Program Aims To Erase Doubts About Health Data Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Leadership

Program Aims To Erase Doubts About Health Data Security

A new certification program could make it easier for healthcare organizations to decide whether their IT security products meet their compliance needs.

A new certification program could make it easier for healthcare organizations to decide whether their IT security products meet their compliance needs.The Health Information Trust Alliance--HITRUST--which was launched in 2007 by an alliance of healthcare professional service and IT vendors, announced today a program to evaluate and certify IT security products used in healthcare settings.

The new HITRUST certification program is aimed at helping healthcare organizations in their vetting process to determine whether IT security products comply with HIPAA criteria, as well as HITRUST's own Common Security Framework, which is free and was released in March. HITRUST's CSF is the first IT security framework developed specifically for healthcare information.

When healthcare organizations are selecting information security products ranging from firewalls to anti-virus software, there's a great deal of uncertainty and confusion whether those products comply to HIPAA and other security requirements important to the protection of personal health data, said Dan Nutkis, CEO of HITRUST in an interview with InformationWeek. The HITRUST certification will help, he said.

"Organizations are struggling to identify products" that meet security requirements for healthcare environments, which aren't as stringent as some classified government agencies, but are more intense than some workplaces and businesses, he said. "The local florist doesn't need the same level of security, except for credit cards," he said.

In a statement, HITRUST said the new program will be coordinated by a steering committee - led by ICSA Labs, McAfee, CA, Cisco, nCircle, NSS Labs, RSA, the security division of EMC, Symantec, Trend Micro and VeriSign - "with guidance by an advisory committee of security professionals from health plans, providers, pharmacies, data exchanges and service providers."

Evaluations for the certification will be done by independent third parties, not HITRUST, said Nutkis, who estimates it will cost vendors between $5,000 and $7,500 for the evaluation. "The goal was not to make it too costly," and inhibitive to smaller vendors seeking certification, he said.

InformationWeek has published an in-depth report on e-health and the federal stimulus package. Download the report here (registration required).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll