The NIST Cybersecurity Framework — a computer security guidance developed by the National Institute of Standards and Technology at the U.S. Department of Commerce — is the most commonly used security framework at hospitals today, according to the 2018 HealthCare's Most Wired survey.
This marks the first year the College of Healthcare Information Management Executives has administered the Most Wired survey, which it acquired from the American Hospital Association in 2017. For the survey, CHIME polled leaders from 600-plus healthcare providers about IT infrastructure, including interoperability, information security, population health management and patient engagement capabilities.
Here are five common security frameworks, ranked by adoption at the surveyed providers:
1. NIST Cybersecurity Framework, published by NIST: 78 percent
2. HITRUST Comprehensive Security Framework, published by security standards development and accreditation organization Health Information Trust Alliance: 40 percent
3. Information Technology Infrastructure Library, published by Axelos, a joint venture by the U.K. government and business process outsourcing company Capita: 35 percent
4. Certifications developed by information security company SANS Institute: 24 percent
5. Control Objectives for Information and Related Technologies, published by IT management and governance professional association ISACA: 11 percent
Nineteen percent of respondents said their organization had adopted a self-developed security framework.
To download CHIME's survey, click here.