Federal panel approves EHR security, privacy standards

By Mary Mosquera
September 16, 2009
12:40 PM

The Health IT Standards Committee Tuesday endorsed a set of security and privacy standards for electronic health record systems that it said would get progressively tougher without holding back wider health information sharing.

The committee's security and privacy workgroup clarified requirements that electronic health record systems must meet so both vendors and healthcare providers could use a number of access controls in their electronic health record systems and practices by 2011.

Workgroup member David McCallie, vice president for medical informatics at Cerner Corp, made the presentation to the Committee.

McCallie said the standards were designed to ensure that the security of health IT systems is powerful enough to protect health information in a variety of private and public sector settings while at the same time promoting the sharing of records.

For instance, organizations that want to swap information may have differing security and privacy requirements, making it a challenge to exchange data. "If they want to communicate with each other, do we rise to the most stringent system or lower ourselves to the most common denominator?" he said.

The standards under discussion cover access control, authentication, authorization and transmission of health data. The group tried to make the guidance clear enough to make interoperability between organizations a reality, McCallie said.

"Security is a balance between ease-of-use, cost and bullet-proof protection," added John Halamka, MD, vice chairman of the Committee. The workgroup has tried to provide "a rational glide path to increasingly constrained security," he added.

Under the standards approved Tuesday, by 2011 EHR systems would have to meet several standards for access control, including technical requirements of the security and privacy rules of the Health Insurance Portability and Accountability Act's (HIPAA) and the Advanced Encryption Standard.

The HITECH provisions of the economic stimulus legislation toughened HIPAA's security and privacy rules. The standards endorsed today cover the terms of those rules.

Continued on next page...

 

More regional news

VA building signage

House passes veterans healthcare package without RESET Act

By
Andrea Fox
November 21, 2024
David Miles of Oklahoma Heart Hospital

Deep dive: A tour of all-digital Oklahoma Heart Hospital, where automation is the norm

By
Bill Siwicki
November 21, 2024
Healthcare workers looking at X-ray images on monitors

Streamlining healthcare operations with multicloud-by-design

November 21, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

VA building signage
House passes veterans healthcare package without RESET Act

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

David Miles at Oklahoma Heart Hospital_Part 1_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
The CIO of an all-digital hospital walks readers through its successes
Dr Alice Sutedjo Lisa at SMC Telogorejo Hospital_HIMSS24 APAC
Assisting the elderly in digital care
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive
George Pappas at Intraprise Health_Digital shield and lock Photo by da-kuk/Getty Images
Tighter cyber mandates hold New York providers to higher security standards

More Stories

BJ Schaknowski of symplr
Too many IT systems with limited alignment impacts care quality
Doctor in scrubs using computer
Tenet to deploy AI platform across its physician network
Healthcare CIO with other healthcare executives
Health system CIOs' strategic responsibilities continue to evolve
George Pappas at Intraprise Health_Digital shield and lock Photo by da-kuk/Getty Images
Tighter cyber mandates hold New York providers to higher security standards
Clinicians look at diagnostic imaging
American College of Radiology launches AI quality registry
A doctor with glasses sits at a desk and speaks during a telehealth visit.
DEA and HHS extend virtual prescribing for controlled substances through 2025
Dr. Jay Anders at Medicomp Systems_Computer chip with stethoscope Photo by Just_Super/iStock/Getty Images Plus
Transparency and responsible AI are crucial for medical devices
George Pappas of Intraprise Health on cybersecurity
How to protect telemedicine from cyberattacks