(ISC)² the world’s largest information security professional body and administrators of the CISSP, and the Health Information Trust Alliance (HITRUST), a non-profit organisation responsible for the development, management, education and awareness relating to health information security and the leading organisation aiding the healthcare industry in advancing the state of information protection, have entered into an agreement to meet the growing demand for qualified security professionals who can protect sensitive healthcare information. This relationship was also established to allow both organisations to connect with key stakeholders in the healthcare market that can contribute to building new IT security certification and education programmes for healthcare professionals.
According to a recently released HITRUST report, “A Look Back: U.S. Healthcare Data Breach Trends,” the healthcare industry has made very little progress in reducing the number of breaches and that the industry's susceptibility to certain types of breaches has been largely unchanged since breach data became available from the U.S. Department of Health and Human Services (HHS) and the new Health Insurance Portability and Accountability Act (“HIPAA”) and the Health Information Technology for Economic and Clinical Health (“HITECH”) Act went into effect. The HITRUST analysis concludes that every organisation would benefit from better education of professionals and the simpler identification of the necessary skills in professionals available to assist them in their security efforts. In fact, HHS recommends that smaller organisations seek out certified professionals to help conduct risk assessment and analysis if they lack the capability in-house.
“Through this cooperative relationship, HITRUST and (ISC)² will work together to ensure information security professionals working in healthcare have the required skills to be successful within their organisations and careers,” said Daniel Nutkis, chief executive officer, HITRUST. “Our experience has shown us that organisations with more knowledgeable security professionals manage information risks better and have more advanced information security programmes. Healthcare organisations will benefit from having a simpler method to ensure their information protection professionals have the appropriate skills.”
In the U.S. alone, there are approximately 5,754 hospitals registered with the American Hospital Association and almost 240,000 physician practices, according to market research firm SK&A. Some of the key challenges that healthcare organisations face today include:
- They must not only safeguard sensitive patient information within their immediate sphere of control, but they must also ensure the security and privacy of the information shared with their vendors, contractors, and business partners;
- They must comply with vague and non-prescriptive regulations at various levels with HIPAA, HITECH and meaningful use;
- They must contend with the complexities posed by a wide range of business partners with differing capabilities, requirements and risk profiles; and
- They must continuously address significant security, privacy and compliance risks in an effort to protect patient information.
“Healthcare IT professionals are at a critical juncture. With the move to electronic health records, complex regulations to adhere to, and sophisticated cyber security threats knocking at their doors, they have no choice but to improve their security skills and knowledge,” said W. Hord Tipton, CISSP-ISSEP, CAP, CISA, executive director of (ISC)². “Our new relationship with HITRUST underscores our joint commitment to address this problem and improve not only the skills of healthcare information security professionals, but also cyber security professionalisation. We believe that an organisation's privacy and security programmes are significantly enhanced when properly trained and experienced individuals are involved. As we look toward 2013, (ISC)² and HITRUST are thrilled to join forces to bring the healthcare IT market real solutions for educating, qualifying and certifying professionals in this field.”
This new cooperative development between HITRUST and (ISC)² will establish metrics for qualifications held by information protection professionals in the industry. In January 2013, the organisations will conduct a credential-building workshop, with several key contributors involved in the job task analysis (JTA) they are jointly working on. This workshop will help the organisations identify the major job requirements and subsequently the knowledge and skills needed by a healthcare information protection professional to fulfil these requirements.
For more information, please visit: www.isc2.org
