GAO says HHS isn't protecting medical data privacy adequately

September 21, 2008 — 7:28pm ET | By Anne Zieger

Tools

Tags
Electronic Medical Records (EMRs)
Department of Health and Human Services (HHS)
medicare
Government Accountability Office (GAO)

HHS has not done enough to protect electronic medical data, a failure that has undermined consumer confidence in EMRs and possibly undercut vendors as well, according to the Government Accountability Office. The GAO would like to see HHS adopt a "defined approach" for prioritizing privacy-related initiatives, and suggests that the Office of the National Coordinator for Health Information Technology (ONCHIT) is a good choice for setting a prioritization process in motion.

The GAO report seems to fit the tenor of the times on the Hill. It comes within days of Rep. Pete Stark (D-CA) having submitted a health IT measure that would require the government to set standards for inter-operable health IT by a fixed date, as well as increasing financial penalties for privacy and security breaches by healthcare providers. Stark's measure would put ONCHIT in charge of the standards development process, which would have to be finalized by October 2011.

Stark's bill is also offering physicians who install and use an approved EMR system incentive payments up to $40,000 over five years, and hospitals payments of up to several million dollars. The payments would be issued through Medicare. Along the way, the bill would also call for the development of a certified open-source EMR that meets ONCHIT standards, which would allow providers to implement an EMR that meets guidelines for donation to MDs without having to incur up-front costs.

To learn more about these issues:
- read this press release from Rep. Stark
- read this Modern Healthcare article

Related Articles:
HHS plans surprise HIPAA audits
Group to create health data security protection standard
GAO reports numerous security breaches
CEOs urge laws offering EMR incentives