In an article she recently contributed to HealthAffairs, Karen DeSalvo, National Coordinator for Health Information Technology, discussed the finer points of the Office of the National Coordinator's strategy for interoperability among systems, about which she remains "optimistic."
She identifies "three pathways" to interoperability, citing a need for "clarity about the trust environment," which includes asking which security and privacy expectations are "shared." DeSalvo says that defining the "trust environment" means addressing gaps between privacy policies within states, and that they will follow the plan laid out by the Department of Health and Human Services.
Healthcare agencies should take this as a sign that any system which transmits electronic health data has to agree with some sort of consistent performance standard. Electronic health records are at risk of theft and compromise because of both the information they contain and the many digital hands they can pass through, leaving many possible sources of a breach or information leak.
A recent KrebsOnSecurity article illustrates this point by showing the way a leak from one health center was traced back to a firm providing medical billing services.
"As this incident shows, a breach at one service provider or healthcare billing company can have a broad impact across the healthcare system, but can be quite challenging to piece together," the article states. "Sensitive stolen data posted to cybercrime forums can rapidly spread to miscreants and ne'er-do-wells around the globe," it adds later.
Within practices, a physician consultant will encourage regulatory compliance through services designed to help a particular center achieve better performance results. Part of the case-specific strategy could involve developing and reviewing the relevant compliance plan, after working closely with stakeholders. Adapting to a more interoperable environment requires the groundwork to be laid in advance.