Healthcare Information Security

Cybersecurity News

ONC interoperability roadmap cites privacy, security needs

By Patrick Ouellette

- The Office of the National Coordinator for Health Information Technology (ONC) recently revealed some of its core plans for healthcare IT interoperability in a new report, “Connecting Health and Care for the Nation: A Ten Year Vision to Achieve Interoperable Health IT Infrastructure.”

ONC will use clinicians, hospitals, public health, technology developers, payers, researchers, policymakers, individuals, and others to help create the standards and protocols necessary for health information to flow efficiently across different networks. Privacy and security were among the key items that the ONC deemed necessary to interoperability throughout the report, as it stated that it’s essential to maintain public trust that health information is safe and secure.

To better establish and maintain that trust, we will strive to ensure that appropriate, strong, and effective safeguards for health information are in place as interoperability increases across the industry. We will also support greater transparency for individuals regarding the business practices of entities that use their data, particularly those that are not covered by the HIPAA Privacy and Security Rules.

ONC’s goal is to operationalize a common framework to bolster patient trust by addressing key privacy, security, and business policy and practice challenges to continue the improvement of secure, authorized health information exchange across existing networks. Overall, it will concentrate on five building blocks as part of a nationwide interoperable health information infrastructure: (1) Core technical standards and functions; (2) Certification to support adoption and optimization of health IT products and services; (3) Privacy and security protections for health information; (4) Supportive business, clinical, cultural, and regulatory environments; (5) Rules of engagement and governance.

ONC cited how the healthcare industry needs to continue to update privacy and security protections as technology innovation evolves to pick out and assess potential infrastructure gaps and weaknesses. Though some states having policies in place that stipulate how patients must give affirmative consent to disclose their health information may complicate the process, ONC maintains that these patients will be accounted for as new standards are built.

We will work to improve standards, technology, and workflow that enable the electronic collection and management of consent as well as the electronic exchange of related information within existing legal requirements (including notice of redisclosure restrictions). We will also invest in methods and approaches that support distributed analytics and open evidence sharing without sharing PHI. Continued coordination across federal and state governments is needed to develop, implement, and evolve appropriate privacy and security policies for various types of health information exchange.

In addition to privacy issues, health information interoperability may present security questions as well. The ONC will work with the National Institute of Standards and Technology (NIST) and other stakeholders to “expand the options for ensuring, at an appropriate level of certainty, that those who access health information electronically are who they represent themselves to be.” By augmenting the policies and standards, healthcare organizations can see to it that health information is only accessed by authorized people and is used in reasonable and transparent ways.

We will support developers creating health tools for consumers to encourage responsible privacy and security practices and greater transparency about how they use personal health information. In addition, we will collaborate with the Office for Civil Rights (OCR) and other agencies to encourage greater consumer education about the benefits of health information exchange and the steps they can take to safeguard their own data.

As with most federal roadmaps, the key with privacy and security will be help from various stakeholders while the ONC continues its outreach and technical assistance. Having a strong set of standards, policies, and services to meet healthcare electronic exchange needs can help the industry achieve these goals.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks