WellPoint, Inc. (NYSE: WLP) announces it has achieved Common Security Framework (CSF) Certified status from the Health Information Trust Alliance (HITRUST). Certification was obtained through the HITRUST CSF Assurance Program, the most widely-used information security framework used by United States health care organizations. WellPoint is the largest health benefits company to achieve HITRUST CSF Certified status under 2013 assurance criteria.
The CSF Certified status under new 2013 assurance criteria assures WellPoint’s members, clients, and business partners that the company is meeting the highest standards within the health care industry for managing security risks and protecting health information. CSF assurance criteria is reviewed annually and modified based on changing regulations and loss data analysis.
“Given the multitude and complexity of state and federal regulations with which we need to comply, the HITRUST CSF Assurance Program allowed us to proactively obtain a level of assurance that we are appropriately managing information risk and protecting health information while demonstrating compliance internally and with third parties,” said Roy Mellinger, WellPoint chief information security officer. “WellPoint is committed to protecting customer data and demonstrating how we are a trustworthy business partner.”
With continuously evolving security regulations in the health care industry, organizations are facing greater scrutiny and increased challenges in managing and monitoring their security and privacy practices when creating, accessing, storing or exchanging protected health and financial information. HITRUST CSF certification helps companies reduce this burden by affirming adherence to an industry-developed and industry-supported security framework integrated with state and federal regulations, business requirements and industry standards.“WellPoint has been a vocal proponent of streamlining and enhancing regulatory compliance and information protection internally, across the industry and with their business partners,” said Daniel Nutkis, HITRUST chief executive officer. “Obtaining CSF Certified status is confirmation of their commitment.” WellPoint will leverage the CSF Assurance Program in its own business associate compliance program and require the submission of CSF assessment reports from its business associates. Achieving HITRUST CSF Certified status and the continued reporting process validates WellPoint’s commitment to protecting data.