AUG 6, 2012 12:08pm ET

The Obama Administration’s Timid Approach to Security

Print
Reprints
Email

Meaningful use of electronic health records means meaningful protection of the data in electronic health records. Unless you work in the Obama administration, where, except for national security, timidity is the rule on issue after issue.

As of Aug. 3, it has been 1,264 days since the HITECH Act, which broadly expanded the use of EHRs. The act touted enhanced protections for health information, but contained no mandate for data encryption. Stage 1 of meaningful use didn’t require encryption. The final Stage 2 meaningful use rule has been written and should soon be issued; the proposed rule’s language on encryption can charitably be called timid.

There’s still no final rule for the promised HIPAA breach notification, privacy and security enhancements which HITECH proposed. A final rule was sent to the Office of Management and Budget for review in March, with an “extended review” tag affixed to it a couple months later. OMB is within the Executive Office of the President.

It has been 1,046 days since the interim breach notification rule, which did not mandate data encryption, became effective. Under the rule, we know that protected health information for 21 million Americans has been compromised in more than 500 major breaches--and that doesn’t count the 30,000+ smaller breaches. Electronic PHI in the breaches was compromised because data wasn’t encrypted, plain and simple.

Many of the breaches involved Social Security numbers. It has been five years since the Office of Management and Budget, under President George Bush, ordered agencies to reduce unnecessary use of SSNs and six years since the Centers for Medicare and Medicaid Services first explored options. CMS again explored options in 2011, using methodologies the Government Accountability Office recently criticized. But aside from “exploring,” CMS hasn’t done a thing to reduce use of SSNs in the past six years--nearly four of them during President Obama’s watch.

In the Information Age, how can an administration, especially one with a populist bent and a President with a gift for persuasion, not embrace personal privacy as good for the nation, as well as good politics? It comes back to timidity. This administration does not believe it can win a national debate with business interests and some GOP members of Congress who are seeking to weaken privacy laws on protecting individual and business information. And it doesn’t want to raise any issues that could give the opposition any type of ammunition in an election year. But it wasn’t an election year until seven months ago.

Heck, this administration isn’t confident it can win a national debate on just about anything. Time and again, on banking regulation, health care reform, job creation, immigration, civil rights and environmental protection, the administration has fought with one hand behind its back and the other hand giving concessions to an opposition that from day one made clear it wasn’t going to support any legislation generated by the President.

And the administration still lost most of the debates. Maybe the timid bit isn’t working.

Comments (2)
Your style is unique in comparison to other folks I've read stuff from. I appreciate you for posting when you've got the opportunity, Guess I'll just book mark this blog check.
Posted by Lavonna K | Monday, November 11 2013 at 4:06AM ET
It has been 1,046 days since the interim breach notification rule, which did not mandate data encryption, became effective. Under the rule, we know that protected health information for 21 million Americans has been compromised in more than 500 major breaches--and that doesn't count the 30,000+ smaller breaches.Careless whisper sax Electronic PHI in the breaches was compromised because data wasn't encrypted, plain and simple.
Posted by ryan m | Saturday, November 23 2013 at 4:24PM ET
Add Your Comments:
You must be registered to post a comment.
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.

Blog Archive for Joseph Goedert

Sorry, Experts. Meaningful Use is a Success
Spotting Incompetence Shouldn’t be This Easy
For Good Policy Making, Facts Must Matter
Things I learned at HIMSS13 in New Orleans
Want Your HIMSS News Covered? Read This

More from Joseph Goedert »

Blog Index »

Twitter
Facebook
LinkedIn

Unlike some other major industries, health care incorporates geospatial data only sparingly. But that could change quickly with population health a priority.

Login  |  My Account  |  White Papers  |  Web Seminars  |  Events |  Newsletters |  eBooks
Already a subscriber? Log in here
Please note you must now log in with your email address and password.