eHealth Vulnerability Reporting Program Appoints Working Group Chairs

Share Article

In another step towards establishing a vulnerability reporting program for eHealth systems, the board of the eHealth Vulnerability Reporting Program (eHVRP) has appointed chairs for four working groups. The program was established to enhance the security of eHealth systems, initially through the creation of a framework by which eHealth system developers, their customers and security companies communicate vulnerabilities and aid in determining the most appropriate mitigation strategy.

In another step towards establishing a vulnerability reporting program for eHealth systems, the board of the eHealth Vulnerability Reporting Program (eHVRP) has appointed chairs for four working groups. The program was established to enhance the security of eHealth systems, initially through the creation of a framework by which eHealth system developers, their customers and security companies communicate vulnerabilities and aid in determining the most appropriate mitigation strategy.

“There has been a tremendous amount of interest in the eHVRP and the organizational structure is progressing as expected,” said Robert Mandel, MD, MBA, Vice President, Health Care Services, BlueCross Blue Shield of Massachusetts and board member of the eHVRP. “The success of the program is heavily dependent on the activities of the working groups and we have assembled a first-class group of individuals representing a broad range of stakeholders to chair the eHVRP working groups.”

The working groups and respective chairs are as follows:

The Vulnerability Assessment Working Group will make recommendations on the methodology, measures and tools to be used to assess eHealth system vulnerabilities, and will be chaired by:

  •      Blake Sutherland, P.Eng., CISSP, Vice President, Product Management, Third Brigade Inc.
  •     Brad Nelson, MPA, CISSP, Senior Information Security Analyst, Information Technology Services, University of Utah Health Sciences Center

The Vulnerability Reporting Working Group will establish and recommend appropriate reporting mechanisms including frequency, formats and content of information and will be chaired by:

  •     Mark J. Ruchie, Director, IS Security and Compliance Program, Allina Hospitals & Clinics
  •     Kevin McCarter, National Provider IT Leader, National Life Sciences & Health Care Practice, Deloitte Consulting LLP

The Communications Working Group will establish and recommend processes for communications including identification of appropriate parties, timing, and roles, and will be chaired by:

  •     Lisa Spellman, MBA, Director of National Initiatives, Allscripts Inc.

The Legal Working Group will establish and recommend appropriate agreements, guidelines and disclosures as well as address legal issues associated with the program, and will be chaired by:

  •     Stephen W. Bernstein, Esq., Partner, McDermott Will & Emery LLP
  •     Fritz Vorlop, Partner, Foley & Lardner LLP

The program is now seeking working group participants. Participants should have at least a general understanding of electronic health record systems and electronic security and privacy practices with a more in-depth knowledge in one of the following areas: implementation of electronic health record systems, information security architecture design, information security operations, privacy and security policy development, or communication plan development. Members will be required to attend at least one working group meeting (in-person or teleconference) a month and contribute up to five hours a month.

The eHVRP is currently accepting requests for work group membership. Interested individuals should submit an email to applications @ ehvrp.org. Requests will be accepted from July 10, 2006 thru July 31, 2006. The working group chairs will select between 8 and 16 members per group depending on the working group.

About the eHealth Vulnerability Reporting Program

Founded in May 2006, the eHealth Vulnerability Reporting Program (eHVRP) is a collaborative of health care industry organizations, technology companies and security professionals. eHVRP’s mandate is to establish approaches and procedures that will help ensure eHealth systems are broadly and rapidly deployed with the highest levels of privacy and security. For more information please visit our website at http://www.ehvrp.org.

For more information, please contact:

General and working group information:

info @ ehvrp.org

Media contact:

Kathryn Schwab

Schwabco Communications Inc.

613-858-4407

schwab2 @ sympatico.ca

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Kathryn Schwab
Visit website