Register for free Federal Times E-Newsletters
Weekly highlights from print Daily round-up of top govt. news Monthly topic-specific reports

Your browser’s security settings are preventing some features from appearing. See instructions for fixing the problem.

Security is key to successful health IT, experts say

By REBECCA NEAL | Last Updated:February 11, 2010

Federal agencies and companies must ensure citizens trust the security of electronic medical records so patients will be willing to participate in record exchanges. But security can be challenging as both the private and public sectors try to comply with local, state and national laws and standards, industry experts say.

"Those with medical records, which have some of the most personal information people have, have a legal, ethical and even moral obligation to secure that information,'' said Steve Lubniewski, vice president of Lockheed Martin Health Solutions, during a Feb. 11 Webcast sponsored by 1105 Government Information Group. "If a health records management system isn't secure, someone with malicious intent can go in and alter a record. Imagine if a person has an allergy to penicillin and that warning is removed."

Strong cybersecurity can protect systems from intrusion, he said.

One federal agency experimenting with electronic records exchange is the Veterans Affairs Department. VA and Kaiser Permanente are piloting a records-sharing program between VA hospitals and Kaiser Permanente medical centers. VA mailed out "opt-in" letters to 1,144 veterans in the San Diego area late last year, and 313 agreed to participate. Since mid-December, the two institutions have shared medical records for 17 patients, reducing transit time from days or weeks to hours, said Gail Belles, director of the Veterans Health Administration's Health Care Security Requirements Service.

"Providers are using advanced security and privacy to ensure appropriate access to records," she said. Patients "can select whether to participate, the type of information that they're willing to share and the providers they're willing to share it with."

Setting up such programs is difficult because health IT is subject to four major federal laws, two presidential directives, state laws and dozens of standards issued by the National Institute of Science and Technology, she said.

"We're finding that our work in health IT and information sharing is very complex," Belles said.