New ONC Leader Communicates GoalsMostashari Getting the Word Out on Privacy, Security, Other Issues
Mostashari, who got promoted from deputy to head of the Office of the National Coordinator April 8, spoke up at meetings of ONC advisory committees and at industry events. And he granted HealthcareInfoSecurity.com one of his first media interviews since taking on the new role, stressing that maintaining the privacy and security of patient information is one of his top priorities (See: Mostashari Addresses Privacy, Security).
Building public confidence that electronic health records are secure and that their privacy rights are protected will prove essential to the successful implementation of EHRs and health information exchanges, Mostashari noted in the interview.
Mostashari could play an important role in leading the way toward beefing up the privacy and security details in the Federal Health IT Strategic plan.
One important goal of the HITECH Act's electronic health record incentive program , which his office administers, is to "make sure we do what steps are necessary ... to protect the privacy and security of information," Mostashari said. Incorporating such protections in EHR "meaningful use" incentive requirements for hospitals and physicians in future stages of the program, as well as in the criteria for EHR software, is "certainly going to be something that's a priority for us," he added.
So we'll be watching with great interest to see whether proposed guidelines for Stage 2 of the EHR incentive program, which should emerge in draft form in the coming weeks, contain beefy privacy and security provisions -- and whether those provisions survive in the final version of the guidelines, which are slated for approval by the Department of Health and Human Services by year's end. The Privacy and Security Tiger Team already has given ONC many good ideas for protections to include in the EHR meaningful use and software certification criteria or in other regulations.
Privacy, Security CollaborationWhen asked about the importance of various government agencies cooperating on health information privacy and security matters so that a consistent approach can be developed, Mostashari pointed to an interagency task force on privacy and security that the White House announced back in February 2010 (See: White House to Create Health IT Task Force). That task force, including representatives of ONC, the HHS Office for Civil Rights and several other agencies, is continuing its work, he noted. Let's hope that the group produces some innovative ideas for stepping up privacy protections this year.
A proposal to modify the HIPAA privacy and security rules, as required under the HITECH Act, was issued last July, but a final version is still in the works. The Office for Civil Rights is taking the lead role on that project. Hopefully, OCR will collaborate with Mostashari and his ONC team, and others, to make sure the new HIPAA provisions are as tough, and as fair, as possible.
Meanwhile, Mostashari could play an important role in leading the way toward beefing up the privacy and security details in the Federal Health IT Strategic plan, drafted by the team at ONC under David Blumenthal, M.D., Mostashari's predecessor. The draft version of the plan primarily rehashed projects already in the works, some critics have charged (See: Health IT Strategic Plan: A Critique). ONC already has received dozens of comments on the plan, and it will continue to accept them through May 6. To comment, visit the Health IT Buzz Blog on the ONC website.