Privacy Enforcement Tactics Sought

Federal strategic plan addresses security issues
Privacy Enforcement Tactics Sought
At an online session to solicit comments on a proposed framework for a new Federal Health IT Strategic Plan, a planner asked for additional advice on tactics for ramping up enforcement of existing privacy and security regulations.

The planner also called for analyzing lessons learned about common factors in reported healthcare information breaches to create a breach prevention strategy.

The Department of Health of Human Services, through its Office of the National Coordinator for Health Information Technology, headed by David Blumenthal, M.D., is accepting additional comments on the draft of the of the "Health IT Strategic Framework" at a blog through April 11.

HITECH mandate

Under the HITECH Act, HHS must work with other agencies to update the Federal Health IT Strategic Plan published in June 2008. The framework is the first step, and HHS expects to complete its work this fall.

The first draft of the framework, prepared by the ONC's Health IT Policy Committee's strategic planning workgroup, calls for "effective and fair enforcement of legal requirements." At the April 6 "listening session," Deven McGraw of the Center for Democracy and Technology, a member of the workgroup, asked attendees to submit more comments to the blog about enforcement tactics.

"Having tactics that are very specific about what HHS should do to achieve that objective would go a long way toward building public trust," she said. "It would be helpful to hear from all of you on that. It will help make the framework come alive."

Earlier, some observers commented to that the framework did not stress strongly enough the need to vigorously enforce the HIPAA privacy and security regulations.

Learn from breaches

During the April 6 online event, McGraw also pointed to the need for HHS to "create a mechanism to learn from data breaches," analyze what factors the incidents have in common, and then "adjust policies and standards" to create a breach prevention approach.

McGraw also said a key to building consumer confidence in electronic health records is "greater transparency about who has access to their data."

State laws

In response to an attendee's comment that state legislators need to become better-educated about federal healthcare privacy and security initiatives, McGraw pointed out that the draft framework calls for "harmonization" of state privacy laws "where it is essential to advancing the national health priority goals."

But she acknowledged that it's difficult to balance states' rights with the desire to enable the nationwide sharing of healthcare information. "We'd like to get more feedback on that issue," she said.

McGraw acknowledged that the rapid evolution of technologies make it difficult for the federal government to create a strategy for keeping health information secure. "We're dealing with a very fluid environment," she said. That means federal strategies need to be constantly readdressed "to make sure they remain up to date and effective."

The HIT Policy Committee expects to discuss the framework at its April 21 meeting and make final recommendations to ONC by its May 19 meeting.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.