PCWorld – Among the many new provisions the American Recovery and Reinvestment Act (ARRA), is federal funding for electronic medical records. Known as HITECH, the law gives incentives to healthcare organizations to digitize personal health information before 2020. Lost in the rush, however, are the details.
“I look forward to medical records going electronic,” said Howard Schmidt, the former White House cybersecurity czar, “but I have a tremendous amount of concern about building a really, really good healthcare infrastructure … and then securing it later.” Schmidt spoke with PCWorld at RSA 2009.
The law, which also updates parts of HIPAA, gives the Secretary of Health and Human Services until mid-August to define what constitutes an electronic medical record. In Schmidt’s view initial requirements should start with strong authentication and encryption, and so far, the Secretary has done just that. Citing existing NIST and FIPS standards, HHS guidance includes healthcare data at rest, data in motion, as well as the proper destruction of Protected Health Information. Unfortunately, some health practitioners have begun purchasing e-health systems before the full complement of standards is known.
