eHealth Security

UL services for safeguarding security, compliance and interoperability of health data

Health data is becoming even more important in today’s healthcare society. In order to offer high-quality care, healthcare providers demand to know practically everything about their patients. Medical devices therefore collect more information, whether in quantity or in frequency, mobile phones and other connected devices offer more convenient means of data collection, and electronic/personal health records consolidate all the information into a comprehensive and usable system. In order to make such an ecosystem function properly, security, interoperability and integration of these devices and systems with each other is on the one hand crucial for success, but on the other hand a major challenge for device manufacturers, software developers and implementation specialists. 

UL offers compliance assurance services which take these worries away and will result in conformance of your solution to key industry standards, faster time-to-market, and quality acknowledgement.

Besides healthcare providers, other parties like health insurers and research institutes also require access to data related to these health records. Also, with the increased number of mobile health devices and applications, the “bring-your-own-device” principle is opening up the healthcare ecosystem, bringing healthcare outside the designated facilities and closer to the patients. Healthcare providers can only foresee a successful uptake of these developments when the consumers trust that these technologies are secure. By offering more points of interaction, (cyber-) criminals are offered more points of compromise. It is therefore of great importance that access to and transmission of electronic health records and their content is properly regulated and indisputably secured.

“Health records are the new goldmine for hackers” – SecurityAffairs.co

Since the world of payments is becoming more secure, criminals are now targeting the healthcare industry as a source of profit. UL has been serving major players of the healthcare market for decades, such as hospitals and clinics, medical and laboratory device vendors, developers of IT systems, and governments. From making their premises fire-safe and assuring the electrical safety of their equipment, to optimizing their supply chain requirements and assessing environmental compliance, UL has been highly engaged with these players, resulting in understanding their exact safety and security needs in a world which is rapidly becoming digital.

As collecting health data is becoming more thorough, security and privacy concerns are increasing. Cyber-criminals have gained interest in health data and the number of compromised records through data breaches is rapidly rising. For organizations, it is no longer the question ‘whether’ a data breach will occur, but rather ‘when’. It is of utmost importance that any party that deals with health data takes the right measures to minimize the likelihood of a data breach as well as the impact of when a data breach would occur. With many years of experience in the health IT, payments, transit, telecom and federal markets worldwide, UL is the global knowledge leader when it comes down to securing confidential information. UL offers impartial advice, security risk assessments, and best practices in order to comply with your market’s requirements and to maximize your data-protection capabilities.

The benefits of working with UL

UL is an accredited testing and certification laboratory for a wide variety of services related to security and compliance. We work directly with government agencies and major industry organizations and are therefore on top of the latest market developments.  

UL is certifying medical devices, connectivity devices, data transmission technologies such as Bluetooth®, WiFi and Over-the-Air (OTA) communication, and products that require Federal Information Processing Standard (FIPS) 140-2 compliance. Besides having many years of experience with health IT systems security, UL proactively collaborates with industry players and organizations to define robust standards and policies. Through its cross-industry engagement and experience, UL is the subject matter expert related to tokenization, cryptography, public key infrastructures, site security, software security, systems architecture and more. 

Affiliations & Credentials

Areas of focus

  • Electronic Health Records (EHRs) 
  • Electronic Prescriptions for Controlled Substances (EPCS)
  • Security Risk Assessment for Health Insurance Portability and Accountability Act (HIPAA) compliance and Meaningful Use (MU)
  • Healthcare IT System Assurance
  • Medical Devices
  • Mobile Health Applications
  • Health Smartcards 
  • eHealth Interoperability Services
  • Healthcare IT Cyber Insurance

Security Risk Assessment (SRA) Services

UL’s Security Risk Assessment (SRA) services allow healthcare providers to stop worrying about security vulnerabilities and focus on patient care.


Electronic Health Record (EHR) Test and Certification

Through InfoGard, UL has been a part of ONC HIT Certification Program since its inception in 2010.


Electronic Prescriptions for Controlled Substances (EPCS) Services

UL combines its in-depth understanding of Information Security and eHealth in order to guide application developers through the testing and certification process.


Get in touch