Beefing Up Health IT Strategic Plan
More Privacy and Security Details to Come?Let's hope the final version of the Federal Health IT Strategic Plan for 2011-2015 contains more details about new privacy and security initiatives than the draft that was recently issued.
Some observers criticized the draft for primarily rehashing privacy and security projects that the Department of Health and Human Services' Office of the National Coordinator for Health IT or the HHS Office for Civil Rights already have in the works. And many of those projects that were called for under the HITECH Act, including HIPAA compliance audits, are long overdue.
Commenting on the plan, Mac McMillan, chairman and CEO at the consulting firm Cynergistek, said last week: "Usually, a strategic plan talks about where we are going as opposed to what we are currently doing. It doesn't seem to tell me what's next." (See: Health IT Strategic Plan: A Critique)
Christopher Paidhrin, security compliance officer at Southwest Washington Medical Center in Vancouver, Wash., contended federal authorities need to take rapid steps to make sure that security control standards keep up with the rapid adoption of electronic health records and health information exchanges.
"Healthcare must stop dithering about," he said. "Millions of EHRs are already online or transmitted over the Internet, and too many are lost or breached every month."
More Security Details to Come?
David Blumenthal, M.D., who now leads ONC, is preparing to step down in the coming weeks. The final version of the strategic plan should be delayed until his successor has time to use it to share a clear vision of what additional privacy and security protections are needed, as well what issues need to be addressed in the broader healthcare IT arena.Comments on the strategic plan will be accepted through April 22 on the ONC website. So if you have ideas for healthcare information privacy and security projects you'd like to see federal agencies tackle, now is the time to make your voice heard.
McMillan suggested last week that the plan should address such issues as a voluntary universal patient identifier and a mandate for annual risk assessments. What do you think? We'd like to hear from you.