Federal workgroup wants encryption even for direct HIE

The privacy and security workgroup of the federal Health IT Policy Committee is recommending that providers encrypt any personally identifiable patient information whenever they share data with others, even when a third-party health information exchange is not involved.

The workgroup is asking HHS officials to set policies for data encryption, limits on specificity in message headers and identity verification of both sender and receiver, even in direct, one-to-one exchanges, as part of final rules for "meaningful use" of EMRs, Government Health IT reports. Such rules are what a "reasonable patient would expect," said workgroup co-chair Deven McGraw, director of the Health Privacy Project at the Center for Democracy and Technology.

This recommendation takes into account new, tougher, HIPAA privacy and security rules, which come with increased penalties for violations. "If strong policies, such as the above, are in place and enforced, we don't think this scenario needs any additional individual consent beyond what is already required by current law," McGraw said.

Direct HIE likely will be a "stage 1" requirement of meaningful use. HHS promises a final rule in June.

For further details:
- take a look at this Government Health IT story

Suggested Articles

Roche, which already owned a 12.6% stake in Flatiron Health, has agreed to buy the health IT company for $1.9 billion.

Allscripts managed to acquire two EHR platforms for just $50 million by selling off a portion of McKesson's portfolio for as much as $235 million.

Artificial intelligence could help physicians predict a patient's risk of developing a deadly infection.