Industry Group Releases Health Care Security Product Cert

The channel may soon get a little more guidance in helping to evaluate and select IT security products for its healthcare clients via a new program announced by the Health Information Trust Alliance, or HITRUST.

The burgeoning industry organization on Aug. 31 rolled out a products and services certification program that is meant to help security buyers in health care to evaluate their choices based on how well they meet relevant industry guidelines in support of electronic health records, HIPAA (Health Insurance Portability and Accountability Act) and other compliance mandates.

The new CSF Ready Program complements HITRUST’s Common Security Framework, a healthcare-specific IT security framework it unveiled in mid-August.

The CSF Ready Program will be coordinated by a steering committee led by ICSA Labs, McAfee, CA, Cisco Systems, nCircle, NSS Labs, RSA, Symantec, Trend Micro and VeriSign. Input will also be balanced out by additional members of the IT security and health care communities.

Currently a beta, the HITRUST CSF Products and Services Guide is available at www.hitrustcentral.net. According to HITRUST, the guide is not meant to replace other security certifications, but instead as an additional tool for health care organizations and partners trying to juggle security and compliance requirements.

"With security becoming a pillar of every health care organization, the industry warrants attention and criteria directed at information security products that are applicable to their unique needs," Stuart McClure, vice president of operations and strategy for McAfee’s Risk and Compliance Business Unit, said in an Aug. 31 statement. "It is this group’s intent to provide acceptable capability guidance for organizations of all sizes so they can achieve a higher level of confidence that a product does what it claims it can do for them."