Companies partner for secure EHR initiative

Twitter icon
Facebook icon
LinkedIn icon
e-mail icon
Google icon

Dec. 10 – Healthcare companies and business leaders in the United States have partnered to develop an EHR security framework for the protection of health information, according to the Wall Street Journal (WSJ).

Current law requires healthcare companies to maintain patient data securely, but the law is ambiguous, causing companies to create their own security standards, reported the WSJ.

“Health and biomedical information technology holds the promise for quality improvement and cost containment, and that proposition is universally appealing, regardless of your role in the industry,” said Daniel Nutkis, CEO of the Health Information Trust Alliance (HITRUST), which is spearheading the development of the security framework. “Those groups participating in the framework development recognize that we will not achieve the full potential of information technology if we don’t first establish widespread confidence in the security of electronic information.”

Over the next year, the founding participants of HITRUST—CVS Caremark, Cisco Systems, Highmark, Hospital Corporation of America, Humana, Johnson & Johnson, Philips Healthcare, and Pitney Bowes—will bring together a representative group of healthcare stakeholders across all segments of the industry, to develop a common security framework that will provide the industry with an actionable set of standardized practices. PricewaterhouseCoopers, a professional services firm, is currently engaged in the assessment and implementation of information security infrastructures, according to HITRUST.

Jon Roberts, senior vice president and CIO of CVS Caremark, said that companies also are forced to investigate whether businesses with access to their patient data have certain security standards in place.

"The industry has come to recognize that the current model for security isn't working," said Daniel Nutkis, CEO of HITRUST, adding that the standards will make it possible for companies to "trust the people accessing their systems."

More than 40 companies have applied to participate in the project and the goal is to have 155 participants by the end of February, according to HITRUST.