December 01, 2008
Home
About
Submit Press Release
PR Firms
Editors/Journalists
Search Archives
 
News Releases by Category  
News by Country  
News by MSA  
All News for Today  
Browse News by Day  
News by Trackbacks  
All Press Releases for June 6, 2006 Subscribe to this News Feed  
 

Health Care Industry Leaders Convene To Address Security Vulnerabilities In Health Information Systems

Download this press release as an Adobe PDF document.

eHealth Vulnerability Reporting Program launches to standardize vulnerability testing and reporting in eHealth systems.

Dallas, TX (PRWEB) June 6, 2006 -– Leading health care industry executives today announced the formation of the eHealth Vulnerability Reporting Program (www.ehvrp.org), an initiative created to enhance the security of eHealth systems. The program will establish a framework by which eHealth system developers, their customers and security companies communicate vulnerabilities and aid in determining the most appropriate mitigation strategy. It will also facilitate the identification and communication of pertinent and time sensitive information regarding security vulnerabilities for the purpose of enabling organizations to better evaluate and manage associated risks.

“While both the health care industry and government recognize the enormous potential electronic health record systems possess, we shouldn’t lose sight of the risks and challenges they introduce,” said Augusta Kairys, Vice President, Provider Relations, Highmark BlueCross BlueShield and board member, eHealth Vulnerability Reporting Program. “Exploitation of security vulnerabilities has the potential to undermine physician and consumer confidence in these systems. Our goal is to establish a mechanism to identify and communicate security vulnerabilities, thereby minimizing their exploitation.”

“eHealth applications, such as electronic health record systems are large, complex, ever-evolving applications that rely on many millions of lines of code. Therefore, it is unrealistic to think electronic health record systems won’t have vulnerabilities,” said Robert Schaich, Vice President, Information Systems and Chief Information Officer, Sierra Health Services, Inc. and board member, eHealth Vulnerability Reporting Program.

While certification mechanisms provide an important industry benchmark and guideline for application functionality, interoperability and security, they vary in the level of detail and frequency of review. Security vulnerabilities are unlikely to be identified through questionnaires and standard reviews. Vulnerabilities may also relate to the operating environment and can be introduced through even the most modest code changes. The program will establish a mechanism to identify and categorize the severity of vulnerabilities, criteria for assessment, format and frequency of reporting, disclosure procedures, and models to implement compensating controls where appropriate.

In addition, the eHVRP will also enable vendors and systems integrators to proactively address the vulnerabilities in their products through testing and remediation mechanisms. “It is important that the varying initiatives that overlap relating to security and privacy are coordinated at some level. We will ensure the eHVRP complements and coordinates with existing regional and national security initiatives,” said Dr. John Halamka, Chief Information Officer, CareGroup Health System and Harvard Medical School and board member, eHealth Vulnerability Reporting Program.

To ensure the program is being guided appropriately a board has been assembled comprised of the following health industry executives:

  • Paul Connelly, Vice President and Chief Information Security Officer, Hospital Corporation Of America
  • John Halamka, MD, MS, Chief Information Officer, CareGroup Health System and Harvard Medical School
  • Augusta Kairys, Vice President, Provider Relations, Highmark BlueCross BlueShield
  • Robert Mandel, MD, MBA, Vice President, Health Care Services, BlueCross BlueShield of Massachusetts
  • Daniel S. Nutkis, Principal, DNI
  • Catherine Peper, Vice President, eMedicine, BlueCross BlueShield of Florida and Vice Chair, BlueCross BlueShield Association Information Security Advisory Group
  • Robert L. Schaich, Vice President, Information Systems and Chief Information Officer, Sierra Health Services, Inc.

“With the dramatic increase in the adoption of and reliance on eHealth systems, including electronic health records, portals and medical devices, eHealth systems are now considered a cornerstone for overhauling the current healthcare system, managing costs and increasing quality,” said Paul Connelly, Vice President and Chief Information Security Officer, Hospital Corporation Of America. “Considering this heavy investment, it is critical to ensure the integrity, confidentiality and accessibility of these applications and data.”

The eHVRP will consist of the following working groups:

  • Vulnerability Assessment - will make recommendations on the methodology, measures and tools to be used to assess eHealth system vulnerabilities.
  • Vulnerability Reporting - will establish and recommend appropriate reporting mechanisms including frequency, formats and content of information.
  • Communications - will establish and recommend processes for communications including identification of appropriate parties, timing, and roles.
  • Legal - will establish and recommend appropriate agreements, guidelines and disclosures as well as address legal issues associated with the program.

The eHealth Vulnerability Reporting Program is now soliciting members to staff the working groups and invites interested health IT executives, IT security, and electronic health record system vendors to participate in the working groups. If you are interested in participating on a working group, please send an email to info [at ehvrp.org indicating your interest.

About eHealth Vulnerability Reporting Program
Founded in May, 2006, the eHealth Vulnerability Reporting Program (eHVRP) is a collaborative of health care industry organizations, technology companies and security professionals. eHVRP’s mandate is to establish approaches and procedures that will help ensure eHealth systems are broadly and rapidly deployed with the highest levels of privacy and security. For more information please visit our website at www.ehvrp.org.

For more information, please contact:

General and working group information:
info [at ehvrp.org

Media contact:
Kathryn Schwab
Schwabco Communications Inc.
613-858-4407
schwab2 [at sympatico.ca

###

Trackback URL: http://www.prweb.com/pingpr.php/Q291cC1Mb3ZlLU1hZ24tRW1wdC1JbnNlLVplcm8=
See the original story at: http://www.prweb.com/releases/2006/06/prweb395154.htm
Other Releases by this Member
Email this story to a colleague
Printer Friendly Version
Bookmark with del.icio.us
Bookmark with Y!MyWeb
Submit to Digg
Kathryn Schwab
Schwabco Communications Inc.
613-858-4407
Email us Here

There are no multimedia files attached to this release. If this is your release you may add images or other multimedia files through your login.
If you have any questions regarding information in these press releases please contact the company listed in the press release. Please do not contact PRWeb. We will be unable to assist you with your inquiry. PRWeb disclaims any content contained in these release. Our complete disclaimer appears here.
 
Disclaimer: If you have any questions regarding information in these press releases please contact the company listed in the press release.
Please do not contact PRWeb®. We will be unable to assist you with your inquiry.
PRWeb® disclaims any content contained in these releases. Our complete disclaimer appears here.

© Copyright 1997-2007, Vocus PRW Holdings, LLC.
Vocus, PRWeb and Publicity Wire are trademarks or registered trademarks of Vocus, Inc. or Vocus PRW Holdings, LLC.

Terms of Service | Privacy Policy | Copyright