Under these standards, EHRs should be able to permit access only to those persons or applications that have been granted access rights. The standards also cover the ability to encrypt and decrypt electronic personal health information.  

In 2013, EHRs would have to meet additional standards to further tighten security, including Health Level 7 Role-based Access Control (BRAC), Security Assertion Mark-up Language (SAML) and WS-Trust, the name of an OASIS standard to construct secure messages. 

The work group also offered documentation to help vendors and providers implement the standards. For example, the National Institute for Standards and Technology has a guide for storing encryption technologies for devices, such as thumb drives.

Looking ahead, the Health IT Standards Committee has already started its work on 2013 meaningful use criteria, a process that started by naming Aneesh Chopra, the administration's chief technology officer, to be chairman of a new work group on adoption and implementation.

Chopra said time is of the essence in getting the workgroup's agenda underway. "Going forward, we have this map showing the way, but that doesn't mean we don't want folks to start sharing now - DOD and VA want this data now," Chopra said.

About 70 percent of patients covered by the Defense and Veterans Affairs departments receive care in the private sector. Chopra said he wants to get feedback from those, such as DOD and VA, who want to share data now.

Chopra said that he would like to find a way to measure the current state of standards adoption as a baseline; identify the barriers that private sector health care executives face in reporting a variety of quality measure; and share best practices and lessons from organizations using standards.