Healthcare industry group the Health Information Trust Alliance LLC (HITRUST), released a information security framework that it hopes will become an industry standard. HITRUST is a non-profit group made up of a variety of healthcare individuals, brought together with the goal of standardizing information security practices in the healthcare world. The FTC requires that healthcare providers protect patient data, but offers no prescription on just how to go about doing so. The result has been a mishmash of security practices that vary from one organization to the next, putting strain on doctors, managers, and IT professionals.
There have been attempts at standardization before, but all fell apart under the weight of a fractured healthcare landscape where getting provider buy-in proved difficult. HITRUST seems to be avoiding that issue, already having the backing of the big players in the healthcare world. The hope is that smaller providers will eventually fall in line as well.
http://blogs.wsj.com/biztech/2008/11/12/pushing-standards-isnt-easy/
http://www.fiercehealthit.com/story/hitrust-releases-proposed-identity-theft-standards/2008-11-16
http://www.crn.com/healthcare/212002368