TRENDING:

Embedding Privacy in EHRs

Presidential Council Calls for 'Universal Exchange Language' Howard Anderson (ismg_editor) • December 9, 2010    
Embedding Privacy in EHRs
A presidential advisory council is calling for the development and widespread adoption of a "universal exchange language" to ease the transfer of health information while maintaining privacy.

The President's Council of Advisors on Science and Technology recommends in its new report that use of a new standard, built on extensible markup language, be a requirement for participating in future stages of the HITECH Act electronic health record incentive program.

"Achieving the full potential of health information technology will require the development and adoption of a robust information-sharing infrastructure to facilitate the exchange of data among institutions," the council said. Such an infrastructure would "allow health data to follow patients wherever they are, with appropriate privacy protection and patient control, while giving patients' various doctors a more complete picture of those patients' medical conditions and needs."

Call for Federal Action

The 108-page report states that the technology to create the infrastructure and exchange language exists, "but since the development of those systems is not likely to be a profitable venture in itself, the federal government should facilitate their creation and then leave the private sector to develop products that build on them."

As a result, the council calls on two units of the Department of Health and Human Services -- the Office of the National Coordinator for Health Information Technology and the Centers for Medicare & Medicaid Services - to develop guidelines to spur adoption of an exchange language in conjunction with electronic health records.

The ONC is seeking comments on the report as it begins to prepare requirements for Stage 2 of the Medicare and Medicaid electronic health record incentive payment program, which starts in 2013. Requirements for Stage 1, which starts in 2011, are already in place.

Use With Existing EHRs

A universal exchange language would enable a movement from today's electronic health records "to a more medically useful and secure system in which individual bits of healthcare data are tagged with privacy and security specifications," the council said. The advisory body, however, stressed that healthcare organizations would not have to replace their EHR systems because they could be made compatible with the new language through middleware.

The best way to manage and store data for advanced data-analytical techniques, according to the report, is to break them down into the smallest individual pieces that make sense for data exchange or aggregation. These "tagged data elements" pair data with a mandatory "metadata tag" that describes, among other things, the required security and privacy protections, according to the council.

"A key advantage of the tagged data element approach is that it allows a more sophisticated privacy model -- one in which privacy rules, policies and applicable patient preferences are innately bound to each separate tagged data element and are enforced both by technology and by the law," the council said. For example, a system that incorporates a universal exchange language could make it clear that a patient has requested that certain portions of her record should not be shared with certain clinicians.

"Addressing a widespread privacy concern, such a system would not require the creation or assignment of universal patient identifiers, nor would it require the creation of any centralized federal database of patients' health information," the council noted.

Previous
The Business of Security
Next
OMB Unveils Data Center Consolidation, Cloud Plan

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.