Building Public Trust in Secure EHRs

Blumenthal, Cybersecurity Czar Working on Recommendations
Building Public Trust in Secure EHRs
David Blumenthal, M.D., the government's point man on implementing the provisions of the HITECH Act, is collaborating with White House Cybersecurity Coordinator Howard Schmidt to develop guidance on healthcare information security.

As part of that collaboration, a governmentwide coordination council soon will make recommendations on healthcare security issues, said Blumenthal, the Department of Health and Human Services' national coordinator for health information technology. Councils are formed to work on interagency cybersecurity projects.

To build public trust in widespread use of electronic health records and the exchange of clinical information, as called for under the HITECH Act, will require building public confidence that healthcare information will remain secure, Blumenthal said Tuesday in his keynote address at the HIPAA Summit West in San Francisco.

The HITECH Act, among other things, provides funding for Medicare and Medicaid EHR incentive payments to physicians and hospitals as well as state grants to support development of health information exchanges.

Next Security Steps

"We'll be examining where we need to go forward with new guidance, regulation or law to assure the public stays with us on this endeavor," Blumenthal said.

As part of that effort, federal officials also are reviewing the recommendations of a privacy and security tiger team regarding such issues as gaining patient consent to exchange their information, he noted.

Building public trust will require a "broad, deep national dialogue" on the issue of how to give patients control over their information, Blumenthal said. To initiate dialogue, Blumenthal's office will conduct "listening sessions" on privacy and security issues with consumers across the country, starting later this month.

"The public hopefully will conclude that the value of health information exchange greatly exceeds the risks to privacy ... as long as they trust that we are doing everything humanly possible to protect their information," Blumenthal said.

Addressing Breach Threats

Although the public is primarily concerned that hackers might access their health information, the bigger threats, Blumenthal said, are from the careless practices of healthcare organizations. Most major breaches reported to the HHS Office for Civil Rights, he noted, have involved lost or stolen unencrypted laptops and other devices.

"The first thing we have to do is get the basics right," Blumenthal said. "For example, we have to make sure that laptops used by health professionals are automatically encrypted."

Responding to a question about variations in state privacy laws that might impede the exchange of data across state lines, Blumenthal suggested initial efforts should focus on "getting information flowing within states." Then communities, such as Boston, that would greatly benefit from exchanging data with those in other states could begin to work on addressing variations in state laws.

"There will be a political push to solve those problems in those states where there's a clear rationale to make state laws compatible," he said.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.