With more and more health information being exchanged electronically, health care organizations and their business partners must adapt to an evolving set of federal requirements for health data security and privacy, and must develop ways to effectively monitor, manage and report on compliance. Today, Verizon announced two enhancements to its security programs to help health care organizations and their business partners adapt to this changing environment.
Specifically, Verizon’s enhancements will enable health care organizations to assess their security postures against 180 new controls – based on a set of industry best practices. The enhancements will also allow health care organizations to assess the security compliance of critical business partners against the Health Portability and Accountability Act (HIPAA), which includes interim rules that extend data security and privacy requirements to the business associates of health care organizations.
NEW YORK – To help health care organizations and their business partners address evolving federal requirements for health data security and privacy, Verizon is enhancing two of its security programs.
- The Verizon Security Management Program-Healthcare (SMP-H), an easy-to-use online dashboard that helps organizations assess and strengthen their security, now includes a new module based on the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), a widely adopted set of health care industry data protection guidelines.
- The Verizon Partner Security Program (PSP) now enables health care organizations to assess the security compliance of critical business partners and internal business units against Health Insurance Portability and Accountability Act (HIPAA) interim rules that extend data security and privacy requirements to the business associates of health care organizations.
“Establishing and maintaining standards for the security and privacy of health data is a key foundational element critical to the transformation of the U.S. health care system,” said Dr. Peter Tippett, Verizon vice president of security and industry solutions. “With more digitized health information being exchanged, it is important that organizations monitor, manage and report on compliance. Verizon is helping customers meet this critical need through the development of new, secure online tools that foster the electronic exchange of health data.”
HITRUST CSF Module Added to Verizon SMP-H
Launched in August 2009, Verizon SMP-H helps organizations proactively strengthen their security measures. Now with the inclusion of the HITRUST CSF module in Verizon SMP-H, health care organizations can assess their security measures and practices against 180 new additional controls, with a particular emphasis on process and procedure validation, and policy review. With this enhanced view, organizations can better manage and monitor their security practices and requirements against an expanded set of rules and regulations.
HITRUST, in collaboration with health care, business, technology, and information security firms, is working to promote the secure flow of electronic information through the U.S. health care delivery system by standardizing security and privacy measures.
HIPAA Requirements Now Part of Verizon Partner Security Program
The Verizon Partner Security Program, a Web-based security management platform designed to help businesses manage security across a company’s extended enterprise of suppliers, vendors and partners, now addresses requirements of HIPAA and its interim rules covering health care business associates. These rules require that key health care business partners, such as accountants, billing agencies and law firms. properly protect patient health information and create compliance uniformity across the entire health care ecosystem.
With the Verizon PSP, health care organizations can reduce the administrative burden of assessing, managing and reporting the security compliance measures undertaken by these key business partners.
Tippett added, “When it comes to data security and privacy, one of the most important things health care organizations should do is treat security compliance as an ongoing process, not a one-time project. As we point out in the Verizon 2011 Data Breach Investigations Report, it is critical that data security and privacy measures be implemented broadly throughout an organization’s IT systems. Our security management programs help organizations continually monitor and manage their security programs to help prevent the compromise of sensitive information.”
The American Recovery and Reinvestment Act of 2009 (ARRA) contains provisions and funding designed to facilitate the transition to electronic health records and the creation of industrywide interoperability standards. The 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act, part of ARRA, contains provisions that update HIPAA and extend yet-to-be-finalized health data security rules to business associates. These legislative initiatives, combined with industry-driven efforts, are encouraging providers and hospitals to implement health IT systems that enable the secure exchange of data in order to help drive efficiencies, expand access to care, and help improve patient outcomes.
Verizon Connected Healthcare Solutions offers a comprehensive portfolio of managed, IT and consulting services for the health care industry to help transform patient care delivery, enhance access to care, and better manage costs.
Verizon is a global leader in driving better business outcomes for enterprises and government agencies. Verizon delivers integrated IT and communications solutions via its high-IQ global IP and mobility networks to enable businesses to securely access information, share content and communicate. Verizon is rapidly transforming to a cloud-based “everything-as-a-service” delivery model that will put the power of enterprise-class solutions within the reach of every business. Find out more at www.verizonbusiness.com.
Verizon Communications Inc. (NYSE, NASDAQ:VZ), headquartered in New York, is a global leader in delivering broadband and other wireless and wireline communications services to mass market, business, government and wholesale customers. Verizon Wireless operates America’s most reliable wireless network, with more than 104 million total connections nationwide. Verizon also provides converged communications, information and entertainment services over America’s most advanced fiber-optic network, and delivers seamless business solutions to customers around the world. A Dow 30 company, Verizon employs a diverse workforce of more than 196,000 and last year generated consolidated revenues of $106.6 billion. For more information, visit www.verizon.com.