The Security Scrutinizer with Howard Anderson

Mostashari: Leading the Way at ONC

Privacy and Security Appear to be Priorities

Back in February, when David Blumenthal, M.D., announced plans to step down as head of the Office of the National Coordinator for Health Information Technology, I said his successor should be someone who has executed IT projects and has the ability to collaborate with others (See: Choosing a New Leader at ONC).

Farzad Mostashari, M.D., who was named as Blumenthal's successor last week, appears to have these qualities.

Before joining ONC as deputy national coordinator for programs and policy, Mostashari served as assistant commissioner for the Primary Care Information Project at the New York City Department of Health and Mental Hygiene, where he helped lead the way in the adoption of prevention-oriented health information technology by more than 1,500 providers in underserved communities.

Mostashari also formerly led the NYC Center of Excellence in Public Health Informatics and a project focused on quality measurement at the point of care. He established the Bureau of Epidemiology Services at the NYC Department of Health, which provides epidemiologic and statistical expertise and data for decision making to the health department.

Sizing up Mostashari's qualifications, security consultant Bob Chaput, president of Clearwater Compliance, said: "Dr. Mostashari's field experience as a scientist and large project implementer will be especially useful in providing effective leadership at ONC." (See: ONC's New Leader: An Assessment.

Bill Bria, M.D., chief medical information officer at Shriners Hospitals for Children, said Mostashari "is a terrific communicator and team builder. I believe Farzad, from his background in public health, is a strong defender of patients' rights and confidentiality."

HITECH EHR Incentive Criteria

One of the next big tasks for ONC is crafting the meaningful use rules for Stage 2 of the HITECH electronic health record incentive program. We're hoping Mostashari will take an aggressive leadership role in working with the top brass at the Department of Health and Human Services to ensure that tough privacy and security provisions are included in the final rule for Stage 2 criteria.

Mostashari's comments before the Health IT Standards Committee last month shed light on his priorities. Filling in for Blumenthal at the meeting, Mostashari sounded like he was offering a vision statement. He stressed that ONC must emphasize "putting patients and their interests in the center of everything we do -- their interests including privacy and security."

He also stressed the need to "move from strategy to execution on many of the things that we've started and designed." And that's good news, indeed.

Faced with the huge task of carrying out many of the provisions of the HITECH Act on a very tight timetable, Blumenthal did a good job of laying out many of the necessary strategies. Plus he got the electronic health record incentive program up and running on time. For all that, he deserves tremendous credit.

But Blumenthal's to-do list was a long one, and many items remain. In addition to developing criteria for future stages of the EHR incentive program, ONC must draft a governance rule for those using the Nationwide Health Information Network standards. It's also working on an overdue report to Congress, in collaboration with the Federal Trade Commission, on the privacy and security requirements for personal health records vendors. Plus, ONC and OCR are slated to collaborate on a report addressing de-identification of protected health information for use in research. And that's just a sampling of the tasks that remain.

In his final days in office, Blumenthal submitted a draft of a Federal Health IT Strategic Plan for 2011-2015. Mostashari and his team will review comments on the draft and then decide whether to modify its provisions, including those addressing privacy and security. (See: Health IT Strategic Plan: A Critique) .

Privacy, Security Standards

Christopher Paidhrin, security compliance officer at Southwest Washington Medical Center in Vancouver, Wash., is waiting to see whether the new head of ONC can lead the agency to effectively implement privacy and security standards. "I believe Dr. Mostashari is qualified, articulate and capable," Paidhrin says. "My concerns would be on whether he can move the behemoth of this ONC forward with alacrity and efficiency."

Deven McGraw, co-chair of the Privacy & Security Tiger Team that's advising ONC, says she's confident that Mostashari "takes the issues of privacy and security very seriously and is committed to securing public trust in health IT and electronic health information exchange." But she adds, "He will continue to face the same challenges faced by Dr. Blumenthal. Federal jurisdiction over privacy and security policy is shared by multiple agencies, and getting them to move in a coherent and consistent direction, with shared priorities, will continue to be a challenge for anyone in this job."

The HHS Office for Civil Rights, for example, is working on final versions of the breach notification rule, as well as modifications to the HIPAA privacy and security rules called for under the HITECH Act. Hopefully, Mostashari and his staff will collaborate with OCR, and other agencies, on these and many other projects.

So what do you think? Was Mostashari a good choice to head ONC? We'd like to hear from you.



About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.in, you agree to our use of cookies.