The Office of the National Coordinator for Health IT has rolled out an 18-month, multimillion dollar effort to strengthen security and cybersecurity efforts within health IT following the passing of the HITECH Act.
According to statement released yesterday by the Department of Health and Human Services, ONC has requested the public shares its experiences with electronic health records. The security initiative was passed April 1 and has been working to implement security measures alongside the implementation of EHRs.
The initiative was created to assess risk sand provide tools to combat threats against the health IT community, educate health IT users about security awareness, provide proper IT management guidance and create support functions.
“ONC recognizes that breaches are a serious issue,” said Cybersecurity Working Group Coordinator Dr. Deborah Lafky. “Despite stronger laws regarding breach notification, we must be vigilant and ensure they are reported. What may be surprising are the statistics. For example, we know that in the past five years, 80 percent of reported lost records were the result of hard drives, laptops, and other storage devices that disappeared. Interestingly, less than 10 percent of healthcare information breaches resulted from hacking or Internet crime.”
The initiative is working to institute policies to ensure proper security practices. Some of the policies included are securing all computers containing patient data, protecting laptops with a combination of physical, technology, and policy-related methods, locking drive bays to prevent hard drives from being removed, placing servers in secure areas, strictly limiting access, and maintaining entry/exit logs and establishing security policies that require the use of a high-grade encryption algorithm.