By Mary Mosquera
Friday, November 06, 2009
Federal agencies hope to use the government’s Connect software to share health information with private healthcare providers, but current information security and privacy laws significantly block their way, government health IT executives said yesterday.
Two key laws – the Federal Information Security Management Act (FISMA) and the Health Insurance Portability and Accountability Act (HIPAA) – are a particularly steep hurdle to electronic record sharing among federal agencies and private sector providers, they said.
The combined technical requirements of the laws mean organizations must often take more than 200 steps – from doing risk assessments to setting up access controls – to assure their information and systems are safeguarded.
“And that is not a scalable model for the country,” said Vish Sankaran, program director of the Federal Health Architecture office, which is managing the Connect project. He made his remarks at a forum hosted Nov. 5 by market research firm Input Inc.
“A small practitioner’s office would not have the infrastructure to manage all the security controls,” Sankaran added. “And we can’t have the government having to check that all these systems are compliant.”
Under HIPAA, healthcare providers and plans must protect patient information. And under the FISMA, federal agencies must safeguard, monitor and document that their networks and systems are secure.
