Massachusetts Health Data Consortium Convening Internet Security Vendors to Work Towards Standardization.Business Editors and Health/Medical Writers BOSTON--(BW HealthWire)--Oct. 31, 2000 A grant funded, pro-active response to Federal mandates concerning the privacy and security of patient data The Massachusetts Health Data Consortium (http://www.mahealthdata.org), as part of a five-state, grant funded initiative called HealthKey, has begun working with a group of leading security vendors in an effort to win end-user confidence in the ability of Internet encryption products to work seamlessly with one another. The Consortium and the six vendors plan to demonstrate inter-operability and to produce a draft standard for secure E-Mail transmission by April 2001. This initiative is a pro-active response to Federal regulations targeted for release later this year that will require healthcare organizations to assure the security of E-Mails that contain personally identifiable information In information security and privacy, personally identifiable information or personally identifying information (PII) is any piece of information which can potentially be used to uniquely identify, contact, or locate a single person. . The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when (HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, ), passed in 1996, mandates the standardization of healthcare administrative transactions, the security of electronic systems and networks, and the privacy of healthcare data. Healthcare organizations will have two years to comply with these requirements after the release of the final regulations. The Massachusetts Health Data Consortium initiative targets the secure transmission of private healthcare information by electronic mail over the Internet. Currently, the vast majority of E-Mail that traverses the Internet is not technically protected in any way. For healthcare, in particular, this lack of security can lead to an unacceptable exposure of confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead . John Halamka, MD, Chief Medical Information Officer of CareGroup, a Boston-based Integrated Delivery System integrated delivery system Integrated provider Medical practice A coordinated health care system formed by physician groups and hospitals which ↑ efficiency and ↓ redundancy in providing health care; IDSs coordinate delivery of a broad range of health , says: "Federal regulations and the American public are demanding that the healthcare industry address the issues of data confidentiality and security. The software products offered by security technology vendors are based on the same standard - S/MIME See MIME. . However, they use different methods to establish encrypted links and as a result their products often cannot talk to one another. Massachusetts is pro-actively taking the lead with these vendors to address the issue of inter-operability." Dr. Halamka is a member of the Affiliated Health Information Networks of New England New England, name applied to the region comprising six states of the NE United States—Maine, New Hampshire, Vermont, Massachusetts, Rhode Island, and Connecticut. The region is thought to have been so named by Capt. , a project of the Massachusetts Health Data Consortium and executive sponsor of this initiative. S/MIME (Secure/Multi-purpose Internet Mail See Internet e-mail service. Extensions) is the most widely available E-Mail security standard. S/MIME requires an organization to issue a "digital certificate" to each E-Mail user and for the user to store this certificate on their desktop computer. A digital certificate is like a passport or driver's license Noun 1. driver's license - a license authorizing the bearer to drive a motor vehicle driver's licence, driving licence, driving license license, permit, licence - a legal document giving official permission to do something that contains a code that uniquely identifies the individual using the computer. Using these unique codes, individuals can encrypt and decrypt To convert secretly coded data (encrypted data) back into its original form. Contrast with encrypt. See plaintext and cryptography. messages with their correspondents. However, for any organization which has individuals that come and go, issuing and revoking certificates and training new users has the potential to make the management of an S/MIME infrastructure complicated and potentially expensive. The Massachusetts Health Data Consortium has identified six vendors offering products that can potentially simplify the transmission of secure E-Mails for an organization resulting in substantial cost savings. These solutions, based on extensions to S/MIME, rely on issuing organization-level rather than individual digital certificates. All E-Mail traffic is then encrypted and decrypted at the "organizational border" rather than at the individual user's computer. The six vendors are Baltimore Technologies Baltimore Technologies was an internet security firm founded in 1976 by Michael Purser. It was acquired in 1996 by a team financed by Dermot Desmond and led by Fran Rooney, who became CEO. , Content Technologies (which was acquired by Baltimore Technologies on October 25, 2000), TenFour E-Mail Security Solutions, Tumbleweed Communications, Vanguard Security Technologies, and Viasec, Ltd. The software solutions they offer have been labeled S/MIME Gateways. Although have there have been some efforts among the six vendors to get their products to work together, inter-operability has not been pursued in an organized fashion. In the healthcare industry, there is a desire to explore S/MIME Gateways as a solution, but requirements vary among the various healthcare organizations. The goal of the Massachusetts HealthKey Project is to pursue full inter-operability among S/MIME Gateway products so that healthcare organizations can choose among the vendors' offerings based on their requirements and be confident that they can exchange encrypted E-Mails with other organizations using any one of the vendors' products. The Massachusetts Health Data Consortium has established a workgroup of the six S/MIME Gateway vendors to develop this inter-operability. The workgroup plans on demonstrating inter-operability and having a draft standard available by April 2001. The vendors will work with the Secure E-Business Technology Center of Deloitte & Touche LLP LLP - Lower Layer Protocol to simulate a multi-organizational E-Mail environment and demonstrate inter-operability. This project is being undertaken as part of the second phase of a two-year $2.5 million grant from The Robert Wood Johnson Foundation Robert Wood Johnson Foundation, charitable organization devoted exclusively to health care issues. It was established in 1936 by Robert Wood Johnson (1893–1968), board chairman of the Johnson & Johnson medical products company. (RWJF RWJF Robert Wood Johnson Foundation (Princeton, NJ) ) to five state health information organizations. The RWJF grant, known as the HealthKey program (http://www.healthkey.org), is helping to fund pilot implementations of security technologies in the healthcare industry and to define best practices for protecting the privacy of individuals whose healthcare information is transmitted electronically. The HealthKey grantees in Massachusetts, Minnesota, North Carolina North Carolina, state in the SE United States. It is bordered by the Atlantic Ocean (E), South Carolina and Georgia (S), Tennessee (W), and Virginia (N). Facts and Figures Area, 52,586 sq mi (136,198 sq km). Pop. , Utah, and Washington hope to document the business and social implications of these security technologies and privacy practices for the healthcare industry. In addition to the Massachusetts Health Data Consortium, the other four health information organizations receiving RWJF grant monies are Minnesota Health Data Institute, North Carolina Healthcare Information and Communications Alliance, Inc., Utah Health Information Network, and the Pacific Northwest-based Community Health Information Technology Alliance, which is a program of the Foundation for Health Care Quality in Seattle. About the Robert Wood Johnson Foundation The Robert Wood Johnson Foundation, based in Princeton, NJ, is the nation's largest philanthropy devoted exclusively to health and health care. It concentrates its grant making in three goal areas: to assure that all Americans have access to basic health care at reasonable cost; to improve care and support for people with chronic health conditions; and to reduce the personal, social and economic harm caused by substance abuse - tobacco, alcohol and illicit drugs. (See http://www.rwjf.org). About the Massachusetts Data Consortium The Massachusetts Health Data Consortium was founded in 1978 by the state's major public and private healthcare organizations to serve as a neutral agency to collect, analyze and disseminate health care information. In 1995, Elliot M. Stone, the Consortium's CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. , helped found the Affiliated Health Information Networks of New England project, a collaborative effort currently consisting of the chief information officers of 25 healthcare organizations and 8 information technology companies/consultants. The mission of the Affiliated Networks is "to improve the region's health care information infrastructure by fostering the growth of a variety of health information networks, building on systems already in place, while encouraging collaboration and standardization among these networks." (See http://www.mahealthdata.org). About the Minnesota Health Data Institute The Institute is a non-profit public-private partnership established in 1993 by the Minnesota Legislature to support the information needs of consumers, purchasers, providers, plans and other stakeholders in measuring and improving the quality and efficiency of health care services in Minnesota. One of its programs is the Minnesota Center for Healthcare Electronic Commerce (MCHEC), the first independent education and resource center dedicate exclusively to promoting the use of electronic commerce within the health care industry. (See http://www.mhdi.org). About the North Carolina Healthcare Information and Communications Alliance, Inc. The North Carolina Healthcare Information and Communications Alliance, Inc. (NCHICA NCHICA North Carolina Healthcare Information & Communications Alliance ) is a nonprofit consortium of over 150 health care providers, health plans, professional associations, government agencies, health research and pharmaceutical companies, and vendors who collaborate to plan and implement standards-based technology to improve health care in the region. Formed in 1994 by Executive Order of Governor James B. Hunt For other persons named James Hunt see James Hunt (disambiguation). James Bennett Hunt (August 13, 1799 - August 15, 1857) was a politician and judge from the U.S. state of Michigan. Hunt was born in Demerara, British Guiana (now Guyana). , Jr. and under the leadership of executive director Holt Anderson, NCHICA has been very active in the development of model privacy legislation, secure Internet technologies and clinical applications that require the innovative application of technology and communications. (See http://www.nchica.org). About the Utah Health Information Network The Utah Health Information Network is a broad-based coalition of health care insurers, providers, and other interested parties, including State government. UHIN UHIN Uganda Health Information Network participants have come together for the common goal of reducing health care administrative costs administrative costs, n.pl the overhead expenses incurred in the operation of a dental benefits program, excluding costs of dental services provided. through standardization of administrative health data and electronic commerce. UHIN operates as a centralized, secure information clearinghouse through which health care transactions are processed in Utah. (See http://www.uhin.com). About the Community Health Information Technology Alliance Based in the Pacific Northwest, CHITA is the Community Health Information Technology Alliance. Part of the non-profit Foundation for Health Care Quality, CHITA's purpose is to improve the effectiveness of the health system by expanding the use of electronic business in a manner that will serve and protect the consumers of health care and the members of CHITA. CHITA was founded in 1997 and membership includes hospitals and health care provider organizations, insurance companies and state agencies. (See http://www.chita.org). About Baltimore Technologies Baltimore Technologies employs over 800 people worldwide and operates from over 30 cities with headquarters in Dublin, Ireland; London, UK; Boston, USA and Sydney, Australia. Baltimore Technologies plc is a public company with dual listings on NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on (BALT BALT bronchus-associated lymphoid tissue. BALT Bronchiole-associated lymphoid tissue, see MALT ) and the London Stock Exchange London Stock Exchange London marketplace for securities. It was formed in 1773 by a group of stockbrokers who had been doing business informally in local coffeehouses. (BLM BLM n abbr (US) (= Bureau of Land Management) → les domaines ). On October 25, Baltimore Technologies acquired Content Technologies, developers of the MIMEsweeper range of products and the market leader in content security solutions (). On October 4, Baltimore Technologies announced its agreement to acquire Nevex, an innovator in policy-driven authorization technology for secure e-business deployments. For further information visit http://www.baltimore.com. About Tumbleweed Communications Corp. Tumbleweed Communications Corp. (NASDAQ:TMWD) is a leading provider of advanced e-mail solutions for business communications. Our products and services enable businesses to create and manage secure online communication channels that leverage established e-mail networks and enterprise applications. Tumbleweed tumbleweed, any of several plants, particularly abundant in prairie and steppe regions, that commonly break from their roots at maturity and, drying into a rounded tangle of light, stiff branches, roll before the wind, covering long distances and scattering seed as Integrated Messaging Exchange is a platform and set of applications for creating secure communications channels between a business and its customers, partners, and suppliers. Tumbleweed Messaging Management System is a comprehensive solution that extends internal e-mail systems to the Internet through centralized security, policy enforcement, filtering and archiving. Used together, Tumbleweed IME IME Input Method Editor IME Instituto de Matemática e Estatistica (Portugese and Spanish; USP, Sao Paulo, Brazil) IME In My Experience IME Instituto Militar de Engenharia (Rio de Janeiro, Brazil) and Tumbleweed MMS (Multimedia Messaging Service) An enhanced transmission service that enables graphics, video clips and sound files to be transmitted via cellphones. Developed as part of the 3GPP project, MMS phones are generally backward compatible with SMS and EMS. automatically apply security policies and redirect sensitive e-mail for secure, trackable delivery. Companies that rely on Tumbleweed IME or MMS products include American Express, Chase Manhattan Bank The Chase Manhattan Bank, now part of JPMorgan Chase, was formed by the merger of the Chase National Bank and the Bank of the Manhattan Company in 1955. The bank is headquartered in New York City. , Datek Online, Daiwa, the European Union's Joint Research Council, the Food and Drug Administration, Mitsui & Co., Nippon Telephone and Telegraph, Northern Trust, Pitney Bowes, TD Waterhouse, Travelers Property Casualty, UPS, and the United States Postal Service. See http://www.tumbleweed.com About TenFour E-Mail Security Solutions TenFour E-Mail Security Solutions, the global leader in secure email, offers clients a secure messaging server. The server is an advanced email firewall that provides a range of security features including filtering by sender, receiver, domain name, IP number, keywords, attachment size or type, mail flow, email encryption and decryption (cryptography) decryption - Any procedure used in cryptography to convert ciphertext (encrypted data) into plaintext. . The server uses the industry standards S/MIME and OpenPGP as well as location filtering to prevent spamming. TenFour E-Mail Security Solutions, headquartered in Stockholm, Sweden, maintains offices in the USA and UK. TenFour E-Mail Security Solutions provides innovative, effective email security solutions. Recently, the company introduced consulting services to customers worldwide. See http://www.tenfour.com About Vanguard Security Technologies Vanguard Security Technologies develops and markets the MAILguardian Enterprise (MGE Mge Mycoplasma Genitalium MGE Minneapolis Grain Exchange MGE Madison Gas and Electric Company MGE Mobile Genetic Elements MGE Maintenance Ground Equipment MGE Microstation Graphics Environment MGE Modern Gun Effectiveness Model MGE Modular Gis Environment ), centrally- managed, policy-based, security solutions for enterprise messaging systems to facilitate secure e-Business. Through its central management and policy enforcement, Vanguard is dedicated to strong and reliable end-to-end and gateway e-mail security that is seamlessly integrated into enterprise computing environments. MGE allows policy-makers and network managers to both define and enforce corporate security policies for their networks while reducing Total Cost of Ownership (TCO (1) (Total Cost of Ownership) The cost of using a computer. It includes the cost of the hardware, software and upgrades as well as the cost of the inhouse staff and/or consultants that provide training and technical support. See ROI. ). This is achieved through simplicity and transparency to users and central management. More information is available at http://www.vguard.com. About Viasec Founded in 1995, Viasec is a leading manufacturer of Internet security solutions. With North American North American named after North America. North American blastomycosis see North American blastomycosis. North American cattle tick see boophilusannulatus. headquarters in Boston, MA, and European headquarters in Donegal, Ireland, Viasec specializes in e-mail privacy management solutions. Viasec's software, Consus, is a server-based E-mail privacy application that protects E-mail and attachments from snooping and tampering over the Internet. Consus features standards-based (S/MIME) interoperability, international strength encryption (DES and triple DES), and patented technology that includes a built-in certificate authority. Since no desktop installs or user training are required, rapid deployment, compliance, and centralized policy enforcement are now achievable. More information available at: http://www.viasec.com |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion