Privacy Enforcement Tactics SoughtFederal strategic plan addresses security issues
The planner also called for analyzing lessons learned about common factors in reported healthcare information breaches to create a breach prevention strategy.
The Department of Health of Human Services, through its Office of the National Coordinator for Health Information Technology, headed by David Blumenthal, M.D., is accepting additional comments on the draft of the of the "Health IT Strategic Framework" at a blog through April 11.
Under the HITECH Act, HHS must work with other agencies to update the Federal Health IT Strategic Plan published in June 2008. The framework is the first step, and HHS expects to complete its work this fall.
The first draft of the framework, prepared by the ONC's Health IT Policy Committee's strategic planning workgroup, calls for "effective and fair enforcement of legal requirements." At the April 6 "listening session," Deven McGraw of the Center for Democracy and Technology, a member of the workgroup, asked attendees to submit more comments to the blog about enforcement tactics.
"Having tactics that are very specific about what HHS should do to achieve that objective would go a long way toward building public trust," she said. "It would be helpful to hear from all of you on that. It will help make the framework come alive."
Earlier, some observers commented to HealthcareInfoSecurity.com that the framework did not stress strongly enough the need to vigorously enforce the HIPAA privacy and security regulations.
Learn from breaches
During the April 6 online event, McGraw also pointed to the need for HHS to "create a mechanism to learn from data breaches," analyze what factors the incidents have in common, and then "adjust policies and standards" to create a breach prevention approach.
McGraw also said a key to building consumer confidence in electronic health records is "greater transparency about who has access to their data."
In response to an attendee's comment that state legislators need to become better-educated about federal healthcare privacy and security initiatives, McGraw pointed out that the draft framework calls for "harmonization" of state privacy laws "where it is essential to advancing the national health priority goals."
But she acknowledged that it's difficult to balance states' rights with the desire to enable the nationwide sharing of healthcare information. "We'd like to get more feedback on that issue," she said.
McGraw acknowledged that the rapid evolution of technologies make it difficult for the federal government to create a strategy for keeping health information secure. "We're dealing with a very fluid environment," she said. That means federal strategies need to be constantly readdressed "to make sure they remain up to date and effective."
The HIT Policy Committee expects to discuss the framework at its April 21 meeting and make final recommendations to ONC by its May 19 meeting.