ONC Starts Health IT Strategic FrameworkIncludes detailed privacy/security strategies
Under the HITECH Act, the ONC, a unit of the U.S. Department of Health and Human Services, must work with other agencies to update the Federal Health IT Strategic Plan published in June 2008. The framework, which will be refined in the coming months, will be the foundation for this update. David Blumenthal, M.D., serves as the national coordinator.
The "pre-decisional draft" states that one goal of the framework is to "build public trust and participation in health information technology and electronic health information exchange by incorporating effective privacy and security solutions in every phase of its development, adoption and use."
Strategies to achieve this goal, according to the draft, include:
1. Assess and implement, as appropriate, federal policies related to key privacy and security issues for the broad use of health information and communications technologies amongst all parties that access or exchange health data for individual or population health.
- Implement HIPAA modifications included in HITECH.
- Provide transparency of reported breach notifications, and analyze reported breaches to identify common issues that can inform future privacy and security policies.
- Assess the extent to which lawful and unlawful uses and disclosures of health information can cause harm to individuals (such as through discrimination) and identify, and implement where possible, new policies that would limit these uses and disclosures to help resolve privacy concerns.
- Assess HIT security vulnerabilities and develop initiatives to mitigate these vulnerabilities.
- Assess existing privacy and security protections for non-HIPAA covered entities and address needed protections.
- Incorporate privacy and security policies in meaningful use criteria and adopted standards, implementation specifications, and certification criteria.
2. Explore and promote, where appropriate, existing and emerging technologies to enhance privacy and security.
3. Actively engage states to harmonize privacy laws or exchange policies where it is essential to advancing the national health priority goals.
4. Implement federal privacy and security policies through guidance and HIT programs.
- Develop, disseminate, and promote specific best practices and guidance for hospitals and health care professionals on the implementation of privacy and security policies defined in the Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information.
- Promote privacy and security practices through exchange efforts tied to federal efforts (e.g., NHIN, State HIE grants, and state health policy consortium).
5. Promote an environment of accountability through public education and effective and fair enforcement of legal requirements.
6. Develop and maintain a national education initiative to increase consumer knowledge about the benefits of health information exchange and to broaden the national dialogue on privacy and security issues and to enhance public transparency regarding the uses of protected health information and individual's rights with regard to protected health information.
To view the draft of the framework, visit healthit.hhs.gov and type "strategic framework" in the search function.