Cyber Security Industry Alliance Prescribes Ten Steps for Building a Secure National Electronic Health Care System
July 21 2004 - 12:05PM
PR Newswire (US)
Cyber Security Industry Alliance Prescribes Ten Steps for Building
a Secure National Electronic Health Care System Recommendations
Support Department of Heath and Human Services' Action Plan on
Health Information Technology WASHINGTON, July 21 /PRNewswire/ --
Cyber Security Industry Alliance (CSIA), the only CEO public policy
and advocacy group comprised exclusively of security software,
hardware and service vendors to address key cyber security issues,
today released its recommendations for the development of a secure
electronic health care system. These recommendations are designed
to support the nation's first strategic framework report on a
10-year initiative to develop electronic health records and other
uses of health information technology, which was announced today by
Department of Health and Human Services (HHS) Secretary Tommy G.
Thompson and David J. Brailer, M.D., Ph. D., the National Health
Information Technology Coordinator. The HHS plan for a national
health information infrastructure comes in response to President
Bush's initiative to provide all Americans with access to
electronic medical records within the next ten years. A modern
technology infrastructure will allow quick, reliable access to
information that promotes the best possible care while also saving
billions in administration costs. Such a system requires the
highest standards of privacy protection, which can be achieved
through the right combination of information security technology
and best practices. CSIA believes that privacy of information and
security controls should be addressed from the beginning of the
planning process to ensure that trust in the network is established
from its launch. "The HHS action plan on health information
technology offers significant benefits to all Americans and CSIA
believes that addressing information assurance concerns from the
beginning will maximize the overall effectiveness of the system
while ensuring patient privacy," said Paul Kurtz, executive
director of CSIA. "We hope Secretary Thompson and Dr. Brailer will
find these recommendations useful and we are ready to work with
them as they bring their plan to fruition." CSIA's recommendations
cover the confidentiality, integrity and availability of a national
heath care information infrastructure as well as foster compliance
with the Health Insurance Portability and Accountability Act
(HIPAA): Confidentiality: Protect Patient Information from
Unauthorized Access or Disclosure 1. Deploy strong authentication
and authorization controls to ensure that only authorized users
gain access to a system and only those parts of the system
necessary to perform their responsibilities. 2. Encrypt data and
communications wherever appropriate so that health care data in
transit and at rest is protected from unauthorized interception or
eavesdropping. 3. Properly dispose of retired data, software and
hardware to ensure that unauthorized users cannot recover it later.
Integrity: Protect Patient Information from Unauthorized Changes 4.
Validate data to ensure the integrity of data entered through Web
interfaces. 5. Conduct frequent system audits to ensure only
authorized users are accessing, entering or changing information.
6. Use digital signatures to verify that data in transit or data at
rest has not been modified by unauthorized parties. Availability:
Ensure Redundancy and Protection for Critical Information Systems
7. Provide for redundancy to avoid downtime due to equipment
failure, denial-of-service attacks or scheduled maintenance. 8. Use
a private data backbone to avoid problems from network bottlenecks
and outages that occur on the Internet due to fluctuations in data
flows. 9. Develop a rapid incident response mechanism to shorten
periods of unavailability due to attacks, intrusions, events and
their investigation. 10. Support information sharing networks, such
as the existing Healthcare Information Sharing and Analysis Center
(ISAC), to ensure timely dissemination of cyber threats,
vulnerabilities and attacks. About the CSIA Launched in February
2004 by a group of cyber security software, hardware and services
companies, the CSIA is an advocacy group whose mission is to
enhance cyber security through public policy initiatives, public
sector partnerships, corporate outreach, academic programs,
alignment behind emerging industry technology standards and public
education. The CSIA is the only CEO public policy and advocacy
group comprised exclusively of security software, hardware and
service vendors that is addressing key cyber security issues.
Members of the CSIA include BindView Corp. (NASDAQ:BVEW); Check
Point Software Technologies Ltd. (NASDAQ:CHKP); Citadel Security
Software Inc. (NASDAQ:CDSS); Computer Associates International,
Inc. (NYSE:CA); Entrust, Inc. (NASDAQ:ENTU); Internet Security
Systems Inc. (NASDAQ:ISSX); Juniper Networks, Inc. (NASDAQ:JNPR);
McAfee, Inc. (NYSE:MFE); PGP Corporation; Qualys, Inc.; RSA
Security Inc. (NASDAQ:RSAS); Secure Computing Corporation
(NASDAQ:SCUR) and Symantec Corporation (NASDAQ:SYMC). To learn more
about the CSIA, please visit our Web site at
http://www.csialliance.org/ or call +1-202-204-0838. DATASOURCE:
Cyber Security Industry Alliance CONTACT: Stacy Simpson of Merritt
Group, +1-703-556-6827, or , for Cyber Security Industry Alliance
Web site: http://www.csialliance.org/
Copyright
Check Point Software Tec... (NASDAQ:CHKP)
Historical Stock Chart
From Jun 2024 to Jul 2024
Check Point Software Tec... (NASDAQ:CHKP)
Historical Stock Chart
From Jul 2023 to Jul 2024