The Security Scrutinizer with Howard Anderson

Kudos for the Security Task Force

Kudos for the Security Task Force

Pritts, appointed earlier this year as the first chief privacy officer in the Office of the National Coordinator for Health Information Technology, recently announced formation of a privacy and security task force, which she said is designed to centralize and intensify ongoing, highly fragmented efforts to define policies.

It's a step that many observers say is long overdue.

Let's hope the task force takes the lead in providing clarity when it comes to healthcare privacy and security guidance. 

As noted in a recent story, many rules, regulations and guidance documents on privacy and security mandated under the HITECH Act are falling behind schedule. And that's dangerous, given that efforts to boost use of electronic health records and health information exchanges are moving rapidly forward, fueled, in large part, by federal HITECH EHR incentive payments and HIE grants.

So Pritts came on the scene, sized up the fragmented efforts to develop privacy and security policy at ONC and elsewhere, and decided it was time for what she called a "tiger team" to take quick action this summer.

Let's hope the team comes through.

"There needed to be a focal point for privacy and security issues and a group that could move faster," says John Glaser, CIO at Partners HealthCare, Boston. Glaser recently completed serving as a part-time adviser to ONC.

"It's an attempt to pull all the threads together to create one major, coordinated effort," adds Steve Findlay, senior health policy analyst at Consumers Union, Washington.

Keeping track of all the organizations working on healthcare privacy and security issues is enough to make your head spin.

A long list of committees and workgroups were advising ONC, which makes recommendations to the Department of Health and Human Services. Meanwhile, HHS itself, its Office for Civil Rights, plus the Department of Veterans Affairs, the Department of Defense and other agencies were all addressing various aspects of these important healthcare issues.

"I don't even know all the tentacles of all this activity in the government," says Findlay, who serves as co-chair of one of the ONC privacy/security workgroups.

The consumer advocate is hopeful that the new task force will help coordinate all the various initiatives and make some rapid conclusions on healthcare policies that all units of the government can immediately use.

"The issues of security and privacy are of such high importance, that it didn't make sense to have all these efforts going on rather than one coordinated effort," he says.

So Pritts' action to form the task force is a very important first step. Now comes the hard part: Building a quick consensus on a wide variety of issues, including standards for personal health records, policies for obtaining consent from patients to share their data via HIEs, precise standards for the security functions of electronic health records software, and many more.

It remains to be seen which issues the task force will address, and in what order. So far, Pritts and others at ONC are keeping quiet about task force details.

But it's important that they reveal the game plan very soon and keep everyone affected by the task force's decisions well-informed every step of the way.

Meanwhile, the HHS Office for Civil Rights continues to formulate its plans for HIPAA privacy and security audits, which could start by year's end. Surely, these audits will be much more productive, and meaningful, if the "rules of the road" for privacy and security are crystal clear.

Let's hope the task force takes the lead in providing clarity when it comes to healthcare privacy and security guidance.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.