Focus on Electronic Health Information


Reprinted with permission from Birmingham Medical News (May 2023).

There have been several recent governmental actions which highlight the balance between securing electronic patient information and the need for interoperability and appropriate exchange of such information. This article will summarize two of those recent actions.

ONC Proposed Rules

The Office of the National Coordinator for Health Information Technology (“ONC”) recently announced proposed rules designed to improve ONC’s Health IT Certification Program and increase interoperability entitled “Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing” (the “Proposed Rule”). The Proposed Rule addresses four (4) key ONC priorities: building the digital foundation of health record information, making interoperability easier, promoting information sharing, and ensuring proper use of health IT tools.

Included in the Proposed Rule are proposals to implement the EHR Reporting Program as a new Condition of Certification for developers of certified health IT; to modify and expand exceptions within the information blocking regulations to support health information exchange; and to update and reformulate several certification criteria to support health IT functionality in a way that adequately and appropriately supports interoperability and the access and use of health IT. The Proposed Rule also includes new policies aimed at promoting greater trust in the predictive decision support interventions used in healthcare technology. The focus of the Proposed Rule is to enhance the movement of electronic health information in a safe and compliant manner and to improve transparency with regard to health IT.

With regard to the Proposed Rule, Micky Tripathi, PhD, national coordinator for health information technology, said “In addition to fulfilling important statutory obligations of the 21st Century Cures Act, implementing these provisions is critical to advancing interoperability, promoting health equity, and supporting expansion of appropriate access, exchange, and use of electronic health information.”

The Proposed Rule was published on April 18, 2023 and will be open for public comment by interested parties for 60 days.

HHS Cybersecurity Task Force

On April 17, 2023, The HHS 405(d) Program announced the release of several resources designed to address cybersecurity concerns among healthcare providers and to secure electronic health information. These resources are beneficial tools for providers aiming to bolster cybersecurity efforts.

Knowledge on Demand offers free cybersecurity training on social engineering, ransomware, loss of theft of equipment and data, insider accidental or malicious data loss, and attacks against network connected medical devices. Providers looking to enhance employee training in these areas should consider utilizing Knowledge on Demand. All training should be documented.

Another resource, the Health Industry Cybersecurity Practices, was updated to include a discussion on the danger of social engineering attacks. These attacks are designed to trick employees into revealing information that can be used to infiltrate a system or network. The Health Industry Cybersecurity Practices include various cybersecurity guidelines, practices, methodologies, procedures and processes healthcare organizations can use to improve cybersecurity and better protect electronic health information.

Finally, the Hospital Cyber Resiliency Initiative Landscape Analysis provides an overview of how hospitals are or are not protecting themselves against certain cybersecurity threats, identifying best practices and areas of improvement. Every hospital should review this analysis to determine how well it is protecting its electronic information in comparison to industry peers.

Both of these recent initiatives support the government’s increased focus on the security and exchange of electronic health information.

Jump to Page

Contact Us

About Burr & Forman Cybersecurity & Data Privacy Law

Burr & Forman's experienced team helps clients navigate the complex cybersecurity and data privacy landscape with strategies designed to assess current risks, develop a corrective action plan, implement best practices, and provide immediate and appropriate responses to a cybersecurity breach.

We use cookies to improve your website experience, provide additional security, and remember you when you return to the website. This website does not respond to "Do Not Track" signals. By clicking "Accept," you agree to our use of cookies. To learn more about how we use cookies, please see our Privacy Policy.

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.