KRM provided support for the Veteran’s Administration Health Information Security Division in Martinsburg, West Virginia. The scope of this project included:
An overall goal to establish and operate a world-class HISD that would develop, implement, and evaluate security solutions addressing health data and health information systems, including security standards, access control, and access to health data by external groups.
The VA and other CHIS user organizations established a documented, repeatable, on-going process to measurably improve the security of their sensitive data, and demonstrated its value to its user community by:
- Raising awareness of healthcare specific information systems, to include risks, vulnerabilities, and protection requirements for new and emerging technologies.
- Examining and analyzing vulnerabilities and devising techniques for the cost-effective security and protection of private health information maintained on VHA sensitive system.
- Developing standards, metrics, tests, and validation programs to:
- Promote, measure, and validate security in systems and services.
- Provide system-specific role-based access to staff members.
- Establish minimum security requirements for healthcare systems.
- Developing guidance to ensure security is included in the system planning, implementation, management, and operational phases of the system life cycle.
- Assisting VHA in planning and implementing best security practices.