The Security Scrutinizer with Howard Anderson

Beefing Up Health IT Strategic Plan

More Privacy and Security Details to Come?

Let's hope the final version of the Federal Health IT Strategic Plan for 2011-2015 contains more details about new privacy and security initiatives than the draft that was recently issued.

Some observers criticized the draft for primarily rehashing privacy and security projects that the Department of Health and Human Services' Office of the National Coordinator for Health IT or the HHS Office for Civil Rights already have in the works. And many of those projects that were called for under the HITECH Act, including HIPAA compliance audits, are long overdue.

Commenting on the plan, Mac McMillan, chairman and CEO at the consulting firm Cynergistek, said last week: "Usually, a strategic plan talks about where we are going as opposed to what we are currently doing. It doesn't seem to tell me what's next." (See: Health IT Strategic Plan: A Critique)

Christopher Paidhrin, security compliance officer at Southwest Washington Medical Center in Vancouver, Wash., contended federal authorities need to take rapid steps to make sure that security control standards keep up with the rapid adoption of electronic health records and health information exchanges.

"Healthcare must stop dithering about," he said. "Millions of EHRs are already online or transmitted over the Internet, and too many are lost or breached every month."

More Security Details to Come?

David Blumenthal, M.D., who now leads ONC, is preparing to step down in the coming weeks. The final version of the strategic plan should be delayed until his successor has time to use it to share a clear vision of what additional privacy and security protections are needed, as well what issues need to be addressed in the broader healthcare IT arena.

Comments on the strategic plan will be accepted through April 22 on the ONC website. So if you have ideas for healthcare information privacy and security projects you'd like to see federal agencies tackle, now is the time to make your voice heard.

McMillan suggested last week that the plan should address such issues as a voluntary universal patient identifier and a mandate for annual risk assessments. What do you think? We'd like to hear from you.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.