GAO report finds holes in HHS privacy efforts
The Government Accountability Office (GAO) has issued a report which evaluates the U.S. Department of Health and Human Services’ (HHS) efforts towards protecting the privacy of health information. This is not to say that HHS has not made privacy a major focus, said GAO in its report, but rather that HHS now needs to develop an “overall approach for integrating its various privacy-related initiatives.”
So far HHS has undertaken a number of efforts to bolster healthcare information security, including in 2005 awarding health IT contracts focused on finding ways to address privacy related to healthcare information exchange networks. Last year more work was done by the National Committee on Vital and Health Statistics and the American Health Information Community to address privacy and security issues on a national level. Their findings and conclusions were delivered to HHS for review.
GAO evaluated all of the work done by or commissioned by HHS and came to three core conclusions: that HHS should “identify milestones for integrating the outcomes of its privacy-related initiatives”; make sure that key privacy goals are fully implemented; and that overall this work should address “key challenges associated with the nationwide exchange of health information.”
In comments regarding the report, HHS wrote that it disagreed with GAO’s recommendation because it already had produced a “comprehensive and integrated approach for ensuring the privacy and security of health information” for such an information exchange.
GAO grants in its report that HHS has made substantial efforts towards privacy and security goals, but states in the report that “much work remains before they are completed and the outcomes of the various efforts are integrated.”
Dr. Robert Kolodner, interim national coordinator for health IT, stated in a related editorial that while GAO and HHS agree about the inclusion of privacy and security matters, the two organizations have a difference of opinion regarding the use of milestones. HHS leaders believe, according to Kolodner, that the achievement milestones should be developed as the health information highway in this country develops.
So far HHS has undertaken a number of efforts to bolster healthcare information security, including in 2005 awarding health IT contracts focused on finding ways to address privacy related to healthcare information exchange networks. Last year more work was done by the National Committee on Vital and Health Statistics and the American Health Information Community to address privacy and security issues on a national level. Their findings and conclusions were delivered to HHS for review.
GAO evaluated all of the work done by or commissioned by HHS and came to three core conclusions: that HHS should “identify milestones for integrating the outcomes of its privacy-related initiatives”; make sure that key privacy goals are fully implemented; and that overall this work should address “key challenges associated with the nationwide exchange of health information.”
In comments regarding the report, HHS wrote that it disagreed with GAO’s recommendation because it already had produced a “comprehensive and integrated approach for ensuring the privacy and security of health information” for such an information exchange.
GAO grants in its report that HHS has made substantial efforts towards privacy and security goals, but states in the report that “much work remains before they are completed and the outcomes of the various efforts are integrated.”
Dr. Robert Kolodner, interim national coordinator for health IT, stated in a related editorial that while GAO and HHS agree about the inclusion of privacy and security matters, the two organizations have a difference of opinion regarding the use of milestones. HHS leaders believe, according to Kolodner, that the achievement milestones should be developed as the health information highway in this country develops.