Group to create health data security protection standard

A group of participants cutting across the employer, IT vendor and healthcare provider sectors announced last week that they'd come together to create a shared framework for health information security. The group, known as the Health Information Trust Alliance (HITRUST), includes a long list of heavy hitters, including CVS Caremark, Cisco Systems, HCA, Johnson & Johnson and Philips Healthcare. HITRUST will work with PricewaterhouseCoopers to develop the framework. HITRUST's mission statement states that it's focused on making it secure to store, access and exchange personal health information, which suggests that this is primarily a PHR-security initiative. However, it's probable that the group's work will have implications for internetworked EMRs, RHIOs and other forms of HIE. 

All around, this is a noteworthy announcement, backed by folks who can theoretically make their approach stick. On the other hand, the employer-backed Dossia PHR initiative has faced some hard times. And in truth, even a standard proposed by the likes of Cisco, HCA and J&J may not get any more traction than other competing efforts. It's a jungle out there.

To find out more about HITRUST:
- read the HITRUST press release
- visit the group's Web site

PLUS: HL7 has won approval for its draft PHR standard. Article

Related Articles:
HIT group offers medical data security standards. Report
GAO reports numerous security breaches. Report
CMS security holes expose patient data. Report