HITECH Grants – Earmark Dollars for Data Security Too

In February 2009, the Obama administration announced that $2.0 billion in grant money will be made available to help hospitals and other health care providers transition to electronic health records (EHR). This past Monday, the White House took a big step and launched the first of two grant programs under the HITECH act which lays the groundwork for EHR.

The grant will be used to create what the HITECH Act calls the Health Information Technology Regional Extension Centers. These regional centers will play a major role in implementing a nationwide system of health information networks.
According to the Health and Human Services website, these centers will help hospitals select EMR technology, provide assistance on the implementation front, and ensure that the hospitals are complying with all regulatory and legal requirements to protect the patient’s health information.

While it’s encouraging that the regional centers will have a strong focus on enterprise security, it’s critically important that HITECH doesn’t become a HIPAA like paper tiger of passive regulations with little accountability. As I’ve blogged previously, the universal adoption of EHR significantly increases the vulnerabilities for a security breach of patient information. Security assurance remains a primary hurdle to the widespread adoption of EHR, but technologies like strong authentication, including fingerprint biometrics, proximity cards, etc…, are now widely available and can fullfill the promise of EHRs by significantly minimizing the security risks.

Khalid Kark of Forrester Research just issued a compelling whitepaper on how HITECH can strengthen information security across healthcare – accomplishing what HIPAA ultimately may have failed to do. If you’re moving forward on EMRs and have questions about security, you can download a complimentary copy of the Forrester whitepaper, “Healthcare Security: Ready or not, Here it Comes,” from the Imprivata website.

I’d be interested in hearing how HITECH may impact your hospital’s move towards EHRs, and what role you think these centers can play in facilitating your timely implementation.