- A new partnership between national organizations hopes to lock down and accelerate health information exchange via the Direct standard.
The Electronic Healthcare Network Accreditation Commission (EHNAC), a standards development organization and accrediting body for healthcare data exchange, and the National Health Information Sharing and Analysis Center (NH-ISAC), announced on Jan. 26 an agreement to collaborate on HIPAA breach prevention and risk mitigation, and other cybersecurity initiatives.
The EHNAC/NH-ISAC alignment comes in recognition of the increasing number and breadth of breaches, incidents and cyberattacks that “have now reached epidemic proportions where no organization, no matter how large or small, is immune,” according to a joint statement.
NH-ISAC is a non-profit entity with a stated mission to “enable and preserve the public trust by advancing health sector cybersecurity protection, and the ability to prepare for and respond to threats and vulnerabilities.” It is recognized as the official Information Sharing and Analysis Center for the nation’s healthcare and public health critical infrastructure by the Department of Health and Human Services, as well as other government and law enforcement agencies.
EHNAC and NH-ISAC cited Identity Theft Resource Center data — indicating more than 750 U.S. data breaches, exposing nearly 178 million records, reported in 2015 — as a call to action.
“There is an urgent need to increase awareness and identify means of prevention for the seemingly endless string of headline-grabbing cyberattacks this past year. The unfortunate fact is that hacks have increasingly become a part of digital life — and no person or organization is immune,” said Lee Barrett, executive director of EHNAC, in a public statement. “With the dedicated focus of our collaborative teams, NH-ISAC and EHNAC look to make great strides in effective awareness and prevention tactics to minimize the crippling impact of these cybersecurity attacks.”
The groups plan to “work to accelerate the adoption of secure, identity-validated health information exchange via the Direct standard, in support of Stage 2 meaningful use transitions of care and patient engagement, and for additional uses of Direct for secure and encrypted healthcare data and information exchanges,” according to the joint statement.
DirectTrust, a non-profit alliance that supports secure, interoperable exchange of personal health information (PHI), recently reported that the number of Direct addresses able to share PHI across the DirectTrust network increased by 66 percent in the fourth quarter of 2015. The total of trusted Direct addresses now exceeds 1 million, the group stated. In addition, DirectTrust’s network of 44 accredited health information service providers served more than 52,000 healthcare organizations at the end of 2015, up 47 percent from 2014 year-end numbers.
“We are very excited to partner with EHNAC on this important effort to advance the security of data as well as health and public health organizations,” said Denise Anderson, president of the NH-ISAC, in a public statement. “Bringing NH-ISAC’s and EHNAC’s expertise and communities together is a first step in helping to keep our members’ operations resilient and safe as well as protected.”
Future efforts between EHNAC and NH-ISAC will include production of educational materials and webinars, as well as dissemination of case studies, situational awareness intelligence, impact analyses and incident responses.