The Chicago-based American Health Information Management Association is backing HHS' inspector general's office in two reports the federal watchdog issued Tuesday that were critical of health information security policy and enforcement by the Office of the National Coordinator for Health Information Technology and the Office for Civil Rights.
AHIMA issues support for OIG findings on info security problems
One of the reports called for the ONC to provide more leadership in promoting health information security, such as by requiring the use of encryption software as part of the meaningful-use criteria for federal IT incentive payments under the American Recovery and Reinvestment Act. The other report chided the OCR and the CMS for lax enforcement of the federal security laws and rules. The OIG's criticism was based in part on random audits it conducted of hospital security practices in seven states—probes that found security weaknesses to be endemic.
According to a statement by AHIMA board President Bonnie Cassidy, the organization, which represents 61,000 medical records professionals, "welcomes the (OIG's) advice … calling for the Office of the National Coordinator to increase the security aspects of meaningful use in the form of standards requirements associated with electronic health records and health information exchanges."
The OIG audit initiative was "not large enough to be reflective of the state of the nation's health information security," Cassidy said, but "advising ONC to increase security requirements is appropriate and warranted, especially where EHR certification is concerned."
"Health information management professionals are committed to collaborating with peers and providing leadership with the implementation of electronic health records and health information exchanges," Cassidy said. "We too, therefore, are concerned with health information security. So much so, in fact, that we urge ONC and the Office (for) Civil Rights, with the assistance of the National Institute of Standards and Technology, to also address security education in the assistance offered to providers and states in the implementation of EHRs and HIEs." AHIMA will work with health information management professionals to ensure that "lessons learned from the OIG's reports are well-understood and properly addressed," she added.
Send us a letter
Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.