Supreme Court Ruling Ends UncertaintyTime to Refocus on Security and Privacy Plans
Months of uncertainty exploded into moments of utter confusion when two major cable news networks erroneously reported that the Supreme Court had shot down President Obama's healthcare reform law.
But those networks jumped the gun, perhaps reporting something that many thought would happen. The initial reports that claimed the court had overturned the key components of the legislation called into question what the potential impact would be on a number of issues, including privacy and security.
Many CIOs and security professionals at healthcare providers, insurers and other organizations will be even busier addressing privacy and security issues.
As it turns out, the court, in a 5-4 decision upheld healthcare reform. And that clears the way, among other things, for continued development of state health insurance exchanges and accountable care organizations, both of which must take steps to ensure patient information remains private.
Even if the court had overturned the law, the HITECH Act, and its privacy and security components, would have been untouched, because the act was passed as part of the economic stimulus package.
As a result of the court's action, many CIOs and security professionals at healthcare providers, insurers and other organizations will be even busier addressing privacy and security issues than they would've been had the legislation been thrown out.
That's because IT efforts tied to accountable care organizations and budding state health insurance exchanges are both big parts of the reform effort.
Health insurance exchanges are electronic marketplaces where uninsured consumers can shop for coverage. States are working with insurers on the exchanges to make sure adequate security precautions are taken.
ACOs are groups of healthcare providers in a region that not only share payment risk and reward, but also share patient data in the mission to improve coordination of care. And ACO participants must take steps to ensure data that's exchanged remains private.
"Privacy and security is a component of ACOs, and the foundation is built on sharing data, especially among disparate organizations like acute care hospitals and primacy care practices," says Robert Tennant, senior policy advisor at the Medical Group Management Association, a professional organizations representing medical practices.
"If you're an ACO, you need to be very concerned about security and privacy because you're only as strong as your weakest link," he says.
Some Uncertainty Lingers
But now that healthcare reform has been upheld, information security professionals continue to await federal action to carry out HITECH and other mandates, including:
- Finalization of the omnibus package that will modify the HIPAA privacy, security, enforcement and breach notification rules;
- Publication of the final rules for Stage 2 of the HITECH Act electronic health record incentive program.
- Hammering out details for the Nationwide Health Information Network "rules of the road," including a decision on whether those standards should be voluntary.
"Now that the uncertainty around [healthcare reform] has been settled, it is critical that we continue the momentum to transform healthcare, including the use of information technology," says Dave Roberts, vice president of government relations at Healthcare Information and Management Systems Society.