WellPoint Inc. has earned the status of Common Security Framework Certified from HITRUST, the information security and risk management organization, making it the largest health benefits company to achieve the certification for 2013.
The certification lets members, clients and business partners know that WellPoint meets the highest standards within the healthcare industry for managing security risks and protecting health information, the insurer said in a news release Monday.
The Health Information Trust Alliance reviews the assurance criteria annually and updates it based on changing regulations and loss data analysis.
Security regulations in the healthcare industry continue to evolve, such as through HIPAA and the Affordable Care Act. As a result, payers, providers and business partners are under more intense scrutiny to manage and monitor their security and privacy practices when creating, accessing, storing or exchanging protected health and financial information.
"Given the multitude and complexity of state and federal regulations with which we need to comply, the HITRUST CSF Assurance Program allowed us to proactively obtain a level of assurance that we are appropriately managing information risk and protecting health information while demonstrating compliance internally and with third parties," said Roy Mellinger, WellPoint chief information security officer, in the release.
HITRUST certification aims to help to reduce company challenges by verifying adherence to a security framework integrated with state and federal regulations, business requirements and industry standards.
WellPoint said it will use the HITRUST assurance program in its own business associate compliance program and require that business associates submit similar CSF assessment reports. Humana, Highmark and UnitedHealth Group have also committed to using the assurance program with their business associates.