|
Facebook
Twitter
Linkedin
|
 |
 |
 |
 |
Healthcare Informatics 
HITRUST Alliance Announces Security Configuration Packs and EMR Vendors
HITRUST Alliance Announces Security Configuration Packs and EMR Vendors
HITRUST Alliance Announces Security Configuration Packs and EMR Vendors
Saturday, 04 April 2009 06:48 | 
| Healthcare IT News - Healthcare Informatics |
Integrated Security Configuration Packs Simplify and Strengthen the Protection of 3rd Party Health Information Systems Including EHRs and Medical Devices
With the industry on the verge of broad scale adoption of health information technology – including the move to electronic health records by 2014 as mandated by the American Recovery and Reinvestment Act of 2009 - the Health Information Trust Alliance (HITRUST) today announced the development of Security Configuration Packs for the HITRUST Common Security Framework (CSF). The packs address the lack of guidance that users of third-party health information systems—including electronic health records systems and medical devices—face in securely configuring these systems. Coming on the heels of the Common Security Framework launch in March 2009, today’s announcement represents another major milestone for HITRUST in its mission to create a higher level of trust in the industry by providing a holistic suite of tools and services to assist healthcare organizations with efficiently and consistently protecting sensitive health information.
“The HITRUST Common Security Framework provides a control framework for our information protection program, and Security Configuration Packs will be a key component. The Common Security Framework is a resource for us to achieve a higher level of information protection in a more efficient manner. It is not a new standard, but a prescriptive how-to manual that provides a consistent benchmark for the industry,” said Bryan S. Cline, Ph.D., CISSP-ISSEP and Director, Information Services Risk Management, The Children's Hospital of Philadelphia.
While information for securely configuring and managing specialized enterprise systems is commonplace in other industries, it not widely available for the healthcare industry.
“Given the complexities of health IT applications, the objective is to provide a very specific security roadmap and eliminate any guesswork for healthcare organizations seeking HITRUST certification,” said Brian R. Fuller, Director of the Health Information Security Practice at BearingPoint, one of the accredited Common Security Framework service providers helping in the development of the HITRUST Security Configuration Packs.
HITRUST Security Configuration Packs will consist of implementation instruction manuals for reducing the risk of security and privacy breaches. These instructions and recommendations will address implementation, architecture, security settings, hardening of application platforms (i.e., operating systems, web server, databases and interfaces), maintenance and monitoring of configuration settings and establishing user privileges. The packs follow the security and compliance guidance outlined in the Common Security Framework and can be accessed through assessment and compliance management tools that automatically recommend to users the specific controls they need to implement. HITRUST is also collaborating with technology companies who provide vulnerability scanning and Governance Risk and Compliance (GRC) products as well as service providers to integrate this information in their products and services, enhancing the applicability of their solutions to healthcare organizations. These packs and associated tools are critical resources for healthcare organizations to strengthen their security posture in an effective and sustainable manner.
HITRUST has committed to provide its first Security Configuration Packs for the following applications: Cerner Millennium, Eclipsys Sunrise Acute Care, eClinicalWorks eClinicalWorks EMR, Epic Systems EpicCare Ambulatory EMR, Epic Systems EpicCare Inpatient, McKesson Provider Technologies Horizon Clinicals suite and McKesson Provider Technologies Practice Partner. HITRUST is also soliciting input on prioritizing the development of additional Security Configuration Packs.
“Tools that provide guidance on securely configuring systems and automating the validation process enables us to achieve greater efficiencies and simplify compliance,” said M. David Wright, Manager of HIPAA Security, LifePoint Hospitals, Inc. “Having to develop and maintain the guidelines for configuring and validating individual systems ourselves is a complex and time-consuming process and represents a considerable upfront investment in both man-hours and dollars.”
“The Security Configuration Packs are another step forward in enhancing the level and efficiency of information protection. By collaborating with HITRUST, healthcare organizations and technology vendors are leveraging their combined resources to address security challenges for consistent adoption across the industry and at a fraction of the cost and resource of tackling these issues independently,” said Daniel Nutkis, Chief Executive Officer, HITRUST.
Source: HITRUST
With the industry on the verge of broad scale adoption of health information technology – including the move to electronic health records by 2014 as mandated by the American Recovery and Reinvestment Act of 2009 - the Health Information Trust Alliance (HITRUST) today announced the development of Security Configuration Packs for the HITRUST Common Security Framework (CSF). The packs address the lack of guidance that users of third-party health information systems—including electronic health records systems and medical devices—face in securely configuring these systems. Coming on the heels of the Common Security Framework launch in March 2009, today’s announcement represents another major milestone for HITRUST in its mission to create a higher level of trust in the industry by providing a holistic suite of tools and services to assist healthcare organizations with efficiently and consistently protecting sensitive health information.
“The HITRUST Common Security Framework provides a control framework for our information protection program, and Security Configuration Packs will be a key component. The Common Security Framework is a resource for us to achieve a higher level of information protection in a more efficient manner. It is not a new standard, but a prescriptive how-to manual that provides a consistent benchmark for the industry,” said Bryan S. Cline, Ph.D., CISSP-ISSEP and Director, Information Services Risk Management, The Children's Hospital of Philadelphia.
While information for securely configuring and managing specialized enterprise systems is commonplace in other industries, it not widely available for the healthcare industry.
“Given the complexities of health IT applications, the objective is to provide a very specific security roadmap and eliminate any guesswork for healthcare organizations seeking HITRUST certification,” said Brian R. Fuller, Director of the Health Information Security Practice at BearingPoint, one of the accredited Common Security Framework service providers helping in the development of the HITRUST Security Configuration Packs.
HITRUST Security Configuration Packs will consist of implementation instruction manuals for reducing the risk of security and privacy breaches. These instructions and recommendations will address implementation, architecture, security settings, hardening of application platforms (i.e., operating systems, web server, databases and interfaces), maintenance and monitoring of configuration settings and establishing user privileges. The packs follow the security and compliance guidance outlined in the Common Security Framework and can be accessed through assessment and compliance management tools that automatically recommend to users the specific controls they need to implement. HITRUST is also collaborating with technology companies who provide vulnerability scanning and Governance Risk and Compliance (GRC) products as well as service providers to integrate this information in their products and services, enhancing the applicability of their solutions to healthcare organizations. These packs and associated tools are critical resources for healthcare organizations to strengthen their security posture in an effective and sustainable manner.
HITRUST has committed to provide its first Security Configuration Packs for the following applications: Cerner Millennium, Eclipsys Sunrise Acute Care, eClinicalWorks eClinicalWorks EMR, Epic Systems EpicCare Ambulatory EMR, Epic Systems EpicCare Inpatient, McKesson Provider Technologies Horizon Clinicals suite and McKesson Provider Technologies Practice Partner. HITRUST is also soliciting input on prioritizing the development of additional Security Configuration Packs.
“Tools that provide guidance on securely configuring systems and automating the validation process enables us to achieve greater efficiencies and simplify compliance,” said M. David Wright, Manager of HIPAA Security, LifePoint Hospitals, Inc. “Having to develop and maintain the guidelines for configuring and validating individual systems ourselves is a complex and time-consuming process and represents a considerable upfront investment in both man-hours and dollars.”
“The Security Configuration Packs are another step forward in enhancing the level and efficiency of information protection. By collaborating with HITRUST, healthcare organizations and technology vendors are leveraging their combined resources to address security challenges for consistent adoption across the industry and at a fraction of the cost and resource of tackling these issues independently,” said Daniel Nutkis, Chief Executive Officer, HITRUST.
Source: HITRUST
