More than 29 million HIPAA data breaches occurred between 2009 and 2014, shaking public trust and causing concern throughout the industry.
Health Information Trust Alliance (HITRUST) is creating a working group to address those very issues. The group is part of a larger program focused on healthcare information technology improvements, with an emphasis on systems and medical devices.
According to a press release issued by HITRUST, the goal of the working group is to create an industry-wide best practices program focused on avoidance, reporting and mitigating vulnerabilities — one that would create a communication flow to address growing security concerns and trust issues among the public.
“Today there is not a standard means for recognizing and sharing vulnerabilities and there are no standard processes for sharing best practices to eliminate or mitigate these vulnerabilities,” the press release states.
Within the next three months, a steering committee will produce a schedule for 2015. The working group now being formed will handle the first phase of the project, which includes an industry survey to be complete by the end of second quarter.
“The benefits in terms of effectiveness and efficiencies to industry from this group will be both short and long term, from better requirements and guidance to timely and consistent vulnerability reporting and disclosure, to name a few,” HITRUST CEO Daniel Nutkis said in a press release. “We will take into account risks and threats to industry in prioritizing the deliverables.”
HITRUST was created in 2007 to safeguard health information systems through collaboration with public sector technology companies, private healthcare organizations and leaders in the world of information security and privacy. It’s known for its coordination of the common risk and compliance management framework (CSF), adhered to by more than 84 percent of hospitals and health plans.