Healthcare Industry and Business Leaders Announce Initiative to Develop a Common Health Information Security Framework
<< All Press Releases

Date: December 5, 2007

Initiative Seeks to Build Greater Trust in the Electronic Flow of Information Through the Healthcare System

Dec 5, 2007

DALLAS— In an effort to improve the security of sensitive health information, major organizations from across the healthcare and employer spectrum have united to participate in the development of the first ever common security framework for the protection of health information.

“Health and biomedical information technology holds the promise for quality improvement and cost containment, and that proposition is universally appealing, regardless of your role in the industry,” said Daniel Nutkis, CEO of the Health Information Trust Alliance (HITRUST), which is spearheading the development of the security framework. “Those groups participating in the framework development recognize that we will not achieve the full potential of information technology if we don’t first establish widespread confidence in the security of electronic information.”

Participants — CVS Caremark, Cisco Systems, Highmark Inc., Hospital Corporation of America, Humana, Johnson & Johnson, Philips Healthcare, and Pitney Bowes — will bring together a representative group of healthcare stakeholders across all segments of the industry, to develop a common security framework that will provide the industry with an actionable set of standardized practices. Also participating in the development of the common security framework is PricewaterhouseCoopers, a professional services firm currently engaged in the assessment and implementation of information security infrastructures.

“Although ‘privacy’ and ‘security’ are often used interchangeably, they are distinct, but interrelated, concepts,” said Kimberly Gray, Chief Privacy Officer, Highmark Inc. “Health information privacy in the U.S. today focuses on keeping personal information confidential, and privacy policy is generally overseen by government and regulatory bodies. Security, on the other hand, is the means and mechanisms to protect privacy and must be capable of quickly adapting to changes in the technology and industry landscape and is best left to the private sector. HITRUST is singularly focused on the latter.”

“We recognize that a piecemeal approach to information security does not adequately support the information security infrastructure necessary to efficiently drive broad adoption of health and biomedical information technology,” according to Paul Connelly, vice president and chief information security officer at Hospital Corporation of America. “If we all continue to go at security in our own ways, then at the end of the day we would be farther from, rather than closer to, appropriately protecting sensitive health information and garnering the efficiencies and benefits, and that is not an option,” Connelly said.

Other founding participants agree:

“As a large employer and organization dedicated to helping our employees better manage their health through the deployment of health and biomedical technologies, we see the issue of information security as fundamental. HITRUST and the framework it is developing will have a significant impact on moving things forward,” said David Nassef, Vice President, Office of the Executive Chairman, Pitney Bowes. “CVS Caremark is excited to be part of the development of a common security framework that protects personal health information. We know from experience that information technology enhances our consumers’ experiences and helps us more efficiently, effectively, and affordably meet their healthcare needs,” said Jon Roberts, Senior Vice President and CIO, CVS Caremark. “A unified security framework strives for simplicity on an industry-wide scale. By reducing or eliminating complexity, redundancy, and conflicting practices we will reduce the cost of healthcare while raising the level of trust in the healthcare industry. HITRUST will assemble a suite of standardized practices that share a vision, make sense, and inspire consumer confidence.” said Nick Mankovich, Senior Director of Product Security and Privacy for Philips Healthcare.

“This effort is an indication that healthcare and employer organizations believe that information security is within reach and that patient information can — and must be — protected when electronic health information is involved, ” Humana Chief Information Security Officer Jon Moore said. “We think that collaboratively and through the shared experiences of HITRUST’s framework participants, we can develop a comprehensive and agile security framework that can grow with the advent of new health information technologies.”


The Health Information Trust Alliance (HITRUST), a private, independent company was created to establish a common security framework that will allow for more effective and secure access, storage and exchange of personal health information. HITRUST is bringing together a broad array of healthcare organizations and stakeholders, who are united by the core belief that standardizing a higher level of security will build greater trust in the electronic flow of information through the healthcare system. For more information on HITRUST and its programs, go to

Chat Now

This is where you can start a live chat with a member of our team