Security Task Force Details EmergeNew Advisory Group Will Focus on Data Exchange Policies
Once the group, informally called the "Privacy and Security Tiger Team," completes its recommendations on information exchange this summer, it may consider whether to tackle other issues, says Co-Chair Deven McGraw. She's director of the health privacy project at the Center for Democracy & Technology.
But for now, the new advisory group is intended to be "limited in duration" as well as scope, McGraw says.
On May 26, Joy Pritts, chief privacy officer in the Office of the National Coordinator for Health Information Technology, announced plans to form the new advisory group, saying it was needed to centralize and intensify ongoing, highly fragmented efforts to define policies. ONC makes policy recommendations to the Department of Health and Human Services.
In reaction to Pritts' announcement of the concept, several observers expressed hope this week that the new group would be a permanent effort to tackle a long list of healthcare privacy and security policy issues, which many federal advisory groups and governmental agencies are addressing. Many policies and guidelines that were mandated under the HITECH Act are long overdue.
"The issues of security and privacy are of such high importance that it didn't make sense to have all these efforts going on rather than one coordinated effort," said Steve Findlay, senior health policy analyst at Consumers Union, Washington.
"There needed to be a focal point for privacy and security issues and a group that could move faster," said John Glaser, CIO at Partners HealthCare, Boston. Glaser recently completed serving as a part-time adviser to ONC.
In addition to ONC, and the workgroups and committees that advise it, officials in the Department of Health and Human Services, HHS' Office for Civil Rights, the Department of Veterans Affairs, the Department of Defense and other agencies are all addressing various aspects of healthcare privacy and security.
Findlay, who serves as co-chair of one of two privacy/security workgroups advising ONC, said he hoped the new tiger team would help coordinate all the various initiatives and make some rapid conclusions on healthcare policies.
Although McGraw says the tiger team's initial mission has a narrower focus than that envisioned by some observers, she acknowledges, "If this temporary structure we created to deal with immediate issues turns out to work really well, there will be pressure to continue it going forward."
Members of the tiger team will address at the end of summer whether to dissolve the group and go back to the former workgroup structure, which enables more experts to be involved, she adds. "If we make this group more permanent, we will have to come up with a way to incorporate more viewpoints somehow."
Building the team
The 15 members of the new team were selected from among the members of several workgroups advising the federal government on privacy and security. The two workgroups advising ONC "will be on hold for the summer while this new group works," McGraw says.
This month, the tiger team will develop privacy and security policy recommendations for NHIN Direct, McGraw says. Now in development, NHIN Direct is a set of standards for the simple, one-to-one exchange of healthcare data, such as when a primary care physician refers a patient to a specialist and transmits records.
Also in the works is NHIN, or the National Health Information Network, which amounts to a group of standards for secure data exchange to be used by local, regional and statewide Health Information Exchanges. In July, the tiger team will make policy recommendations for HIEs, McGraw says. The ONC is supporting HIE development through grants to states.
"We're not going to wait to tie up all our recommendations with a neat little bow," McGraw says. "We'll put them out there as we get them ready."
The HIT Policy Committee, which advises ONC, will review the tiger team's recommendations. Ultimately, HHS must approve the policies.