers to consider preferred terms and conditions based on CSF standards being met is Allied World U.S., according to HITRUST, which says the framework and its assurance methodology will inform the underwriting process with regard to efficiency, consistency and accuracy – enabling Allied World to better align its premium levels with the effectiveness of a given organization’s security controls.
[Also: The benefits of HITRUST certification]
"The partnership between Willis and HITRUST represents a significant step toward creating common standards for underwriting review, and adds significant efficiencies to the existing process," said Joshua Ladeau, Allied's practice lead for privacy and network security, in a statement.
HITRUST officials say organizations that have obtained CSF certification have been shown to pose lower cybersecurity risks. Moreover, its comprehensive assessment scores enable a more streamlined policy application process, they said.
"Managing information risk and compliance is a key goal of most healthcare organizations, and this program is another milestone in demonstrating how comprehensive and effective the HITRUST CSF and CSF Assurance are in aiding organizations in meeting that goal," said HITRUST CEO Daniel Nutkis, in a statement.
Twitter: @MikeMiliardHITN
