Verizon Business has updated its partner and security management programs to help address the health care industry’s increasingly complex data security management, risk and compliance requirements.
The data that the Security Management Program — Healthcare pulls comes from nine different activities, said Cindy Bellefeuille, director of security product marketing for Verizon. These activities range from monitoring a health care organization’s email gateway to an in-person policy and procedure discussion to the use of software that scans an organization’s IT environment for vulnerabilities.
This provides health leaders with a “heat index” view of an organization’s adherence to 252 specific threats, which are based on security standards defined by HIPAA, the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO). Last week Verizon announced that the program now incorporates the Common Security Framework of the Health Information Trust Alliance (HITRUST) as well.
In addition, the company has updated the Verizon Partner Security Program in light of the HITECH Act’s changes to HIPAA. This program, which lets organizations query their partners about the security measures they have in place, includes two modules — one based on the full HIPAA standard and one based on the new rules covering HIPAA business associate agreements.
Verizon launched its security management program about 13 years ago, with a specific focus on vertical industries such as health care emerging roughly two years ago, Bellefeuille said. According to Verizon, about 10% of its more than 200 security management program customers are in the health care and pharmaceutical firms.