As the Department of Health and Human Services makes strides to better the health and care of all Americans by promoting the advancement of health IT, one of the department’s guiding principles is that the benefits of health IT can only be fully realized if patients and providers are confident in electronic health information being kept private and secure.
In a July 8 blog post, National Health IT Coordinator Dr. David Blumenthal and Georgina Verdugo, director of Office for Civil Rights at HHS, wrote about how the Office of the National Coordinator for Health Information Technology and the Office for Civil Rights are collaborating on various projects to ensure the electronic exchange of health information is built on a foundation of privacy and security.
Over the past few months, ONC and OCR have launched a number of initiatives to integrate privacy and security into the nation’s health IT efforts. As directed by HITECH, ONC established a new chief privacy officer position to provide critical advice to the national coordinator in developing and implementing ONC’s privacy and security programs. The new CPO, Joy Pritts, will help ONC create new policies to address privacy and security issues in every phase of health IT development and implementation.
Last August, OCR issued an interim final breach notification regulation, which acts as an incentive to the healthcare industry to improve privacy and security by requiring HIPAA-covered entities to notify affected individuals, the HHS secretary and, in some cases the media, of a breach.
ONC is coordinating with the Centers for Medicare & Medicaid Services on CMS’s development of a final regulation on the Medicare and Medicaid Electronic Health Record Incentives Programs, which will promote critical privacy and security measures and business practices. ONC also is working on a final regulation on standards and certification criteria to ensure that electronic health records contain the capabilities to support needed privacy and security requirements.
ONC and OCR will also work together to promote the adoption of privacy and security with regards to health IT implementation, including ONC staff who is working with the president’s cybersecurity initiative and other federal partners to gather input from the best security minds in the federal government.
Additionally, Regional Extension Centers will educate providers about necessary privacy and security measures. Curriculum Development Centers Programs will incorporate necessary information into standard curricula for Community College Consortia, where health IT professionals will be trained. State Health Information Exchange Cooperative Agreements and Beacon Communities grants will demonstrate how privacy and security are successfully implemented and brought to scale.
“Our nation is poised to harness the power of information technology to improve healthcare,” Blumenthal and Verdugo wrote. “Transforming our healthcare system into a 21st-century model is a bold agenda. As we enter into a new age of electronic health information exchange, it is more important than ever to ensure consumer trust in the privacy and security of their health information and in the industry’s use of new technology.”