News Feature | February 3, 2015

HITRUST Forms Cybersecurity Group

By Megan Williams, contributing writer

HITRUST Forms Cybersecurity Group

The Health Information Trust Alliance (HITRUST), a collaborative organization that works with healthcare, business, technology, and information security leaders to establish frameworks for the management of personal health and financial information, has turned its focus to cybersecurity.

HITRUST has formed a working group comprised of industry IT leaders to address issues and concerns around healthcare data security.

The Current Problem

According to a press release, no standard means for recognizing and sharing system vulnerabilities exists. Additionally, there are no standard processes for sharing best practices to address any vulnerabilities that are identified. This is especially concerning considering the value of health information and the rise of cyberattacks. According to David Muntz, senior vice president and chief information officer, GetWellNetwork and former principal deputy national coordinator and chief of staff, Office of the National Coordinator (ONC), “Given the pace and complexities associated with protecting these systems, the private sector, not the government, should step up to manage this process. It needs to be practical and pragmatic, done quickly, and with the flexibility required to match the rapidly evolving market. There is too much riding on the effectiveness and acceptance of these systems and we must ensure we maintain consumers’ confidence.”

The Working Group

The working group will be tasked with surveying the healthcare industry to make sure that its work complements “existing clinical safety reporting capabilities, standards, and best practices.” Most specifically, the working group will do the following:

  • Create communications that will
    • tackle concerns of security and reliability of HIS.
    • raise awareness around individual roles in system use.
    • work to increase public trust of the HIT sector in relation to privacy, security, confidentiality, and reliability.
  • Create a framework that will help avoid, report, and mitigate vulnerabilities.
  • Document and identify security issues, challenges, and concerns from ideation through implementation, maintenance, and migration or system retirement.
  • Organize subgroups around the establishment of guidelines, recommendations, and best practices.
  • Develop means to monitor and report on program progress, based on the impact to the national HIT environment and public attitudes.

Group Members

Members from participating organizations have shared their support and enthusiasm around the project, especially in light of the increased importance of HIT in a growingly complex healthcare system. Carl Dvorak, president, Epic Systems Corporation, weighed in with Epic’s take, “Those of us who commit our careers to improving healthcare through technology share a common responsibility to the patients we care for to ensure the highest level of privacy and trust in regard to use of their data. It is paramount that we establish industry-wide standards by which we measure our actions and our results with transparency. Epic supports high standards and full transparency to ensure that healthcare automation can be deployed in a trustworthy manner to reduce overall healthcare expenditures in our country while simultaneously improving patient outcomes and creating patient centered technologies.”