Cyber Security Industry Alliance prescribes ten steps for building a secure national electronic health care system
WASHINGTON, July 21, 2004 -- Cyber Security Industry Alliance (CSIA), the only CEO public policy and advocacy group comprised exclusively of security software, hardware and service vendors to address key cyber security issues, today released its recommendations for the development of a secure electronic health care system. These recommendations are designed to support the nation's first strategic framework report on a 10-year initiative to develop electronic health records and other uses of health information technology, which was announced today by Department of Health and Human Services (HHS) Secretary Tommy G. Thompson and David J. Brailer, M.D., Ph. D., the National Health Information Technology Coordinator.
The HHS plan for a national health information infrastructure comes in response to President Bush's initiative to provide all Americans with access to electronic medical records within the next ten years. A modern technology infrastructure will allow quick, reliable access to information that promotes the best possible care while also saving billions in administration costs. Such a system requires the highest standards of privacy protection, which can be achieved through the right combination of information security technology and best practices. CSIA believes that privacy of information and security controls should be addressed from the beginning of the planning process to ensure that trust in the network is established from its launch.
"The HHS action plan on health information technology offers significant benefits to all Americans and CSIA believes that addressing information assurance concerns from the beginning will maximize the overall effectiveness of the system while ensuring patient privacy," said Paul Kurtz, executive director of CSIA. "We hope Secretary Thompson and Dr. Brailer will find these recommendations useful and we are ready to work with them as they bring their plan to fruition."
CSIA's recommendations cover the confidentiality, integrity and availability of a national heath care information infrastructure as well as foster compliance with the Health Insurance Portability and Accountability Act (HIPAA):
Confidentiality: Protect Patient Information from Unauthorized Access or Disclosure
1. Deploy strong authentication and authorization controls to ensure that only authorized users gain access to a system and only those parts of the system necessary to perform their responsibilities.
2. Encrypt data and communications wherever appropriate so that health care data in transit and at rest is protected from unauthorized interception or eavesdropping.
3. Properly dispose of retired data, software and hardware to ensure that unauthorized users cannot recover it later.
Integrity: Protect Patient Information from Unauthorized Changes
4. Validate data to ensure the integrity of data entered through Web interfaces.
5. Conduct frequent system audits to ensure only authorized users are accessing, entering or changing information.
6. Use digital signatures to verify that data in transit or data at rest has not been modified by unauthorized parties.
Availability: Ensure Redundancy and Protection for Critical Information Systems
7. Provide for redundancy to avoid downtime due to equipment failure, denial-of-service attacks or scheduled maintenance.
8. Use a private data backbone to avoid problems from network bottlenecks and outages that occur on the Internet due to fluctuations in data flows.
9. Develop a rapid incident response mechanism to shorten periods of unavailability due to attacks, intrusions, events and their investigation.
10. Support information sharing networks, such as the existing Healthcare Information Sharing and Analysis Center (ISAC), to ensure timely dissemination of cyber threats, vulnerabilities and attacks.
About the CSIA
Launched in February 2004 by a group of cyber security software, hardware and services companies, the CSIA is an advocacy group whose mission is to enhance cyber security through public policy initiatives, public sector partnerships, corporate outreach, academic programs, alignment behind emerging industry technology standards and public education. The CSIA is the only CEO public policy and advocacy group comprised exclusively of security software, hardware and service vendors that is addressing key cyber security issues.
Members of the CSIA include BindView Corp. (Nasdaq: BVEW); Check Point Software Technologies Ltd. (Nasdaq: CHKP); Citadel Security Software Inc. (Nasdaq: CDSS); Computer Associates International, Inc. (NYSE: CA); Entrust, Inc. (Nasdaq: ENTU); Internet Security Systems Inc. (Nasdaq: ISSX); Juniper Networks, Inc. (Nasdaq: JNPR); McAfee, Inc. (NYSE: MFE); PGP Corporation; Qualys, Inc.; RSA Security Inc. (Nasdaq: RSAS); Secure Computing Corporation (Nasdaq: SCUR) and Symantec Corporation (Nasdaq: SYMC).
To learn more about the CSIA, please visit our Web site at http://www.csialliance.org or call +1-202-204-0838.
|DSS Home | About Us | Contact Us | Site Index | Subscribe | What's New|
|Copyright © 1995-2021 by D. J. Power (see his home page). DSSResources.COMsm was maintained by Daniel J. Power. See disclaimer and privacy statement.|