Health industry group releases draft of security standards

We've been telling you about the new requirements for information security for all healthcare providers--that since healthcare providers are creditors, they need to have identity theft policies in place by next year. Now a group of large healthcare companies is attempting to create a set of security practices that can be standardized. There are advantages and disadvantages to this approach.

For the big healthcare companies, not having to vet every member's security policies would result in a huge savings (though for the members, it could end up being a lot more security than they feel they really need).

The standards, which were just released in draft form from the non-profit Health Information Trust Alliance LLC (HITRUST), are a collaboration from the nine large healthcare organizations that created HITRUST. They hope that the standards will be widely embraced, but only time will tell if smaller organizations will get on the bandwagon.

To learn more about the new draft standards:
- read this Wall Street Journal piece (reg. req.)

Related Articles:
Group to create health data security protection standard
GAO reports numerous security breaches
U.S. hospitals have security 'blind spot'