Security Configuration Packs
Despite the growing adoption of heath information technologies, healthcare organizations have few reliable and consistent resources available for determining the best possible configuration and maintenance of security in critical applications such as electronic health medical record systems and medical devices.
HITRUST is addressing this issue by working with industry organizations to develop Security Configuration Packs (SCPs). Using a HITRUST SCP will reduce the ambiguity and confusion IT security professionals struggle with when securing critical healthcare applications; therefore, saving time and resources, reducing the risk exposure to the organization, and increasing trust that sensitive data is protected.
The SCPs will include instruction manuals that address implementation, architecture, security settings, hardening of application platforms, maintenance and monitoring of configuration settings and user privileges. The packs are integrated with the HITRUST Common Security Framework (CSF), so organizations understand how to configure systems to comply with industry requirements. In addition, the packs can be made accessible through assessment and compliance management tools that automatically recommend to users specific controls needing to be implemented.
HITRUST plans to develop Security Configuration Packs for the following applications/application suites:
- Cerner Millennium
- Eclipsys Sunrise Acute Care
- eClinicalWorks eClinicalWorks EMR
- Epic Systems EpicCare Ambulatory EMR
- Epic Systems EpicCare Inpatient
- McKesson Provider Technologies Horizons Clinical Suite
- McKesson Provider Technologies Practice Partner
Security Configuration Packs are available through HITRUST Central. To register for a HITRUST Central subscription, click here or complete our notification form to be notified when the packs become available.
