ONC's New Leader: An AssessmentMostashari Has Called Attention to Privacy, Security Issues
In comments before the Health IT Standards Committee March 29, Mostashari stressed that ONC must emphasize "putting patients and their interests in the center of everything we do -- their interests including privacy and security."
Mostashari, who previously served as ONC's deputy national coordinator for programs and policy, succeeds David Blumenthal, M.D., who stepped down after two years at the ONC helm to return to the faculty at Harvard University. In his March 29 comments, Mostashari stressed the need to "move from strategy to execution on many of the things that we've started and designed."
Deven McGraw, co-chair of the Privacy and Security Tiger Team that's advising ONC, calls Mostashari "a very good choice" to head the office. "Because he has served as the ONC deputy, he is well-positioned to continue the momentum begun during Dr. Blumenthal's tenure," says McGraw, director of the health privacy project at the Center for Democracy & Technology. "He also brings experience in implementing health IT, both in treatment and public health settings."
Security consultant Bob Chaput, president of Clearwater Compliance, says: "Dr. Mostashari's field experience as a scientist and large project implementer will be especially useful in providing effective leadership at ONC."
"Farzad is a physician, first and foremost, and very interested in achieving adoption of healthcare information technology into the very 'DNA' of American medicine," says Bill Bria, M.D., chief medical information officer at Shriners Hospitals for Children. "He is a terrific communicator and team builder. I believe Farzad, from his background in public health, is a strong defender of patients' rights and confidentiality."
Pointing to many projects mandated by the HITECH Act that are behind schedule, Christopher Paidhrin, security compliance officer at Southwest Washington Medical Center in Vancouver, Wash., is waiting to see whether the new head of ONC can lead the agency to effectively implement privacy and security standards. "I believe Dr. Mostashari is qualified, articulate and capable," Paidhrin says. "My concerns would be on whether he can move the behemoth of this ONC forward with alacrity and efficiency."
HITECH Act ProjectsThe new national coordinator for health IT and his team will continue to lead efforts to develop rules, regulations and programs to carry out many provisions of the HITECH Act, including the electronic health record incentive program.
Before joining ONC, a unit of the U.S. Department of Health and Human Services, Mostashari served as assistant commissioner for the Primary Care Information Project at the New York City Department of Health and Mental Hygiene, where he helped facilitate the adoption of prevention-oriented health information technology by more than 1,500 providers in underserved communities.
Mostashari also formerly led the NYC Center of Excellence in Public Health Informatics and an Agency for Healthcare Research and Quality funded project focused on quality measurement at the point of care. He established the Bureau of Epidemiology Services at the NYC Department of Health, which provides epidemiologic and statistical expertise and data for decision making to the health department.
Takes Privacy, Security 'Seriously'McGraw says she's confident that Mostashari "takes the issues of privacy and security very seriously and is committed to securing public trust in health IT and electronic health information exchange." But, the tiger team co-chair adds, "He will continue to face the same challenges faced by Dr. Blumenthal. Federal jurisdiction over privacy and security policy is shared by multiple agencies, and getting them to move in a coherent and consistent direction, with shared priorities, will continue to be a challenge for anyone in this job."
Paidhrin of Southwest Washington Medical Center hopes that efforts to create, implement and enforce privacy and security standards will pick up steam under Mostashari's leadership. "I've been waiting to see what Dr. Mostashari and the ONC would come up with in the way of new standards ever since his testimony before Congress back in April 2010," Paidhrin says.
In his 2010 written testimony, Mostashari said: "There is a need to define the standards and privacy and security protections to support new technologies and modalities, potentially including mobile health devices and tools for remote monitoring."
The new ONC leader should be judged, in part, on his ability to enact privacy and security standards, gain buy-in from vendors in adopting these standards and "effectively communicate his vision" both within ONC and to the stakeholders of healthcare, Paidhrin says. "We need to get to adoption of best practices - not simply being told that we're getting there."
Privacy LeadershipDan Rode, vice president of policy and government relations at the American Health Information Management Association, notes that Mostashari, like Blumenthal "is not schooled in privacy and security, so I expect him to listen to staff, advisory committee members and the industry and lead with consensus."
One of his challenges, Rode says, will be taking steps to ensure patient privacy is protected as efforts to ramp up health information exchange continue.
Chaput, the consultant, says that although he doesn't expect any "significant changes in strategy or direction" for privacy and security issues under Mostashari's leadership at ONC, he anticipates added emphasis on privacy safeguards in the Stage 2 criteria for the HITECH Act electronic health record incentive program.
In a statement, the Healthcare Information and Management Systems Society praised Mostashari's "leadership on a number of issues, including provider (electronic health record) adoption and associated certification requirements, interoperability and health information exchange, and efforts to engage all communities in driving the innovation that is necessary for transforming healthcare."
Health IT Strategic PlanBlumenthal and his team recently unveiled a draft of a Federal Health IT Strategic Plan for 2011-2015 that will be completed once public comments are received and reviewed. Comments are due April 22 on the ONC website.
"I assume that Dr. Mostashari, as deputy director, had significant input into the existing plan," says McGraw. "I suspect that any changes that will be made will be done based on public input or significant external developments that necessitate reconsideration of certain aspects of it."
Paidhrin, the security compliance officer, was among several observers who criticized the plan for lacking details on new privacy and security initiatives beyond those already under way. (See: Health IT Strategic Plan: A Critique) In light of the naming of a new leader at ONC, Paidhrin says he's hopeful that the office will aggressively carry out the plan's call for "more rigorous standards to support interoperability." He adds: "I'm seeing many different health information exchanges using many different standards, modalities and use cases. ... "I'm also hearing from health information managers, those who really know what it takes to make an EHR work, that we are collectively a long way from readiness to make HIEs work well."
McGraw says Mostashari will need to take up new privacy and security topics, including policies for access to record locator services and for secondary data uses, in light of the recommendations of the Presidential Council of Advisors on Science and Technology. (See: Universal Exchange Language Debated) The council has called for creation of a universal exchange language that would involve tagging individual data elements within electronic health records with descriptive information, such as patient consent to exchange the data.