ThomasNet News Logo
Sign Up | Log In | ThomasNet Home | Promote Your Business

ANSI and ISA to study impact of health information breaches.

Print | 
Email |  Comment   Share  
April 26, 2011 - ANSI, Internet Security Alliance (ISA), and Shared Assessments Program have partnered to assess financial impact of unauthorized access to protected health information (PHI). "Our focus will be on helping to inform organizations' investment decisions in information security best practices and in financial risk mitigation strategies," said ISA's Larry Clinton. Project follows earlier work on cybersecurity by ISA and ANSI and aims to develop report on its analysis within a few months.

Internet Security Alliance Partners with ANSI and Shared Assessments for Launch of Project on Financial Impact of Breached Protected Health Information

(Archive News Story - Products mentioned in this Archive News Story may or may not be available from the manufacturer.)

American National Standards Institute (ANSI)
11 West 42nd St., 13th Flr.
New York, NY, 10036

Press release date: April 19, 2011

NEW YORK - The Internet Security Alliance (ISA) has joined the American National Standards Institute (ANSI), via its Identity Theft Prevention and Identity Management Standards Panel (IDSP), in partnership with the Shared Assessments Program and its Healthcare Working Group, for a new initiative on the financial impact of unauthorized access to protected health information (PHI). The "PHI Project" was formally kicked off on April 7th via a two-hour webinar involving 110 participants.

"We are delighted to welcome ISA and its chief executive officer, Larry Clinton, as our partner in this initiative," said Jim McCabe, ANSI senior director of standards facilitation, and Robin Slade, senior vice president and chief operating officer of The Santa Fe Group, which manages the Shared Assessments Program, in a joint statement. "ISA has been a leader in helping companies to take a holistic approach in understanding and addressing the financial ramifications of cyber security vulnerabilities across the enterprise," Mr. McCabe added.

ISA and ANSI have an existing partnership for assuring enterprise-wide cybersecurity, which has resulted in the 2010 publication of The Financial Management of Cyber Risk: An Implementation Framework for CFOs and its 2008 predecessor The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask. Mr. Clinton has traveled the country promoting this unique approach to dealing with cyber challenges through a series of "role-play" scenarios with other subject matter experts.

"The PHI Project we are embarking on is a logical follow-on to the earlier work, but tailored to a specific sector--in this case healthcare," commented Mr. Clinton. "The financial impact on an enterprise that suffers a breach of PHI is significant, as is the potential reputational harm to an individual whose data has been compromised. Our focus will be on helping to inform organizations' investment decisions in information security best practices and in financial risk mitigation strategies."

Rick Kam, president and co-founder of ID Experts, and chairman of the PHI Project, explained the effort this way: "We need to develop an approach to translate the impact of the unauthorized disclosure of PHI on the individual. We can then use a formula to determine the potential financial risk to an enterprise based on the amount of PHI they need to protect or may disclose in a breach."

The PHI Project aims to develop a report of its analysis within just a few months time. The work effort will progress through several subcommittees, including:

- a legal subcommittee that will identify existing legal protections related to PHI, co-chaired by Christine Arevalo of ID Experts, Chris Cwalina and Steve Roosa of Reed Smith, LLP, and Jim Pyles from Powers Pyles Sutter & Verville, PC;
- a survey subcommittee that will query chief security / privacy officers or consumers on what they consider to be sensitive data, led Christine El Eris and Michael Morelli of Affinion Group, Larry Ponemon of the Ponemon Institute, Don Rebovich of the Center for Identity Management and Information Protection at Utica College, and Andrew Serwin from Foley & Lardner LLP;
- an ecosystem subcommittee that will define points of compromise in the healthcare ecosystem where there are risks of exposure, co-chaired by James Christiansen of Evantix, Gary Gordon of the Center for Identity at the University of Texas at Austin, and Lynda Martel of DriveSavers Data Recovery, Inc.;
- a financial subcommittee that will assess the financial impact of the disclosure of PHI, led by Larry Clinton of ISA, Sandeep Tiwari of Zafesoft, and Debbie Wolf of Booz Allen Hamilton;
- a communications subcommittee that will develop and manage a communications plan, co-chaired by Catherine Allen, chairman and CEO of The Santa Fe Group, representing Shared Assessments, and Linnea Solem of Deluxe Corporation; and
- a final subcommittee that will facilitate overall integration of the subcommittee input with a view toward producing a coherent final report, led by Rick Kam of ID Experts and Ed Stull of Direct Computer Resources, Inc.

For additional information, see or send an email to

The initiative is made possible through the generous support of the organizations listed below. Additional partner sponsors are welcome; see sponsorship opportunities for more information.

Premium Sponsors:

- Clearwater Compliance
- DriveSavers Data Recovery, Inc.

Partner Sponsors:

- Affinion Security Center
- Booz Allen Hamilton
- Center for Identity Management and Information Protection at Utica College
- Direct Computer Resources, Inc.
- Europ Assistance USA
- ID Experts
- ZOHO ManageEngine

About ANSI

The American National Standards Institute (ANSI) is a private non-profit organization whose mission is to enhance U.S. global competitiveness and the American quality of life by promoting, facilitating, and safeguarding the integrity of the voluntary standardization and conformity assessment system. Its membership is comprised of businesses, professional societies and trade associations, standards developers, government agencies, and consumer and labor organizations. The Institute represents the diverse interests of more than 125,000 companies and organizations and 3.5 million professionals worldwide.

The Institute is the official U.S. representative to the International Organization for Standardization (ISO) and, via the U.S. National Committee, the International Electrotechnical Commission (IEC), and is a U.S. representative to the International Accreditation Forum (IAF).

About the Shared Assessments Program

The Shared Assessments Program was created by leading financial institutions, the Big Four accounting firms, and key service providers to inject standardization, consistency, speed, efficiency and cost savings into the service provider assessment process. Through membership and use of the Shared Assessments tools (the Agreed Upon Procedures and the Standardized Information Gathering questionnaire), Shared Assessments offers outsourcers and their service providers a faster, more efficient and less costly means of conducting rigorous assessments of controls for security, privacy and business continuity. The Shared Assessments Program is managed by The Santa Fe Group, a strategic consulting company based in Santa Fe, New Mexico.

About the Internet Security Alliance

The Internet Security Alliance is a multi-sector trade association established in collaboration with Carnegie Mellon University in 2000. ISA's mission is to combine advanced technology with the pragmatic business needs of its members and help create effective public policy leading to a sustainable system of world-wide cybersecurity. ISA advocates a modernized social contract between industry and government creating market based incentives to motivate enhanced security of cyber systems. ISA provides its members with a range of technical, business and public policy services to assist them in fulfilling their mission.

American National Standards Institute

CONTACT: Elizabeth Neiman, +1-212-642-4911,; Susanna Space, +1-505-699-7185,; or Marjorie Morgan, +1-703-907-7090,

Web Site:

Print | 
Email |  Comment   Share  
Contacts: View detailed contact information.


Post a comment about this story

(your e-mail address will not be posted)
Comment title:
To submit comment, enter the security code shown below and press 'Post Comment'.

 See related product stories
More .....
 See more product news in:
 More New Product News from this company:
ANSI Website offers complete SAE International standards.
More ....
| Featured Manufacturing Jobs
 Other News from this company:
USNC Names Participants for 2014 IEC Young Professionals Workshop
ANSI-NSP Nanotechnology Standards Database Webinar Rescheduled for December 5
U.S. and German Standardizers Meet to Advance Transatlantic Trade Objectives
Reminder: Standards Simulation Workshop to Be Held November 19 in New York City
People on the Move
More ....
 Tools for you
Watch Company 
View Company Profile
Company web site
More news from this company
E-mail this story to a friend
Save Story
Search for suppliers of
Trade Associations

Home  |  My ThomasNet News®  |  Industry Market Trends®  |  Submit Release  |  Advertise  |  Contact News  |  About Us
Brought to you by        Browse ThomasNet Directory

Copyright © 2014 Thomas Publishing Company. All Rights Reserved.
Terms of Use - Privacy Policy

Error close

Please enter a valid email address