Blue Cross receives HITRUST CSF Certification

We are pleased to announce that Blue Cross Blue Shield of Michigan has received HITRUST CSF^® Certification.

At Blue Cross, one of our top priorities has always been to enhance our information security capabilities. As part of that commitment, Blue Cross and Blue Care Network worked for more than two years to obtain the HITRUST CSF Certification.**

This certification recognizes our steps to continue to align with the Health Insurance Portability and Accountability Act of 1996, while ensuring we have the right level of controls and safeguards to protect sensitive patient data and reduce complexity, risk and cost. This helps minimize any negative effects on our providers, customers and organization.

HITRUST is an organization that’s responsible for creating and maintaining a comprehensive and flexible framework of prescriptive and scalable security controls in the health care sector, among others. HITRUST CSF Certification is frequently required by organizations that handle sensitive data, including protected health information, or PHI.
 
As part of Blue Cross’ focus on information security, we’ve developed a robust security framework that documents our policies, procedures and processes. Our framework guides how information is managed in our business to lower risk and vulnerability, and to increase confidence in an industry that increasingly uses technology to stay connected to patients. With our HITRUST CSF Certification, which attests to our information security efforts, we’ll continue to make improvements in how we protect sensitive information and manage information and compliance.

Threats to information security
The threats facing the health care industry are becoming increasingly sophisticated, with the average cost of a data breach to an organization amounting to $3.92 million, according to IBM Security. Fraudulent individuals use several social engineering techniques, such as phishing and physical breaches to obtain PHI, such as medical records, Social Security information and insurance accounts. Medical records are considered one of the most valuable type of consumer data in the world, second only to intellectual property and state secrets.

This value stems primarily from two unique features:

• Durability. Medical records are permanent — a consumer can’t merely “cancel” a health care record the way they can petition the bankruptcy court to eliminate debt.
• Ease of monetization. Medical records can quickly be monetized in many ways — through Medicare fraud, medical identity theft, illegal prescription drug resale, and any number of black market exchanges.

Our commitment to you
Our HITRUST journey underscored the importance of information security in the face of increased threats to the health care industry. But this is only the beginning. 

As part of our network of physicians and other medical partners, you can expect to see:

• Continued commitment to taking every measure available to protect and secure patient — and member — PHI
• Diligence in detecting and rapidly responding to cybersecurity events or incidents
• Recertifying with HITRUST in the future to keep Blue Cross up to date on data protection and security as threats to the health care industry continue to evolve 

**HITRUST CSF Certification, announced in July 2020, was effective December 2019. The scope of the certification covers Blue Cross Blue Shield of Michigan’s Electronic Data Interchange system and infrastructure.