SEP 1, 2009 4:44am ET

Related Links

IT, Data Challenges Continue for Oregon, Connecticut
August 1, 2014
Mobility, DevOps Driving Application Performance Monitoring Market Growth
July 30, 2014
DDoS Attacks Are Still Happening — and Getting Bigger
July 29, 2014

Web Seminars

Improve Omni-channel Shopping Experience with Product Information Management
August 21, 2014

Effort to Certify Health IT Security

Print
Reprints
Email

The Health Information Trust Alliance, an industry consortium working to improve the understanding of information security issues in health care, is spearheading efforts to develop health IT security certification programs.

Called HITRUST, the alliance last spring unveiled its Common Security Framework for electronic health information. The framework is an attempt to standardize health IT security best practices, standards and regulations in a single certifiable tool. The framework includes a best-practices security implementation manual, a cross-referenced standards and regulations matrix, and a readiness assessment toolkit.

But information security professionals and other purchasers often are confused as to which functions a particular product supports. The new certification program is an effort to classify security products by functionality to help providers and payers better understand the products that will help organizations fix the security gaps they have, says Daniel Nutkis, CEO of HITRUST. Criteria will focus on helping organizations determine a product's capabilities, functionality, effectiveness and support of security practices.

The alliance will not become a certifier, but will work with existing information security certifiers and vendors, and providers and payers to develop a certification program that other entities can operate, Nutkis says. "We're adopting criteria and processes by which third-parties can certify products."

A steering committee of security vendors and certifiers will develop the program, assisted by an advisory firm of health care provider and payer organizations. Steering committee members include certifying firms ICSA Labs and NSS Labs, and vendors McAfee, CA, Cisco Systems, nCircle, RSA, the security division of EMC, Symantec, Trend Micro and VeriSign.

Certification criteria will focus on the needs for securing protected health information.

Certified products would receive the "CSF Ready" designation to enable organizations to more quickly assess that a product or service does what is expected and meets the requirements of HITRUST's Common Security Framework.

HITRUST is seeking additional vendors and industry stakeholders to participate in the initiative. More information is available at hitrustalliance.net/csfready.

This article can also be found at HealthDataManagement.com.

Get access to this article and thousands more...

All Information Management articles are archived after 7 days. REGISTER NOW for unlimited access to all recently archived articles, as well as thousands of searchable stories. Registered Members also gain access to:

  • Full access to information-management.com including all searchable archived content
  • Exclusive E-Newsletters delivering the latest headlines to your inbox
  • Access to White Papers, Web Seminars, and Blog Discussions
  • Discounts to upcoming conferences & events
  • Uninterrupted access to all sponsored content, and MORE!

Already Registered?

Filed under:

Advertisement

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments:
You must be registered to post a comment.
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.
Twitter
Facebook
LinkedIn
Login  |  My Account  |  White Papers  |  Web Seminars  |  Events |  Newsletters |  eBooks
FOLLOW US
Please note you must now log in with your email address and password.