• E-mail
• Print
• RSS

On the road to interoperability

Briefings on HIPAA, April 1, 2016

This is an excerpt from a member only article. To read the article in its entirety, please login or subscribe to Briefings on HIPAA.

Interoperability isn't a new goal, but 2016 may be the year it becomes closer to a reality. HHS' 2017 budget includes a boost in the Office of the National Coordinator for Health Information Technology (ONC) funding specifically for the development of interoperability guidelines and standards, like an interoperability code of conduct, as well as efforts to combat information blocking.

Staying ahead of change

Being a hot-button issue alone won't solve interoperability's problems. It's a complex initiative, and reaching the goals outlined in the ONC's Interoperability Roadmap means providers, vendors, and policymakers have to work together to create practical guidelines and products that meet all applicable existing legislation, including HIPAA and other privacy and security laws. Interoperability also requires software vendors and developers to go against the very nature of their business and work with the competition.

It's a tall order, but achieving interoperability could greatly reduce the technical burdens many security officers struggle with, as well as create an atmosphere in which providers and vendors can work together to keep PHI safe. If it's not achieved, greater administrative burdens, technological problems, and, at worst, significant security weaknesses could result, cautions Chris Apgar, CISSP, president of Apgar and Associates, LLC, in Portland, Oregon.

Security officers need to pay close attention to interoperability, Apgar says. "Any time code is touched or changes are made in how an application or interface works, [it] raises the risk that the end product will not include the required security controls."

If 2016 is the year the healthcare industry starts making real progress on the road to interoperability, security officers need to make sure they read the map and scout the territory to ensure their organizations don't take any wrong turns.

This is an excerpt from a member only article. To read the article in its entirety, please login or subscribe to Briefings on HIPAA.

• E-mail to a Colleague
• Print
• RSS
• Archive