NHIN Users Will Need Tougher Security, Feds Warn

GHIT Staff | Government HealthIT | July 1, 2009

Healthcare providers and businesses that plan to use the nationwide health information network need to strengthen their security and privacy measures to ensure healthcare transformation succeeds, Julie Boughn, chief information officer of the Centers for Medicare and Medicaid Services, said today.

The private sector should adopt many of the foundation information security practices that federal agencies are held to by the Federal Information Security Management Act (FISMA), or at least use it as a guide, Boughn said at a conference on the nationwide health information network (NHIN) and the use of Connect, a tool to access the NHIN developed by a group of federal agencies.

FISMA is a 2002 law requiring federal agencies to have security polices in place for their information systems, including those managed by contractors or external sources. Federal health IT planners are concerned that the healthcare industry comply with FISMA so that public-private health information sharing is not hampered.

"We need this technology to move the country forward in healthcare," she said. "If we screw up security and privacy, this won't happen. This (FISMA) is not too much to ask of us as an industry."