NIST awards EHR testing contract, ONC seeks to re-identify HIPAA data

As work continues to implement the American Recovery and Reinvestment Act, the Office of the National Coordinator for Health Information Technology is looking for a contractor to re-attach identifiers from supposedly de-identified information from a HIPAA data set. HHS, as directed by the ARRA legislation, is developing tougher HIPAA privacy standards, and it seems that this research on how clearly one can match de-identified data with an actual individual will help determine whether current HIPAA data sets are adequate to safeguard privacy.

Meantime, Booz Allen Hamilton has won a $400,000 contract from the National Institute of Standards and Technology to develop a framework for testing electronic health records and a process for certifying EHRs and other health IT products. The contract is part of a $20 million ARRA appropriation for NIST to help ONC create a "testing infrastructure that supports the security and interoperability of EHR systems," the institute says.

ARRA allows for multiple certification bodies, and national health IT coordinator Dr. David Blumenthal has advocated in favor of such. Currently, only the Certification Commission for Healthcare Information Technology, a private organization that got off the ground in 2005 with the help of a $7.5 million ONC contract, is in the EHR certification business. But at least one other organization, the Austin, Texas-based Drummond Group, has expressed interest in certifying EHRs. Providers will have to use certified EHRs to earn Medicare and Medicaid incentives under ARRA.

To learn more:
- read this CMIO story on the re-identification contract
- take a look at this Government Health IT article on the NIST award