What are the questions you should be asking vendors to verify how secure the systems are?
It is often difficult to get a clear understanding from vendors what the exact capabilities of their systems are to meet HIPAA and other security provisions. The following list of questions will help you start a productive dialog with your system vendor.
Detailed list of questions for EHR vendor . Developed by Tunitas.
Resources on secure development methodologies:
CLASP (Comprehensive, Lightweight Application Security Process)
OWASP or (Open Web Application Security Project).
Microsoft's Secure Development Lifecycle (or SDL)
Common Criteria for Information Technology Security Evaluation
E-mail the HealthIT e-mail box: firstname.lastname@example.org