Healthcare Information Security

Cybersecurity News

EHR Security Essential in HIE Push, Says AHA to Congress

By Elizabeth Snell

As the push for HIE continues, it is important to not lose sight of EHR security, according to the American Hospital Association (AHA).

AHA wants strong EHR security as HIE usage increases

In a letter to Congress, the AHA explained that it is important to strengthen the existing policy framework to further promote HIE usage. The AHA specifically highlighted several areas that need to be considered as health IT continues to evolve and HIE further advances. This included EHR security, a push for information sharing, and a discussion on how a lack of interoperability hinders progress.

The Medicare and Medicaid EHR Incentive Programs have been key drivers for HIE adoption, according to the AHA, and the meaningful use program has encouraged EHR adoption in hospitals. However, hospitals need more flexibility under the EHR meaningful use program to help create a better health system in the future.

Our members are actively engaged in building their IT systems and view information exchange as vital to care improvement, as well as to successful implementation of new models of care. Yet, hospitals and health systems report that many electronic health records (EHRs) do not easily share information, that they do not universally have access to efficient exchange networks and other infrastructure, and that the cost and complexity of the many interfaces needed to connect systems today are simply not sustainable.

For EHR security, the AHA stated that it is important for Congress to understand that as it considers cybersecurity issues, healthcare already has federal statutes and regulations in place that govern information security. HIPAA regulations explain how healthcare organizations must adhere to data breach and security notification requirements, and also dictates that facilities will face penalties if they fail to meet those standards.

“The AHA strongly believes that improving the infrastructure to support secure data sharing in support of clinical care can be accomplished within the existing HIPAA requirements and the existing framework of cybersecurity policy,” the AHA stated in its letter.

Information sharing is also critical to an improved health IT system, according to the AHA. However, the organization added that adding policy drivers that are aimed at encouraging providers to share health information would be unnecessary. Moreover, they could be counterproductive “if they become overly prescriptive or contradict the larger set of payment incentives and quality initiatives in place.”

“Similarly, heavy-handed sanctions on providers for failure to share information would be duplicative of the meaningful use requirements to share health information and could have unintended consequences,” the AHA said. “The AHA strongly opposes any ‘information blocking’ sanctions on providers beyond those in the existing EHR Incentive Programs and recommends the use of those existing structures to promote information sharing.”

It is important for Congress to create a policy environment that accelerates healthcare and also supports the development of secure systems for interoperability, according to the AHA. This will help improve care, engage patients, and will also support new models of care.

To read the AHA’s letter to Congress, click here.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...