Dear RIS Insider,
U.S. government healthcare initiatives can be equal parts beguiling and bedeviling. On one hand, the healthcare informatics market has long expressed its frustration at the lack of federal direction or support for an electronic health record. On the other, that same industry missed the Centers for Medicare and Medicaid Services (CMS) deadline for electronic transaction and code sets, and appears to be struggling to meet the challenges of HIPAA Security Rule compliance.
In the first of two feature stories for this RIS Insider, SG&A Consulting general counsel Kris Knight explores recent U.S. government initiatives to promote health information technology. Dr. David Brailer, national health information technology coordinator at the U.S. Department of Health and Human Services, has his work cut out for him, according to Knight.
The coordinator's responsibilities include developing, maintaining, and directing the implementation of a strategic plan to guide the nation's implementation of interoperable health information technology in both the public and private healthcare sectors. Knight believes President Bush's executive action will benefit the entire industry. How expeditiously these benefits will reach the various members of the healthcare delivery community, and how long it will take for all players to get on board with the proposed initiatives, are questions that still need to be answered.
According to a survey this summer by consulting firm Phoenix Health Systems of Montgomery Village, MD, and the Healthcare Information and Management Systems Society (HIMSS) of Chicago, much of the healthcare informatics industry is still struggling with HIPAA provisions. With less than five months until the April 21 deadline for the HIPAA Security Rule to go into effect, many organizations and vendors are still besieged with implementation issues.
As co-authors Christine and Terry Callahan note in our second RIS Insider feature, the required standards for the security rule -- security incident procedures, audit controls, person or entity authentication, and access control -- are closely intertwined. They observe that to effectively monitor and address security incidents in the radiology department, it is necessary to audit electronic protected health information activity.
Saying it doesn't necessarily make it so, which is what many radiology information technology and systems administrators are finding as they attempt to implement a departmentwide audit system. They're discovering that meeting the standards can be difficult for multivendor radiology departments, as audit log data may or may not be transparent from one vendor to another.
The authors advocate that IT administrators implement centralized auditing, user authentication, and access control as a solution for security-compliance issues. This effort can be greatly assisted by following the Integrating the Healthcare Enterprise (IHE) technical implementation specification for security compliance.
If you'd like to find out what's on tap at the federal level for health information technology, click here; if you'd like to find out how you can implement HIPAA security compliance at your facility, click here. As a RIS Insider subscriber, you have access to these stories before they're published for the rest of our AuntMinnie.com members.
In related news, if you haven't had a chance to read our exclusive Road to the RSNA RIS preview, be sure to stop by and take a look. We've profiled new offerings from more than 35 informatics firms that will be exhibiting at the conference next week in Chicago.
