The New Federal Strategic Health IT Plan

The Office of the National Coordinator for Health IT, a unit of the Department of Health and Human Services, has issued its Strategic Health IT Plan for 2015 to 2020.

The plan, developed in collaboration with more than 35 federal agencies, has five main goals:

  • Furthering the adoption of health IT
  • Improving the security and interoperability of health information exchanges
  • Strengthening healthcare delivery
  • Supporting and improving the health and wellness of individuals and communities
  • Advancing research and innovation

The last federal Strategic Health IT Plan was released in 2011. The new plan is similar to the 2011 plan, and could better be described as a position paper than as a tactical, visionary document.

The Office of the National Coordinator for Health Information Technology (ONC) has stated that the plan will act as “the broad federal strategy” for the Nationwide Interoperability Roadmap, released by ONC in draft form last June.

ONC is expected to release the final version of the roadmap in January. The roadmap is expected to detail the ways in which the federal government and the healthcare industry will implement the goals laid out in the Strategic Health IT plan.

Health Data Security Issues

ONC’s three objectives around protecting health care information, according to the new Strategic Health It Plan, are :

  • Enabling individuals, providers, and public health entities to securely send, receive, find and use electronic health information;
  • Identifying, prioritizing and advancing technical standards to support secure and interoperable health information;
  • Protecting the privacy and security of health information.

As part of this process, certified EHR systems eligible for the HITECH incentive program may need to offer advanced data segmentation and encryption capabilities. The plan stresses the importance of developing standards to foster interoperability between medical devices and certified EHRs.

Additional health IT certification requirements are under review for protecting the exchange of particularly sensitive personal data, such as information regarding substance abuse treatment. The plan also speaks to the importance of authenticating information across data sources.

The plan, unsurprisingly, stresses the need to develop and implement policies and procedures to secure data from breaches, and the need to train healthcare professionals so that they can understand and adhere to these practices.

Also on ONC’s to-do list: continuing the development, administration and enforcement of federal privacy and security regulations and standards for HIPAA covered entities and business associates; as well as developing and enforcing applicable federal privacy and security requirements for entities not covered by HIPAA.

The plan also calls for the development of “a single health and public health Information Sharing and Analysis Center (ISAC) for bi-directional information sharing about cyber threats and vulnerabilities between the private healthcare industry and the federal government.” It is as yet unclear how this would affect the already-existing National Health ISAC.

Posted in BAI Security Blog, Reducing Security Risks, Security Risks and tagged , , , .

Leave a Reply

Your email address will not be published. Required fields are marked *