Data Security Report Submitted to Congress by OCR

On October 2, The Office of the National Coordinator for Health Information Technology (ONC) released a report to congress providing guidance and recommendations on how new technology can be used in healthcare and how the safe exchange of health information can provide patient with many advantages.

The report, titled Update on the Adoption of Health Information Technology and Related Efforts to Facilitate the Electronic Use and Exchange of Health Information, provided information on the obstacles faced in the exchange of health information together with proposals on how the federal government can take steps to remove some of those hurdles. ONC listed ‘Privacy and Security Protections for Health Information’ as one of its main building blocks to ensure smooth integration of IT in healthcare  ein order to ensure patient data privacy rights is secure.

Congress was given with a timely reminder of the Health and Human Services department’s (HHS) role and that it should advise on issues pertaining to data privacy and security, as well as help with the development of data management policies. The HHS should be reviewing new technologies which can be used to exchange health information and conduct risk assessments and analyses to find possible weaknesses and suggest strategies for minimizing those dangers.

It should produce and distribute the materials necessary to facilitate the education of stakeholders on the importance of a coordinated group effort to sustain the privacy of patient health data. It has been recommended that it offer multimedia tools and technical guidance to make it easier for stakeholders to carry out data security risk assessments.

The HHS must also coordinate its work with other government departments on a state, regional and national level and take a global view on the privacy of health information and cybersecurity issues. The report also used figures on data security, privacy and breaches gathered by the Office for Civil Rights from 33,000 HIPAA complaints that it resolved.

OCR took the chance to highlight the efforts it has made in relation to data security and privacy. It has put together government sanctioned forms that are available to download and use as templates for privacy practices. Organizations can use the forms and distribute them under HIPAA privacy rules to make patients aware of their PHI privacy rights and the privacy practices employed by the organization in question.

It also referred to its cyber security risk assessment tool for identifying potential weaknesses. The risk assessment tool can be used to find areas requiring improved security measures to enable action to be taken to comply with requirements of the HIPAA Security Rule.