Security concerns holding back wider HIE, GAO says

Security just seems to be a never-ending challenge for CIOs and other healthcare data gurus. (If you read the Editor's Corner in this week's FierceHealthIT, you know that hospital IT and compliance departments seem to be more vigilant than ever when it comes to safeguarding electronic health information.)

Wouldn't you know, with more personal health data coming online as EMR usage grows, the threat of data loss, identity theft and discriminatory hiring practices has increased as well? Such menaces--plus the related challenge of implementing data-sharing practices that discourage inappropriate or illegal disclosures of health information--have hindered health information exchange, a new Government Accountability Office report has found.

However, in examining 18 HIEs in-depth, the GAO has uncovered numerous examples of how data exchange can help improve the quality of care. "Officials from two exchanges stated that they provide a direct connection from participating hospitals to their state's Department of Public Health for real-time reporting of conditions and for supporting the early detection of disease outbreaks," the report says.

To help organizations develop sound policies for privacy, security and health information exchange, the GAO also has compiled a list of seven "widely accepted fair information practices," including seeking patient consent to use individual data and limiting use and disclosure to specific purposes.

For greater detail:
- read the full GAO report (.pdf)
- see the one-page summary (.pdf)