HITRUST and (ISC)2® Partner to Develop Professional Standards for Credentialing in Healthcare Information Security

      HITRUST and (ISC)2® Partner to Develop Professional Standards for
               Credentialing in Healthcare Information Security

With Healthcare Breaches on the Rise, New Alliance Will Help Fill Market
Demand for Qualified Healthcare Security Pros

PR Newswire

PALM HARBOR, Fla., Dec. 12, 2012

PALM HARBOR, Fla., Dec.12, 2012 /PRNewswire/ --(ISC)²^® ("ISC-squared"), the
world's largest information security professional body and administrators of
the CISSP®, and the Health Information Trust Alliance (HITRUST), a non-profit
organization responsible for the development, management, education and
awareness relating to health information security and the leading organization
aiding the healthcare industry in advancing the state of information
protection, announced today they have entered into an agreement to meet the
growing demand for qualified security professionals who can protect sensitive
healthcare information. This relationship was also established to allow both
organizations to connect with key stakeholders in the healthcare market that
can contribute to building new IT security certification and education
programs for healthcare professionals.

According to a recently released HITRUST report, "A Look Back: U.S. Healthcare
Data Breach Trends,"  the healthcare industry has made very little progress in
reducing the number of breaches and that the industry's susceptibility to
certain types of breaches has been largely unchanged since breach data became
available from the U.S. Department of Health and Human Services (HHS) and the
new Health Insurance Portability and Accountability Act ("HIPAA") and the
Health Information Technology for Economic and Clinical Health ("HITECH") Act
went into effect. The HITRUST analysis concludes that every organization would
benefit from better education of professionals and the simpler identification
of the necessary skills in professionals available to assist them in their
security efforts. In fact, HHS recommends that smaller organizations seek out
certified professionals to help conduct risk assessment and analysis if they
lack the capability in-house.

"Through this cooperative relationship, HITRUST and (ISC)² will work together
to ensure information security professionals working in healthcare have the
required skills to be successful within their organizations and careers," said
Daniel Nutkis, chief executive officer, HITRUST. "Our experience has shown us
that organizations with more knowledgeable security professionals manage
information risks better and have more advanced information security programs.
Healthcare organizations will benefit from having a simpler method to ensure
their information protection professionals have the appropriate skills."

In the U.S. alone, there are approximately 5,754 hospitals registered with the
American Hospital Association and almost 240,000 physician practices,
according to market research firm SK&A. Some of the key challenges that
healthcare organizations face today include:

  oThey must not only safeguard sensitive patient information within their
    immediate sphere of control, but they must also ensure the security and
    privacy of the information shared with their vendors, contractors, and
    business partners;
  oThey must comply with vague and non-prescriptive regulations at various
    levels with HIPAA, HITECH and meaningful use;
  oThey must contend with the complexities posed by a wide range of business
    partners with differing capabilities, requirements and risk profiles; and
  oThey must continuously address significant security, privacy and
    compliance risks in an effort to protect patient information.

"Healthcare IT professionals are at a critical juncture. With the move to
electronic health records, complex regulations to adhere to, and sophisticated
cyber security threats knocking at their doors, they have no choice but to
improve their security skills and knowledge," said W. Hord Tipton,
CISSP-ISSEP, CAP, CISA, executive director of (ISC)². "Our new relationship
with HITRUST underscores our joint commitment to address this problem and
improve not only the skills of healthcare information security professionals,
but also cyber security professionalization. We believe that an organization's
privacy and security programs are significantly enhanced when properly trained
and experienced individuals are involved. As we look toward 2013, (ISC)² and
HITRUST are thrilled to join forces to bring the healthcare IT market real
solutions for educating, qualifying and certifying professionals in this

This new cooperative development between HITRUST and (ISC)² will establish
metrics for qualifications held by information protection professionals in the
industry. In January 2013, the organizations will conduct a
credential-building workshop, with several key contributors involved in the
job task analysis (JTA) they are jointly working on. This workshop will help
the organizations identify the major job requirements and subsequently the
knowledge and skills needed by a healthcare information protection
professional to fulfill these requirements.

Some of those participating experts include:

  oCathy Beech, chief information security officer, The Children's Hospital
    of Philadelphia
  oKevin Charest, chief information security officer (acting), US. Department
    of Health & Human Services
  oClara Cheung, senior systems manager (application infrastructure), Hong
    Kong Hospital Authority
  oBryan Cline, vice president, CSF development and implementation, and chief
    information security officer, HITRUST
  oJamie Crow, IT regulatory compliance analyst, Express Scripts
  oLeo Dittemore, director, IS security administration, HealthCare Partners,
  oMichael Gerleman, director of audit and compliance, Availity
  oKevin Haynes, chief privacy officer, The Nemours Foundation
  oDarren Lacey, chief information security officer, Johns Hopkins
    University/Johns Hopkins Health System
  oTaylor Lehmann, chief security officer, Independent Health
  oJoy Poletti, director - IT security compliance, Catholic Health
  oJohn Sapp, senior director, information security and IT risk management,
    McKesson Corp.
  oJason Taule, corporate information security and privacy officer, CSC Civil
    Health Sector
  oKen Vander Wal, chief compliance officer, HITRUST
  oJason Zahn, IT senior internal audit manager, University of Pittsburgh
    Medical Center


The Health Information Trust Alliance (HITRUST) is a non-profit organization
that was born out of the belief that information security should be a core
pillar of, rather than an obstacle to, the broad adoption of health
information systems and exchanges. HITRUST, in collaboration with healthcare,
business, technology and information security leaders, has established the
Common Security Framework (CSF), a certifiable framework that can be used by
any and all organizations that create, access, store or exchange personal
health and financial information. Beyond the establishment of the CSF, HITRUST
is also driving the adoption of and widespread confidence in the framework and
sound risk management practices through awareness, education, advocacy and
other outreach activities. For more information, visit HITRUSTalliance.net.

About (ISC)²

(ISC)² is the largest not-for-profit membership body of certified information
security professionals worldwide, with over 87,000 members in more than 135
countries. Globally recognized as the Gold Standard, (ISC)² issues the
Certified Information Systems Security Professional (CISSP®) and related
concentrations, as well as the Certified Secure Software Lifecycle
Professional (CSSLP®), Certified Authorization Professional (CAP®), and
Systems Security Certified Practitioner (SSCP®) credentials to qualifying
candidates. (ISC)²'s certifications are among the first information technology
credentials to meet the stringent requirements of ANSI/ISO/IEC Standard 17024,
a global benchmark for assessing and certifying personnel. (ISC)² also offers
education programs and services based on its CBK®, a compendium of information
security topics. More information is available at www.isc2.org.

CBK are registered marks of (ISC)², Inc.

Follow (ISC)² on Facebook, Twitter and YouTube.


Website: http://www.isc2.org
Contact: Michelle Schafer, Merritt Group, Inc., +1-703-390-1525,
schafer@merrittgrp.com; Mary Hall, HITRUST, +1-972-330-4919,
Press spacebar to pause and continue. Press esc to stop.