Verizon Enhances Security Programs for Federal Data Privacy Requirements

The Partner Security Program (PSP) enables health care organizations to assess the security compliance of business partners.

To help health care organizations and their business partners address evolving federal requirements for health data security and privacy, Verizon is enhancing two of its security programs. The Verizon Security Management Program-Healthcare (SMP-H), an online dashboard that helps organizations assess and strengthen their security, now includes a module based on the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), a widely adopted set of health care industry data protection guidelines.

The company's Partner Security Program (PSP) now enables health care organizations to assess the security compliance of business partners and internal business units against Health Insurance Portability and Accountability Act (HIPAA) interim rules that extend data security and privacy requirements to the business associates of health care organizations.

Launched in August 2009, SMP-H helps organizations proactively strengthen their security measures. Now with the inclusion of the HITRUST CSF module in Verizon SMP-H, health care organizations can assess their security measures and practices against 180 new additional controls, with a particular emphasis on process and procedure validation, and policy review. HITRUST, in collaboration with health care, business, technology and information security firms, is working to promote the secure flow of electronic information through the U.S. health care delivery system by standardizing security and privacy measures.

The Partner Security Program, a Web-based security management platform designed to help businesses manage security across a company's extended enterprise of suppliers, vendors and partners, now addresses requirements of HIPAA and its interim rules covering health care business associates. These rules require that key health care business partners, such as accountants, billing agencies and law firms, properly protect patient health information and create compliance uniformity across the entire health care ecosystem.

"Establishing and maintaining standards for the security and privacy of health data is a key foundational element critical to the transformation of the U.S. health care system," said Dr. Peter Tippett, Verizon's vice president of security and industry solutions. "With more digitized health information being exchanged, it is important that organizations monitor, manage and report on compliance. Verizon is helping customers meet this critical need through the development of new, secure online tools that foster the electronic exchange of health data."

Tippett said with the Verizon PSP, health care organizations can reduce the administrative burden of assessing, managing and reporting the security compliance measures undertaken by these key business partners. "When it comes to data security and privacy, one of the most important things health care organizations should do is treat security compliance as an ongoing process, not a one-time project," he explained. "As we point out in the 'Verizon 2011 Data Breach Investigations Report,' it is critical that data security and privacy measures be implemented broadly throughout an organization's IT systems. Our security management programs help organizations continually monitor and manage their security programs to help prevent the compromise of sensitive information."