ISC-squared, HITRUST to develop certification for healthcare information security

ISC-squared, a membership body for information security professionals and the Health Information Trust Alliance (HITRUST), a non-profit organization dedicated to advancing the state of health information security, recently announced that they have partnered to develop a new IT security certification for the healthcare industry.

Despite legislation such as the Health Insurance Portability and Accountability Act (HIPAA)and the Health Information Technology for Economic and Clinical Health (HITECH) Act, which were designed to increase patient privacy, the healthcare industry has seen its fair share of data breaches in the past few years. A recent study conducted by the Ponemon Institute, found that a staggering 94 percent of healthcare organizations, which includes hospitals, clinics and integrated delivery systems, had suffered at least one data breach in the past two years.

According to a statement, this joint project between HITRUST and ISC-squared will establish metrics for qualifications held by information protection professionals in the healthcare industry. Beginning next month, the organizations will conduct a credential-building workshop, which will help them identify the major job requirements and subsequently the knowledge and skills needed by a healthcare information protection professional to fulfill these requirements.

Some participating experts in the workshop include:

• Cathy Beech, chief information security officer, The Children’s Hospital of Philadelphia
• Kevin Charest, chief information security officer (acting), U.S. Department of Health & Human Services
• Clara Cheung, senior systems manager (application infrastructure), Hong Kong Hospital Authority
• Bryan Cline, vice president, CSF development and implementation, and chief information security officer, HITRUST
• Jamie Crow, IT regulatory compliance analyst, Express Scripts
• Leo Dittemore, director, IS security administration, HealthCare Partners, LLC
• Michael Gerleman, director of audit and compliance, Availity
• Kevin Haynes, chief privacy officer, The Nemours Foundation
• Darren Lacey, chief information security officer, Johns Hopkins University/Johns Hopkins Health System
• Taylor Lehmann, chief security officer, Independent Health
• Joy Poletti, director - IT security compliance, Catholic Health Initiatives
• John Sapp, senior director, information security and IT risk management, McKesson Corp.
• Jason Taule, corporate information security and privacy officer, CSC Civil Health Sector
• Ken Vander Wal, chief compliance officer, HITRUST
• Jason Zahn, IT senior internal audit manager, University of Pittsburgh Medical Center

"Through this cooperative relationship, HITRUST and ISC-squared will work together to ensure information security professionals working in healthcare have the required skills to be successful within their organizations and careers," said HITRUST CEO Daniel Nutkis. "Our experience has shown us that organizations with more knowledgeable security professionals manage information risks better and have more advanced information security programs. Healthcare organizations will benefit from having a simpler method to ensure their information protection professionals have the appropriate skills."

"Healthcare IT professionals are at a critical juncture. With the move to electronic health records, complex regulations to adhere to, and sophisticated cyber security threats knocking at their doors, they have no choice but to improve their security skills and knowledge," said W. Hord Tipton, executive director of ISC-squared. "Our new relationship with HITRUST underscores our joint commitment to address this problem and improve not only the skills of healthcare information security professionals, but also cyber security professionalization. We believe that an organization's privacy and security programs are significantly enhanced when properly trained and experienced individuals are involved. As we look toward 2013, ISC-squared and HITRUST are thrilled to join forces to bring the healthcare IT market real solutions for educating, qualifying and certifying professionals in this field."