A new organization of healthcare industry stakeholders will draft a framework for security standards in hopes of reducing complex security practices within health information systems.
While legislation such as the Health Insurance Portability and Accountability Act of 1996 addresses information privacy, healthcare facilities are left to themselves to determine security measures to protect that information, said Dan Nutkis, chief executive officer of the Health Information Trust Alliance, which is developing the framework.
For example, organizations can determine whether staff need one or more passwords to enter various systems and when those passwords expire, but those practices are different from facility to facilityand studies have shown that information can still be stolen, he said. "Standards are appropriate only if you know the environment. What is necessary here is to have everybody say there is a bar," Nutkis said.
Dallas-based HITrust hopes to bring together 155 participants from the healthcare industryincluding providers, insurers, suppliers and biotechnology companiesby January to start work on sharing best security practices through six three-day sessions over the next eight months. The alliance, which has partnered with PricewaterhouseCoopers to manage the program, expects to have a draft standards framework by June and a finalized version by the end of 2008.
Eventually, the alliance's framework could become an accreditation model, he added.
Nutkis said the organization will share best practices among its members and see how all have been defining their internal security standards. "We're not starting from zero. The companies involved have invested enormous time and effort" already, he said.
Other federal and national initiatives working on information technology standards haven't been focusing specifically on security, according to Pittsburgh-based Highmark, one of HITrust's founding members.
What do you think? Write us with your comments at [email protected]. Please include your name, title and hometown.