The health IT industry may have a better idea of how health information exchanges can protect the patient data they hold after ONC's Health IT Policy Committee approved several recommendations from its Privacy and Security Tiger Team regarding HIE security, according to an article in HealthcareInfoSecurity.com.
The recommendations, accepted at the committee's April 3 meeting, addressed targeted queries for direct treatment controlled either by the Health Insurance Portability and Accountability Act or by more stringent state privacy laws. For either scenario, when a provider requests data, the data holder should have assurances that the requester is authorized to receive the information. Data holders also should respond in a timely manner, and in a way consistent with their professional and legal obligations.
The Tiger Team also recommended, among other things, that the Health IT Standards Committee come up with recommendations for technical methods of giving providers a way to comply with stricter state laws, which vary. It continues to work on creating recommendations for non-targeted queries for direct treatment purposes when the requester is making an initial query to locate a patient's records.
The privacy and security of electronic records stored in EHRs and HIEs has long been a concern. The recommendations may become part of the requirements for Stage 3 of Meaningful Use, although the projected 2016 launch date for Stage 3 may now be in doubt.