The Security Scrutinizer with Howard Anderson

HIMSS 2011: A News Summary

Updates on HIPAA Audits, Final Regulations and More
HIMSS 2011: A News Summary

In case you weren't one of the more than 31,000 who attended this year's Healthcare Information and Management Systems Conference in Orlando, here's a rundown of some of the privacy and security news from the show.

You can find all these stories and interviews on our HIMSS 2011 Conference page.

Adam Greene, senior health information technology and privacy specialist at the Office for Civil Rights, said the office has yet to firm up a timeline or a strategy for HIPAA compliance audits, which were mandated by the HITECH Act. OCR, which hired the consulting firm Booz Allen Hamilton to help design the auditing program, "is still working through what will give us the most bang for the buck," Greene said. For example, it's still weighing whether to audit a random sample of healthcare organizations or "going wider," he said.

Federal regulators won't issue final versions of two important rules that deal with healthcare information privacy and security issues until the second half of this year, said security expert Lisa Gallagher.

Final versions of the modifications to HIPAA privacy, security and enforcement rules, as well as the HITECH Act breach notification rule are now slated for release in the third or fourth quarter, according to Gallagher, senior director of privacy and security at HIMSS. As for Greene, he wouldn't answer questions about the timing of the release of the rules.

In his keynote address, David Blumenthal M.D., the outgoing national coordinator for health IT, devoted only about a minute to privacy and security issues. A key priority, he said, is "to assure the public that privacy and security is ever-present on our minds and can be provided in the context of health information exchange."

Exclusive Interviews

I conducted six podcast interviews at HIMSS. Here's a sampling:

Deven McGraw, co-chair of the Privacy and Security Tiger Team, revealed that many of the team's recommendations likely will be implemented initially through the Nationwide Health Information Network governance rule, slated to be proposed this fall.

Doug Fridsma, M.D., of the HHS Office of the Coordinator for Health IT, compared and contrasted the security approaches of two national health information exchange projects.

Lee Aase of Mayo Clinic described the organization's social media guidelines and offered insights on protecting privacy and security.

Again, for these and other news and insights, please see our HIMSS 2011 Conference page.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.