HIMSS 2011: A News Summary
Updates on HIPAA Audits, Final Regulations and MoreIn case you weren't one of the more than 31,000 who attended this year's Healthcare Information and Management Systems Conference in Orlando, here's a rundown of some of the privacy and security news from the show.
You can find all these stories and interviews on our HIMSS 2011 Conference page.
Adam Greene, senior health information technology and privacy specialist at the Office for Civil Rights, said the office has yet to firm up a timeline or a strategy for HIPAA compliance audits, which were mandated by the HITECH Act. OCR, which hired the consulting firm Booz Allen Hamilton to help design the auditing program, "is still working through what will give us the most bang for the buck," Greene said. For example, it's still weighing whether to audit a random sample of healthcare organizations or "going wider," he said.
Federal regulators won't issue final versions of two important rules that deal with healthcare information privacy and security issues until the second half of this year, said security expert Lisa Gallagher.
Final versions of the modifications to HIPAA privacy, security and enforcement rules, as well as the HITECH Act breach notification rule are now slated for release in the third or fourth quarter, according to Gallagher, senior director of privacy and security at HIMSS. As for Greene, he wouldn't answer questions about the timing of the release of the rules.
In his keynote address, David Blumenthal M.D., the outgoing national coordinator for health IT, devoted only about a minute to privacy and security issues. A key priority, he said, is "to assure the public that privacy and security is ever-present on our minds and can be provided in the context of health information exchange."
Exclusive Interviews
I conducted six podcast interviews at HIMSS. Here's a sampling:Deven McGraw, co-chair of the Privacy and Security Tiger Team, revealed that many of the team's recommendations likely will be implemented initially through the Nationwide Health Information Network governance rule, slated to be proposed this fall.
Doug Fridsma, M.D., of the HHS Office of the Coordinator for Health IT, compared and contrasted the security approaches of two national health information exchange projects.
Lee Aase of Mayo Clinic described the organization's social media guidelines and offered insights on protecting privacy and security.
Again, for these and other news and insights, please see our HIMSS 2011 Conference page.