Commentary
Program Aims To Erase Doubts About Health Data Security
A new certification program could make it easier for healthcare organizations to decide whether their IT security products meet their compliance needs.A new certification program could make it easier for healthcare organizations to decide whether their IT security products meet their compliance needs.The Health Information Trust Alliance--HITRUST--which was launched in 2007 by an alliance of healthcare professional service and IT vendors, announced today a program to evaluate and certify IT security products used in healthcare settings.
The new HITRUST certification program is aimed at helping healthcare organizations in their vetting process to determine whether IT security products comply with HIPAA criteria, as well as HITRUST's own Common Security Framework, which is free and was released in March. HITRUST's CSF is the first IT security framework developed specifically for healthcare information.
More Healthcare Insights
White Papers
- Red Alert: Why Tablet Security Matters - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Reports
- Strategy: BI and Analytics in Healthcare
- Research: Healthcare CIO 25: The Leaders Behind the Healthcare IT Revolution
Webcasts
- Maximize ROI with Database Consolidation onto Private Clouds
- Effective IT Inventory and Asset Management: From Quagmire to Quick Fix
When healthcare organizations are selecting information security products ranging from firewalls to anti-virus software, there's a great deal of uncertainty and confusion whether those products comply to HIPAA and other security requirements important to the protection of personal health data, said Dan Nutkis, CEO of HITRUST in an interview with InformationWeek. The HITRUST certification will help, he said.
"Organizations are struggling to identify products" that meet security requirements for healthcare environments, which aren't as stringent as some classified government agencies, but are more intense than some workplaces and businesses, he said. "The local florist doesn't need the same level of security, except for credit cards," he said.
In a statement, HITRUST said the new program will be coordinated by a steering committee - led by ICSA Labs, McAfee, CA, Cisco, nCircle, NSS Labs, RSA, the security division of EMC, Symantec, Trend Micro and VeriSign - "with guidance by an advisory committee of security professionals from health plans, providers, pharmacies, data exchanges and service providers."
Evaluations for the certification will be done by independent third parties, not HITRUST, said Nutkis, who estimates it will cost vendors between $5,000 and $7,500 for the evaluation. "The goal was not to make it too costly," and inhibitive to smaller vendors seeking certification, he said.
InformationWeek has published an in-depth report on e-health and the federal stimulus package. Download the report here (registration required).
Related Reading
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
|
T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting! |
Subscribe to RSSResource Links
This Week's Issue
Technology Whitepapers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- Red Alert: Why Tablet Security Matters - by BlackBerry
Featured Resource
Read the report to find out how desktop virtualization has helped these organizations improve efficiency in the IT department, drive adoption of EMR applications, and support clinician mobility with wireless access, various client hardware options, and single sign-on.
Learn More
