Program Aims To Erase Doubts About Health Data Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Leadership

Program Aims To Erase Doubts About Health Data Security

A new certification program could make it easier for healthcare organizations to decide whether their IT security products meet their compliance needs.

A new certification program could make it easier for healthcare organizations to decide whether their IT security products meet their compliance needs.The Health Information Trust Alliance--HITRUST--which was launched in 2007 by an alliance of healthcare professional service and IT vendors, announced today a program to evaluate and certify IT security products used in healthcare settings.

The new HITRUST certification program is aimed at helping healthcare organizations in their vetting process to determine whether IT security products comply with HIPAA criteria, as well as HITRUST's own Common Security Framework, which is free and was released in March. HITRUST's CSF is the first IT security framework developed specifically for healthcare information.

When healthcare organizations are selecting information security products ranging from firewalls to anti-virus software, there's a great deal of uncertainty and confusion whether those products comply to HIPAA and other security requirements important to the protection of personal health data, said Dan Nutkis, CEO of HITRUST in an interview with InformationWeek. The HITRUST certification will help, he said.

"Organizations are struggling to identify products" that meet security requirements for healthcare environments, which aren't as stringent as some classified government agencies, but are more intense than some workplaces and businesses, he said. "The local florist doesn't need the same level of security, except for credit cards," he said.

In a statement, HITRUST said the new program will be coordinated by a steering committee - led by ICSA Labs, McAfee, CA, Cisco, nCircle, NSS Labs, RSA, the security division of EMC, Symantec, Trend Micro and VeriSign - "with guidance by an advisory committee of security professionals from health plans, providers, pharmacies, data exchanges and service providers."

Evaluations for the certification will be done by independent third parties, not HITRUST, said Nutkis, who estimates it will cost vendors between $5,000 and $7,500 for the evaluation. "The goal was not to make it too costly," and inhibitive to smaller vendors seeking certification, he said.

InformationWeek has published an in-depth report on e-health and the federal stimulus package. Download the report here (registration required).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Learning: It's a Give and Take Thing
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  1/24/2020
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Flash Poll