SEP 1, 2009 4:44am ET

Related Links

Big Data is More Than Just Hype
September 18, 2014
Stop Governing Your Data - Start Leading Data Behaviors and Outcomes
September 18, 2014
Ellison Becomes Oracle Chairman as Catz, Hurd Split CEO Job
September 18, 2014

Web Seminars

Why Data Virtualization Can Save the Data Warehouse
Available On Demand
Essential Guide to Using Data Virtualization for Big Data Analytics
September 24, 2014

Effort to Certify Health IT Security


The Health Information Trust Alliance, an industry consortium working to improve the understanding of information security issues in health care, is spearheading efforts to develop health IT security certification programs.

Called HITRUST, the alliance last spring unveiled its Common Security Framework for electronic health information. The framework is an attempt to standardize health IT security best practices, standards and regulations in a single certifiable tool. The framework includes a best-practices security implementation manual, a cross-referenced standards and regulations matrix, and a readiness assessment toolkit.

But information security professionals and other purchasers often are confused as to which functions a particular product supports. The new certification program is an effort to classify security products by functionality to help providers and payers better understand the products that will help organizations fix the security gaps they have, says Daniel Nutkis, CEO of HITRUST. Criteria will focus on helping organizations determine a product's capabilities, functionality, effectiveness and support of security practices.

The alliance will not become a certifier, but will work with existing information security certifiers and vendors, and providers and payers to develop a certification program that other entities can operate, Nutkis says. "We're adopting criteria and processes by which third-parties can certify products."

A steering committee of security vendors and certifiers will develop the program, assisted by an advisory firm of health care provider and payer organizations. Steering committee members include certifying firms ICSA Labs and NSS Labs, and vendors McAfee, CA, Cisco Systems, nCircle, RSA, the security division of EMC, Symantec, Trend Micro and VeriSign.

Certification criteria will focus on the needs for securing protected health information.

Certified products would receive the "CSF Ready" designation to enable organizations to more quickly assess that a product or service does what is expected and meets the requirements of HITRUST's Common Security Framework.

HITRUST is seeking additional vendors and industry stakeholders to participate in the initiative. More information is available at

This article can also be found at

Get access to this article and thousands more...

All Information Management articles are archived after 7 days. REGISTER NOW for unlimited access to all recently archived articles, as well as thousands of searchable stories. Registered Members also gain access to:

  • Full access to including all searchable archived content
  • Exclusive E-Newsletters delivering the latest headlines to your inbox
  • Access to White Papers, Web Seminars, and Blog Discussions
  • Discounts to upcoming conferences & events
  • Uninterrupted access to all sponsored content, and MORE!

Already Registered?

Filed under:


Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments:
You must be registered to post a comment.
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.
Login  |  My Account  |  White Papers  |  Web Seminars  |  Events |  Newsletters |  eBooks
Please note you must now log in with your email address and password.