HiTrust (the Health Information Trust Alliance) has launched with great fanfare.
Its mission is to "a common security framework for use by all parties that create, access, store or exchange personal health information."
Its common security framework (PDF) would establish a single standard for measuring the security of health systems, thus reducing the need for audits and reviews.
Among the members are CVS Caremark, Cisco Systems, GE Healthcare, Highmark Inc., Hospital Corporation of America, Humana, Johnson & Johnson Healthcare Systems Inc., Philips Healthcare and Pitney Bowes. In other words vendors and hospitals.
Notice who's not there. Most of the big software companies serving the medical field. Insurers. Medical associations. It will take diplomatic skills to get them involved, at which point this effort may stand a chance.
Board member Donald Nutkis, who also worked on September's eHealth report warning of security problems in health care, told reporters after that event "the best thing the industry can do to fix the problem."
This is an effort in that direction. But hard questions must be answered first.
Can a few vendors and customers really establish standards which will be credible and followed? Can HIPAA be implemented in a way that doesn't leave everyone tearing their hair out?
That's the question which will follow HiTrust into 2008.