GAO: Gov't HIT efforts lack privacy, security

Not only have federal health IT efforts left major holes in security and privacy policy, it's going to be difficult and expensive to fix the problem, too, according to a new GAO report. The watchdog organization would like to see HHS establish rules and project milestones which make sure that the exchange of digital health information between providers nationwide is secure and protects patient privacy. These rules should take into account individual state laws and specify the amount of information that can be released at any one time, GAO said. It will also be important to make sure individuals can get their hands on their digital record, the organization suggested. At the same time, the battle-weary HHS IT chief took fire from a senatorial committee last week, which isn't happy with the pace at which the agency is rolling out HIT.

HHS, for its part, says its critics have it wrong. HHS actually awarded several health IT contracts in 2005 whose purpose was to make sure that digital patient information was not inappropriately accessible, and has been field-testing its technology with regional HIEs in 33 states. As for the speed of its rollout of HIT, the giant agency is dealing with such a complex problem that it must move in small steps, officials contend.

To learn more about the state of federal IT security policy:
- read this Modern Healthcare article (sub. req.)
- read the GAO report on the issue (.pdf)