WellPoint, Inc. (NYSE: WLP), the nation's largest health insurer by medical membership, announced today it will accept the results of HITRUST Common Security Framework (CSF) assessments as a way to evaluate and verify its business partners' capabilities for protecting health information.
WellPoint is the first health benefits company to accept the results of HITRUST CSF assessments from its business partners as evidence that they have the necessary controls in place to effectively manage information security risks within their environment. Organizations undergoing assessments through the HITRUST CSF Assurance program can choose to become either CSF Validated or CSF Certified, both of which leverage the same processes, tools and requirements, but offer different degrees of assurance.
"HITRUST certification and assurance programs allow WellPoint to ensure the companies with which we partner and exchange protected health information meet specific requirements for information security, and that they have standardized assessment and reporting processes," said Roy R. Mellinger, vice president, IT Security, and Chief Information Security Officer for WellPoint.
"We are responsible for the security and privacy of health information belonging to more than 33 million Americans who have entrusted their information to us. We take this responsibility very seriously, and we ask the same of our business partners," Mellinger continued.