Cybersecurity accreditation program targets vendors
The Electronic Healthcare Network Accreditation Commission, which offers nearly a dozen programs to accredit software vendors, now has its sights on the cybersecurity threat. Industry-sponsored EHNAC is developing enhanced security criteria that presently accredited companies can implement at any time, but must comply with when reaccreditation comes up every two years.
It’s all about stakeholder trust,” said Lee Barrett, executive director of EHNAC. “Many vendors are improving security, but many others think they are too small to be hacked.”
The danger with smaller vendors, however, is that they are a target to hackers who know these firms often don’t have adequate levels of control to protect themselves and those they serve, Barrett added. All EHNAC accreditation programs include a range of privacy and security protection requirements, but Barrett reminds stakeholders that the organization also has an accreditation program for health information service providers, certificate authorities and registration authorities using Direct Protocol secure messaging standards. A list of these companies is available here.
EHNAC also will collaborate with the National Health Information Sharing and Analysis Center to support cyber prevention and risk mitigation progams.In 2017, the focus for EHNAC will be to raise the privacy and security bar higher, as the organization is looking at starting an accreditation program focused on infrastructure. A new accreditation program for telemedicine/telehealth vendors also could be in the mix.