STANDARDIZING SECURITY ASSESSMENTS FOR HEALTH

Screen Shot 2019-02-11 at 11.32.35 AM.png

A barrier to innovation for many

We need to mitigate risk and protect patient data

However, security assessments are a barrier to innovation

They create major delays, cost legal and technical capital, and are inconsistent

Screen Shot 2019-02-11 at 11.38.12 AM.png

We surveyed covered entities and vendors

We found significant frustration and waste on both sides

Together.Health

And we identified a solution

The Together.Health Security Assessment (THSA) guideline helps health systems and vendors work together. THSA translates security controls without disrupting existing workflow

Screen Shot 2019-10-26 at 2.25.01 PM.png

How to use the Together Health Security Assessment (THSA)

HealthSystem.png

For Health Systems

1. Map your existing risk / security assessment questionnaire to the Secure Controls Framework (available for download here)

2. Share with Together.Health which SCF #’s your assessment mapped to (and any questions that did not map) through our survey

3. Share your SCF-mapped security assessment with vendors, enabling them to more rapidly complete the review process

Vendor

For Vendors

1. Download the Together.Health Security Assessment (THSA) guideline and check to see if you meet the security standards recommended by the majority of Together.Health health system providers. In this guideline we mapped the most common and useful controls (as designated by our expert focus group participants) to SCF #’s. We recommend using THSA as a baseline for your product’s security and a reference tool to support you in security reviews

2. Go to the Secure Controls Framework site to see the full list of controls and further reference.

Together.Health member organizations are working hard on curriculum and programs to implement the framework

GET SECURE TODAY

TogetherHealth Security Assessment - THSA v2019.1

(Updated 10/26/2019)

OUR SECURITY GOALS

NO NEW QUESTIONS

Use existing questions and frameworks whenever possible

USE THE BEST IN CLASS FOR SECURITY

Don’t just build for healthcare; build for security

SIMPLIFY THE PROCESS

Don’t create a process so burdensome it’s impossible to adopt (i.e. don’t make a slow process slower)

EDUCATE

Help covered entities, vendors, and other health ecosystem stakeholders understand how to prepare for and meet the standards

HOW WE GOT HERE

Together.Health Process

We analyzed hundreds of security assessments, consulted with 100+ cybersecurity experts (CIO’s, CISO’s, etc.), created a common set of questions, and mapped them to existing frameworks. We hope the Together.Health Security Assessment guidelines

Based on our research, we found that for startups (and even established entities) the process can ranges from 4 weeks to 9 months. For a company with 12 months of runway, this timeline is an innovation killer.

Project Lead

 
 

Our contributors

Join our growing list of collaborators and contributors below.

Collaborators
 

See what they’re saying

 
 
Adam+Landman

Adam Landman, MD

CIO, Brigham and Women’s Hospital

“Ensuring appropriate protection and use of healthcare data is a critical responsibility of health care organizations.

Currently every health system uses their own, unique security assessment for IT and digital health tools.

Together.Health offers a novel approach using the Secure Controls Framework that has significant potential to improve the efficiency of security reviews for both vendors and health care organizations while allowing continued use of existing assessments.”

 

In the news: