The Security Scrutinizer with Howard Anderson

New ONC Leader Communicates Goals

Mostashari Getting the Word Out on Privacy, Security, Other Issues

Mostashari, who got promoted from deputy to head of the Office of the National Coordinator April 8, spoke up at meetings of ONC advisory committees and at industry events. And he granted HealthcareInfoSecurity.com one of his first media interviews since taking on the new role, stressing that maintaining the privacy and security of patient information is one of his top priorities (See: Mostashari Addresses Privacy, Security).

Building public confidence that electronic health records are secure and that their privacy rights are protected will prove essential to the successful implementation of EHRs and health information exchanges, Mostashari noted in the interview.

Mostashari could play an important role in leading the way toward beefing up the privacy and security details in the Federal Health IT Strategic plan. 

One important goal of the HITECH Act's electronic health record incentive program , which his office administers, is to "make sure we do what steps are necessary ... to protect the privacy and security of information," Mostashari said. Incorporating such protections in EHR "meaningful use" incentive requirements for hospitals and physicians in future stages of the program, as well as in the criteria for EHR software, is "certainly going to be something that's a priority for us," he added.

So we'll be watching with great interest to see whether proposed guidelines for Stage 2 of the EHR incentive program, which should emerge in draft form in the coming weeks, contain beefy privacy and security provisions -- and whether those provisions survive in the final version of the guidelines, which are slated for approval by the Department of Health and Human Services by year's end. The Privacy and Security Tiger Team already has given ONC many good ideas for protections to include in the EHR meaningful use and software certification criteria or in other regulations.

Privacy, Security Collaboration

When asked about the importance of various government agencies cooperating on health information privacy and security matters so that a consistent approach can be developed, Mostashari pointed to an interagency task force on privacy and security that the White House announced back in February 2010 (See: White House to Create Health IT Task Force). That task force, including representatives of ONC, the HHS Office for Civil Rights and several other agencies, is continuing its work, he noted. Let's hope that the group produces some innovative ideas for stepping up privacy protections this year.

A proposal to modify the HIPAA privacy and security rules, as required under the HITECH Act, was issued last July, but a final version is still in the works. The Office for Civil Rights is taking the lead role on that project. Hopefully, OCR will collaborate with Mostashari and his ONC team, and others, to make sure the new HIPAA provisions are as tough, and as fair, as possible.

Meanwhile, Mostashari could play an important role in leading the way toward beefing up the privacy and security details in the Federal Health IT Strategic plan, drafted by the team at ONC under David Blumenthal, M.D., Mostashari's predecessor. The draft version of the plan primarily rehashed projects already in the works, some critics have charged (See: Health IT Strategic Plan: A Critique). ONC already has received dozens of comments on the plan, and it will continue to accept them through May 6. To comment, visit the Health IT Buzz Blog on the ONC website.



About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.