NEW ORLEANS – The National Coordinator for Health Information Technology Farzad Mostashari, M.D., announced today at HIMSS13 that the Department of Health and Human Service’s (HHS) is planning to accelerate health information exchange (HIE) and work toward secure data flow. Part of that movement was a request for information (RFI) seeking public input about HIE policy. In case there was any doubt, Mostashari cited privacy and security as a major focal point and critical to everyone involved with HIE policy development.
“We have baked security as well as privacy issues into all the activities that we have around health information exchange,” Mostashari said. “My Chief Privacy Officer (CPO) always reminds me that we’re not just talking about the exchange of health information, but the secure exchange of health information.”
For example, Mostashari reminded the audience that the requirements for every certified EHR in 2014 must have protocols that allow the exchange of secure health information over the Internet that is mutually authenticated and encrypted. “That means when it’s over the wire, it’s encrypted and only the person who sent and the person it was meant for can decrypt that message,” he said.
He also said that no-identifiers, for example, should be buried in the header of the packet of information as it moves through an HIE and the protocols are designed with privacy and security baked in. Nothing revolutionary was explained in Mostashari’s comments about HIE innovation and security goals, but it’s helpful to know that the topic is top-of-mind at HHS and the Office for the National Coordinator of Health Information Technology (ONC) headquarters.