The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

Federal Health IT Plan Prioritizes Security, Privacy

by Chris Brook on Wednesday January 22, 2020

Contact Us
Free Demo

The U.S. HHS released a draft of its federal health IT plan for 2020-2025 and health and privacy are top of mind.

The U.S. Department of Health and Human Services reiterated this week that the department is planning prioritize the security and privacy of individuals’ health information for the foreseeable future.

In a draft document released by The Office of the National Coordinator - a division of the HHS' Office of the Secretary – the ONC outlined its goals for the next five years, including efforts its taking to "put individuals first" by ensuring there’s patient-centric healthcare on what it calls an interoperable health IT infrastructure.

According to the document, 2020-2025 Federal Health IT Strategic Plan, the concept is one of the ONC’s six federal health principles for 2020-2025:

Specifically, the ONC says it’s focusing on making investments and fine-tuning standards and policies for secure application programming interfaces (APIs) in addition to fostering other technologies.

Developing and moreso settling on standards for healthcare APIs and interoperability is easier said than done. There exist implementation standards but they're not all enforced or adopted. Stakeholders will have to resolve outstanding challenges before these APIs are widely embraced.

That said, whenever there's a problem, one of the first steps is admitting it. The ONC is apparently cognizant of this, admitting that despite an uptick in breaches over the years, "healthcare organizations still have poor understandings of cybersecurity risks and best practices," adding that more robust mechanisms will be necessary going forward.

One of the ONC's objectives is to connect healthcare and health data through an interoperable health IT infrastructure. One way its planning to do this is by implementing privacy and security mechanisms that are appropriate for the sensitivity of the data. This can be achieved through multi-factor authentication and encryption embedded in APIs.

“ONC, along with our partners across the federal government, strive to promote a health IT economy that increases transparency, competition, and consumer choice, while also seeking to protect the privacy and security of individuals’ health information,” ONC Chief Don Rucker, MD, wrote.

To develop the plan the ONC claims it worked with 25+ federal organizations involved in overseeing health information technology and recommendations made by its Health IT Advisory Committee, a group started in wake of the 21st Century Cures Act that contains officials from a handful of universities and hospitals, in addition to Epic, Anthem Blue Cross Blue Shield, and the federal sphere – including the DoD, the Department of Commerce, Justice, Veterans Affairs, and Homeland Security.

The ONC is welcoming feedback on the document until March 18. Whenever it's finally approved, the 2020-2025 plan will function as a roadmap for federal agencies and help bring entities in the private sector closer together, HHS said.

Tags: Industry Insights, Healthcare

Recommended Resources

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.