National Health IT Week: Sept 10-14, 2012

National Health IT Week

September 10-14, 2012 Excerpted from on Sept 8, 2012

The Seventh Annual National Health IT Week External Links Disclaimer is being held September 10-14, 2012. Health IT Week brings together the entire health IT community under one umbrella to raise awareness about the power of health IT to improve the quality, safety, and cost effectiveness of health care.

The events of the week provide a key opportunity for key stakeholders-vendors, provider organizations, payers, pharmaceutical/biotech companies, government agencies, industry and professional associations, research foundations, and consumer groups- to work together to highlight critical issues and advance a shared vision of improving the nation's health and health care through health IT. During Health IT Week, ONC has developed a specific theme upon which to build each day's events. We hope you are able to join us for as many as your schedule allows.

Health IT Events and Initiatives

  • Monday: Consumer eHealth/Blue Button
    2012 Consumer Health IT Summit: Expanding Access to Health Information
    Monday, September 10
    10:00am – 1:00pm ET (NOTE: Breakout sessions will occur from 1:00 – 3:30PM for attendees who are participating in person)

    Hubert H. Humphrey Building
    200 Independence Avenue S.W.
    Washington, D.C., 20201

    The 2012 Consumer Health IT Summit External Links Disclaimer will bring together federal leaders including: Todd Park, U.S. Chief Technology Officer and Farzad Mostashari, National Coordinator, Office of the National Coordinator for Health Information Technology, and inspiring leaders from the private and non-profit sectors. ONC's Pledge Program has grown more than ten-fold since last year-the 2012 Consumer Health IT Summit is a chance to learn from and share your experiences with others who are leading the charge to empower consumers to be better partners in their health.

    View the latest agenda [PDF - 104 KB] External Links Disclaimer

    Event will be Webcast Live at

  • Health IT Blog Carnival

    The Health IT Blog Carnival External Links Disclaimer is an open call for healthcare and IT industry bloggers who would like to comment on the impact health IT will have in 2013.

  • Tuesday: Improving Patient Care Through Meaningful Use
    ONC – HRSA Webinar Demo of the New ONC Privacy and Security Training Game and Program Update for Safety Net Providers|
    Tuesday, Septeber 11
    10:00am – 11:00am ET

    This webinar will feature a new training tool from the Office of National Coordinator for Health IT (ONC) Privacy and Security Group. ONC will demo an interactive training game for providers and staff on the "do's and don'ts" of privacy and security issues regarding health IT. This training tool can be used to help fulfill a safety net provider's HIPAA privacy training requirements. In addition, ONC will provide a privacy and security update on recent program changes and how they affect safety net providers.


    • Laura Rosas, JD, MPH, Policy Analyst, ONC
    • William Phelps Policy Analyst, ONC

    Register for the webinar External Links Disclaimer

  • PCPCC Advancing Primary Care through Health IT
    Tuesday, September 11
    2:00pm – 3:30pm ET

    The Patient Centered Primary Care Collaborative (PCPCC) is holding a webinar featuring speakers from CMS, ONC, and NCQA to discuss various aspects of health information technology and the patient-centered medical home. Please join us for a free and informative webinar from 2:00-3:30pm ET on Tuesday, September 11, entitled "Advancing Primary Care through Health Information Technology".


    • Richard Baron, MD, MACP, Group Director, Seamless Care Models, CMS Innovation Center
    • Jacob Reider, MD, Acting Chief Medical Officer, ONC
    • Mat Kendall, Director of Office Provider Adoption Support, ONC
    • Johann Chanin, Director in Product Development, NCQA

    Register for the webinar External Links Disclaimer

  • Wednesday: Privacy and Security
    NeHC Privacy and Security Programs|
    Wednesday, September 12
    11:00am – 12:00pm ET

    As part of Health IT Week External Links Disclaimer, National eHealth Collaborative External Links Disclaimer (NeHC) will offer a series of programs with the Office of the National Coordinator for Health IT (ONC) to highlight their various initiatives, including those related to privacy and security. Joy Pritts, Chief Privacy Officer at ONC will kick off the program and Laura Rosas, Privacy and Security Professional at ONC and Will Phelps, HIT Cyber Security Program Officer with HHS, will provide an interactive demonstration of Cybersecure: Your Medical Practice, a new avatar-based game meant to enhance organizations' understanding of privacy and security.


    • Joy Pritts, Chief Privacy Officer, ONC
    • Laura E. Rosas, JD, MPH, Privacy and Security Professional, Office of the Chief Privacy Officer, ONC
    • Will Phelps, HIT Cyber Security Program Officer, US Department of Health and Human Services

    URL: External Links Disclaimer

    Fee: No charge

  • Thursday: Standards, Interoperability, and Health Information Exchange
    NeHC Standards & Interoperability Framework
    Thursday, September 13
    1:00p – 2:30pm ET

    Continuing with the HIT Week Program Series, National eHealth Collaborative External Links Disclaimer (NeHC) will offer a program with Deputy National Coordinator David Muntz and Director of the Office of Science and Technology, Dr. Doug Fridsma to lead a discussion on the progress of the Standards and Interoperability Framework. Dr. Holly Miller from MedAllies, Inc. and David Tao from Siemens Healthcare will discuss the S&I Framework from the perspective of a provider and a vendor respectively.


    • David Muntz, Principal Deputy National Coordinator, ONC
    • Dr. Doug Fridsma, Director, Office of Standards and Interoperability, ONC
    • Dr. Holly Miller, Chief Medical Officer, MedAllies, Inc.
    • David Tao, Senior Key Expert and Interoperability Champion, Siemens Healthcare

    URL: External Links Disclaimer

    Fee: No charge

  • Friday: Quality and Health IT
    eHC Quality in Health IT Webinar
    Friday, September 14
    11:00am – 12:00pm ET

    The final webinar of the HIT Week Program Series External Links Disclaimer, National eHealth Collaborative  External Links Disclaimer (NeHC) will provide a program featuring Dr. Farzad Mostashari, Dr. Carolyn Clancy, and Dr. Patrick Conway to discuss how ONC, AHRQ, and CMS are collaborating to leverage health IT to improve healthcare quality. Speakers will provide a vision for the quality measurement enterprise of the future as well as the necessary steps to transition to health IT-enabled measurement, reporting and feedback that drives improvement in care and outcomes. They will also identify challenges moving forward in realizing this vision, including the need for continued public-private collaboration to continuously evolve and improve the enterprise.


    • Dr. Farzad Mostashari, National Coordinator for Health Information Technology, ONC
    • Dr. Carolyn Clancy, Director, Agency for Healthcare Research and Quality (AHRQ)
    • Dr. Patrick Conway, Chief Medical Officer, Director, Office of Clinical Quality Standards and Quality , Centers for Medicare and Medicaid Services (CMS)

    URL: External Links Disclaimer

    Fee: No charge

  • HRSA Leadership Tips During a Health IT Implementation Webinar

    Friday, September 14
    2:00pm – 3:30pm ET

    This webinar focuses on the importance of leadership in successfully steering an organization through a health IT implementation. It features established leaders who have conducted more than 70 health IT implementations in health centers, rural health clinics, and critical access hospitals. The presenters will also focus on how leadership is important in helping staff, clinicians, patients, a safety net providers' board, and partners adjust to and overcome the barriers that typically accompany a health IT implementation and impede success. Lastly, the presenters will provide leadership examples of unique health IT implementation situations such as meeting meaningful use objectives, changing vendors, and implementing health IT in multiple provider sites. Presenters include:

    • Terry Hill, MPA, Executive Director and Joe Wivoda, Chief Information Officer
      National Rural Health Resource Center
    • Greg Wolverton, Chief Information Officer
      White River Rural Health Center, Arkansas
    • Doug Smith, Executive Director
      Greene County Healthcare, North Carolina

    Register for the webinar External Links Disclaimer


  • HIMSS "Health IT is…" Twitter Chat

    Friday, September 14

    On Friday, September 14, @HIMSS External Links Disclaimer and @HealthStandards External Links Disclaimer are moderating at #HITsm Twitter chat on National Health IT Week at 12 noon ET. More details including chat questions will be shared on the HL7 Standards blog External Links Disclaimer closer to the day.


  • Celebrate in Your Hometown

    Find out 10 ways to get involved External Links Disclaimer, whether externally in your community and/or by communicating the value of health IT within your own organization.


    View a full list of National Health IT activities taking places across the U.S. External Links Disclaimer, or to visit the National Health IT Week website External Links Disclaimer to learn more.

    It's also easy for individuals and organizations across the country to participate. Potential partners – including corporate, non-profit and academic institutions – should visit the National Health IT Week website Partners page External Links Disclaimer to learn more about generating awareness of health IT in their communities.



Safeguarding Health Information: Building Assurance through HIPAA Security Purpose

Safeguarding Health Information: Building Assurance through HIPAA Security
Excerpted on Sept 3, 2012 from NIST HIPAA Security Conference


hipaa logoThe National Institute of Standards and Technology (NIST) and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) co-hosted the 5th annual conference Safeguarding Health Information: Building Assurance through HIPAA Security on June 6 & 7, 2012 at the Ronald Reagan Building and International Trade Center in Washington, D.C.

The conference explored the current health information technology security landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This event highlighted the present state of health information security, and practical strategies, tips and techniques for implementing the HIPAA Security Rule. The Security Rule set federal standards to protect the confidentiality, integrity and availability of electronic protected health information by requiring HIPAA covered entities and their business associates to implement and maintain administrative, physical and technical safeguards.

The conference offered important keynote addresses and plenary sessions as well as breakout sessions following two learning tracks around specific areas of security management and technical assurance. Presentations covered a variety of current topics including updates on HHS health information privacy and security initiatives, OCR's enforcement of health information privacy and security activities, integrating security safeguards into health IT, safeguards to secure mobile devices, removing sensitive data from the Internet, and more.

A single registration fee granted access to all presentations on-site and through a live Webcast. Video of the event is available at:

A live Twitter Chat was conducted using the hashtag #HIPAASecurity.

Lunch and refreshments were served on-site.


Conference Agenda – Final Agenda dated 5/29/2012

Presentations can be viewed from the NIST Computer Security Division's website known as Computer Security Resource Center (CSRC).

Presentations – 2012 HIPAA
Excerpted on Sept 3, 2012 from (updated: Wed., June 6 @ 10:27am EST.)

NOTE: All presentations posted are in PDF format. Also note, when you click on the link to a presentation, the presentation will open up in a new browser window and this page will still be open in the background.

Wednesday, June 6 (Day 1):

9:00-9:15 Welcome and Logistics
David Holtzman, OCR and Kevin Stine, NIST

9:15-9:30 Leadership Remarks
Matt Scholl, Deputy Chief, Computer Security Division, NIST

9:30-10:15 Risk Management Framework: Privacy Controls
Dr. Ron Ross, NIST

10:30-11:15 Beyond HIPAA: The FTC Privacy Report
Cora Tung Han, FTC

11:15-12:15 Establishing an Access Auditing Program
Cindy Matson, Sanford Health System

1:15-2:00 View From the Cloud: Security Assurance Considerations for a Purchaser
Mac McMillan, HIMSS; and Vince Campitelli, Cloud Security Alliance

2:00-2:45 HHS/ONC Overview
Joy Pritts, Chief Privacy Officer, Office of the National Coordinator

3:00-4:00 (Breakout A-1 Session) Security of Mobile Devices
Lisa Gallagher, HIMSS

3:00-4:00 (Breakout B-1 Session) Security of Health Information When Maximizing Accessibility and Usability
Matt Quinn, NIST, and David Baquis, US Accessibility Board

4:05-4:50 (Breakout A-2 Session) ONC Mobile Device Project
David Shepherd, LMI

4:05-4:50 (Breakout B-2 Session) Integrity Protections
Dan Rode, AHIMA

Thursday, June 7 (Day 2):

9:00-9:30 The Convergence of Privacy and Security in Protecting Health Information
Leon Rodriguez, Director, OCR

9:30-10:30 OCR Audit Program
Linda Sanches, OCR

10:45-11:45 HIPAA Security Rule Toolkit Use Case
Sue Miller, WEDI Security and Privacy Workgroup; Jim Sheldon-Dean, Lewis Creek Systems, LLC and Sherry Wilson, Jopari Solutions

1:00-2:00 Federal Data Breach Response of Health and Consumer Protected Information
David Holtzman, OCR, and Alain Sheer, FTC

2:00-3:00 Data Breach Strikes
Gerard Stegmaier, Wilson, Sonsini, Goodrich & Rosati; and Paul Luehr Stroz Friedberg

3:15-4:00 Security Testing and Assessment Methodologies
Karen Scarfone, Scarfone Cybersecurity; and Richard Metzer, D.Sc. CISSP, Lockheed Martin

4:00-4:45 Meaningful Use Crosswalk to the Security Rule
Adam Greene, Davis Wright Tremaine LLP


Pritts Recaps PHR Roundtable with Focus on Privacy and Security

Personal Health Records: A Focus on Privacy and Security
Wednesday, December 29th, 2010 | Posted by: Joy Pritts, HHS Chief Privacy Officer, on ONC’s Health IT Buzz blog and reposted here by e-Healthcare Marketing.

Understanding the Evolving Landscape

Personal health records (PHRs) have the potential to give individuals more control over their health information — collecting, using, and sharing it as they see fit. On December 3, the Office of the National Coordinator for Health Information Technology (ONC), held a PHR Roundtable to gain a better understanding of PHRs as well as other emerging technologies, and the dynamic and evolving market in which they exist, with a focus on privacy and security. The Roundtable will help inform a congressionally mandated study and a report to Congress on entities not covered by the Health Insurance Portability and Accountability Act (HIPAA). ONC expects to deliver the report to Congress in 2011. 

Dr. David Blumenthal, the National Coordinator for Health Information Technology, introduced the Roundtable by noting that PHRs are likely to grow in importance as more health care providers meaningfully use electronic health records (EHRs). A major objective of incentives encouraging the meaningful use of EHRs is to engage patients and their families in their health care. PHRs and related technologies can further this objective.

Usefulness and Trustworthiness of PHRs 

At the PHR Roundtable, four panels of experts and industry representatives explored the growth of PHRs, focusing on the nature and adequacy of privacy and security protections. A key message from the Roundtable was that PHRs grow in value when people find them useful and trustworthy. Their usefulness grows as they are able to readily pull information from EHRs and other sources of clinical information, as well as from monitoring devices and mobile applications. The usefulness increases even more as that information can be organized to help people with their particular health care concerns and can inform clinical decision making. 

The Roundtable confirmed that people care about the trustworthiness of PHRs, which includes considerations of privacy, confidentiality, and security. However, often individuals do not have the ability or information to understand or evaluate the trustworthiness of a particular PHR and related service providers. As PHRs merge health information from health care providers with information from other sources and give individuals choices about how to use or disclose that information, the privacy and security issues associated with PHRs increases.

Privacy and Security Protection

During the PHR Roundtable, representatives of the Federal Trade Commission (FTC), HHS Office for Civil Rights, and California Office of Privacy Protection explained how they are active in oversight of PHRs. They provided attendees with an overview of the primary ways that that the privacy and security of health information in PHRs is protected under current federal law:

  • HIPAA: PHRs offered by or on behalf of most health plans and health care providers (“HIPAA covered-entities”) are protected by the requirements of the HIPAA Privacy and Security Rules. These rules restrict the way that health plans and health care providers can use and disclose identifiable health information in a PHR. They also require covered entities to have administrative, physical, and technical safeguards in place to ensure that information in PHRs remains secure from unauthorized access and use.   
  • Section 5 of the Federal Trade Commission Act: PHRs that are not offered by or on behalf of a HIPAA-covered entity, including those that are employer sponsored or offered by technology companies or other organizations directly to consumers are subject to Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive practices. This means that the FTC can hold PHR companies to the statements that they make about privacy and security in their contracts and publicly posted policies (such as privacy notices). The FTC has also used its authority to find that inadequate security practices are unfair to consumers, who expect their information will be adequately protected. The FTC has recently released a staff report, “Protecting Consumer Privacy in an Era of Rapid Change,” which recommends a broad framework for protecting health information in light of new practices and business models that can help inform the discussion of health information privacy and security applicable to non-covered entity PHRs. 
  • HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act require that individuals are notified of a security breach that results in the release of their health information, including information stored in PHRs regardless of the type of organization by which they are offered. 

A second subpanel of legal experts looked ahead to different approaches to legal or private sector oversight and requirements. At the end of the day, however, it was clear that determining which approach best applies to this dynamic industry is subject to continuing debate and refinement.   

Visit the ONC website to view the archived webcast of the PHR Roundtable. Although the comment period associated with the PHR Roundtable closed December 10, we invite you to continue the discussion on PHRs by submitting comments below.

For comments, please go directly to ONC’s Health IT Buzz blog.

For an account of the PHR Roundtable written during the December 3, 2010 session, see post on e-Healthcare Marketing.

PHR Rountable Archives: Webcast and Meeting Materials

ONC Seeks Public Comments on PHRs by Dec 10 Re: Security & Privacy

Office of the National Coordinator (ONC) for Health IT:
Public Comments Sought on Personal Health Records
by Dec 10, 2010
Emailed by ONC on Nov 1, 2010

In conjunction with ONC’s upcoming PHR Roundtable, ONC is seeking public comments on issues related to personal health records. The public comment period is open now through December 10. ONC would like the public’s input on the following topics:

  • Privacy and Security and Emerging Technologies
  • Consumer Expectations about Collection and Use of Health Information
  • Privacy and Security Requirements for Non-Covered Entities

Visit the ONC website to submit your comment by December 10:
This link goes to an ONC page with the content that’s posted below.

ONC Seeks Public Comments on PHRs
Excerpted from ONC site on 11/1/2010.

[Click here for ONC Public Comments Page on PHRs]
The Office of the National Coordinator for Health Information Technology is seeking public comments on issues related to personal health records. Please submit comments by visiting one or more of the following questions. Please note that your name and comment will be placed on the public record of this roundtable, including on the publicly accessible HHS/ONC website (links below).

Thank you for your submission. (Note: The links below will take you directly to the ONC blog pages for posting.) 1. Privacy and Security and Emerging Technologies
What privacy and security risks, concerns, and benefits arise from the current state and emerging business models of PHRs and related emerging technologies built around the collection and use of consumer health information, including mobile technologies and social networking?

2. Consumer Expectations about Collection and Use of Health Information
Are there commonly understood or recognized consumer expectations and attitudes about the collection and use of their health information when they participate in PHRs and related technologies? Is there empirical data that allows us reliably to measure any such consumer expectations?  What, if any, legal protections do consumers expect apply to their personal health information when they conduct online searches, respond to surveys or quizzes, seek medical advice online, participate in chat groups or health networks, or otherwise? How determinative should consumer expectations be in developing policies about privacy and security?

3. Privacy and Security Requirements for Non-Covered Entities
What are the pros and cons of applying different privacy and security requirements to non-covered entities, including PHRs, mobile technologies, and social networking?

4. Any Other Comments on PHRs and Non-Covered Entities
Do you have other comments or concerns regarding PHRs and other non-covered entities?

Event Details | Register for the Event by Webinar

See previous e-Healthcare Marketing post for Event Details. In-person participation is now closed due to capacity, but registration for the Webinar is available.

ONC Listens: BluePrint at ONC Innovations Seminar

ONC Listens: BluePrint at ONC Innovations Seminar
On October 25, 2010, the ONC Innovations Seminar was led by BluePrint Healthcare IT in Washington, DC. The one-hour seminar entitled “HITECH in New Jersey: A View from the Private Sector” was part of a series featuring people from outside the Office of National Coordinator (ONC) for Health IT sharing their experiences and ideas with the Office. This post reports on how three of my BluePrint colleagues and I got to speak with about twenty members of ONC (including several on a conference line) and share our experiences.

ONC Innovations Seminar
Sachin Jain MD, MBA, Special Assistant to David Blumenthal; and Wil Yu, Special Assistant for Innovation to the National Coordinator, invited the BluePrint team to Washington, DC to lead Monday’s ONC Innovation Seminar. Members of BluePrint had previously worked with the New Jersey and Delaware Valley HIMSS chapters to invite Jain and Yu to speak and meet with attendees at the chapters’ joint fall conference in Atlantic City in September.

Jain initiated the ONC Innovations Series, which in its official description took “place every one to two weeks (for members of the ONC staff) and will bring in noted experts from the health IT community including technologists, patient and community advocates, grantees, academic researchers, government officials and others.”

Seminar leaders have included Michael Porter (Harvard Business School and thought leader on Competitive Advantage), Mark McClelland (former head of FDA and CMS, now heading the Engleberg Center for Health  Care Reform at Brookings), Peter Pronovost  (Johns Hopkins physician and leader in patient safety), Lonny Reisman (Aetna’s chief medical officer), Richard Baron (Philadelphia area physician with Greenhouse Internists) and Rushika  Fernandopulle (an Atlantic City physician).

Case Studies
Speaking with ONC members at its October 25 seminar, BluePrint used three case studies to illustrate health IT challenges and how it was helping hospitals solve them: fast-tracking meaningful use security risk assessments; developing and implementing a workflow software tool to manage access to enterprise-wide software; and setting up a five-stage security and privacy framework at a community hospital to strengthen physician relationships and foster greater trust with patients. It also described its two-hour seminars offered to hospital leadership to prepare for meaningful use and readiness to receive EHR incentive payments.

BluePrint’s Public Policy Role—New Jersey and beyond
The seminar pointed out the new momentum fostered by New Jersey’s health IT leadership—statewide Health IT Coordinator Colleen Woods and Bill O’Byrne, executive director of NJ-HITEC, the state’s regional extension center. New Jersey submitted its HIE operational plan to ONC in August, and NJ-HITEC kicked off its clinician sign-up program for meaningful use support in October.

Based on working with hospital CIOs, Vikas Khosla, the President and CEO of BluePrint, described the transformation of hospital and multi-hospital system CIOs from systems implementation and management executives to leaders of healthcare change management. Founded in 2003 to advise hospitals and multi-hospital systems on security and privacy issues, BluePrint has taken on a public policy role as well, including producing a series of workshops on HITECH Breach Enforcement in collaboration with NJ HIMSS and having Vikas serve as a subject matter expert for the state HIT Committee on Privacy and Security.

The ONC’s Listening Continues
This seminar series demonstrates one way ONC listens and learns. Another example, for which registration just opened this week, is the Personal Health Record Roundtable on December 3 in Washington, DC, to be chaired by HHS Chief Privacy Officer Joy Pritts. The roundtable will hear panels of “researchers, legal scholars, and representatives of consumer, patient, and industry organizations” in order to prepare recommendations, as stipulated in HITECH Act,  “related to the application of privacy and security requirements to non-HIPAA Covered Entities, with a focus on personal health record vendors and related service provider.”

To the readers of e-Healthcare Marketing,  who are used to seeing this blogger’s collections of information and reports about Health IT and EHRs, thank you for taking the time to read about  the Washington trip of Vikas Khosla, President and CEO; Gregory Michaels, Director, Security and Compliance Solutions; Mohit Pasricha, Chief Solutions Architect, and me, Mike Squires, Vice President, Strategic Development and Public Policy, BluePrint Healthcare IT .
Mike Squires

ONC Site Map Updated in Conjunction with New Health IT Unified Theme

“Connecting America for Better Health” – ONC for HIT
Web Site Map for Office of the National Coordinator for Health IT
On August 27, 2010, the Office of National Coordinator (ONC) for Health IT announced a new “unified identity for Health IT”  which includes a “new theme and visual identity” for the ONC Web site and ONC and can be seen at the top of ONC Web pages.

The site map below for  ONC’s Web site is pulled primarily from the left navigation bar on the ONC site with some additional links to key areas. [Please send any corrections or comments to e-Healthcare Marketing. This is an update to a previous site map posted on February 16, 2010 on e-Healthcare Marketing, including new workgroups.]

While the visible structure of the Web site remains mainly the same, the home page and much of the underlying architecture appears to have been updated to simplify access to users, highlight new and important content, and simplify the addition of new information anticipated to come soon, such as announcements of the  Authorized Testing and Certification Bodies (ATCB) and Certified EHRs and EHR Modules.

The new theme and identity ”really captures the spirit of these combined efforts to boost national adoption of electronic health records and ensure success. The insignia will also help people easily identify and connect with official HITECH information, resources, programs, and partners,” wrote Communucations Director Peter Garrett on the Health IT Buzz blog on August 27, 2010. Now to the site map.


          Meaningful Use
          Certification Program
          Privacy and Security
          HITECH Programs
          On the Frontlines of Health Information Technology
               NEJM Articles: Dr. Blumenthal
                                             Dr. Benjamin
          Federal Advisory Committees

Top Banner Links
          Get email updates from ONC
          Follow ONC on Twitter

HITECH & FUNDING Opportunities
          Contract Opportunities
          Learn about HITECH
          HIT Extension Program — Regional Extension Centers Program
          Beacon Community Program

     State Health Information Exchange Cooperative Agreement Program
     Health Information Technology Extension Program
     Strategic Health IT Advanced Research Projects (SHARP) Program
     Community College Consortia to Educate HIT Professionals Program
     Curriculum Development Centers Program
     Program of Assistance for University-Based Training
     Competency Examination Program
     Beacon Community Program

                  (Meeting Calendar At-A-Glance)

HIT Policy Committee Meetings
          Meeting Webcast & Participation
Upcoming Meetings
Past Meetings
HIT Policy Committee Recommendations
HIT Policy Committee Workgroups
          Meaningful Use
          Information Exchange
          Nationwide Health Information Network (NHIN)
          Strategic Planning
          Privacy & Security Policy
          Privacy & Security Tiger Team
          Quality Measures

Health IT Standards Committee Meetings
          Meeting Webcast & Participation
Upcoming Meetings
Past Meetings
HIT Standards Committee Recommendations
HIT Standards Committee Workgroups
          Clinical Operations
          Clinical Quality
          Privacy & Security
          Vocabulary Task Force

           Meaningful Use
           Privacy and Security
           Standards and Certification
          State-Level Health Initiatives 
          Nationwide Health Information Network
          Federal Health Architecture
          Clinical Decision Support & the CDS Collaboratory
                 FACA Meeting Calendar
          Fact Sheets
          Federal Health IT Programs
          Technical Expert Workshops

         News Releases (2007 – Present)
         FACA Meeting Calendar
         Fact Sheets
         Federal Health IT Programs
         Technical Expert Workshops

          Coordinator’s Corner: Updates from Dr. Blumenthal
          Budget & Performance
          Contact ONC and Job Openings
#                             #                     #

For a review of the new look and feel of the ONC site, see an earlier post on e-Healthcare Marketing.

ONC Launches SHARP Web site for Strategic Health IT Advanced Research Projects

ONC Launches SHARP Web site for Research Programs
The Office of National Coordinator for Health IT launched its new Web site area on August 20, 2010 for the four research initiatives within the Strategic Health IT Advanced Research Projects Program  overseen by Wil Yu, Special Assistant of Innovations and Research, who  serves as Senior Project Officer for SHARP program.

SHARP Overview

SHARP Overview

Excerpted from ONC Site on August 21, 2010:

“SHARP awardees are currently conducting research along the following areas:

“AREA ONE: Security and Health Information Technology – The University of Illinois at Urbana-Champaign is helping develop technologies and policy recommendations that reduce privacy and security risks and increase public trust.

“AREA TWO: Patient-Centered Cognitive Support – Innovative cognitive research is being led by the University of Texas, Houston to harness the power of health IT to integrate and support physician reasoning and decision-making as providers care for patients.

“AREA THREE: Health Care Application and Network Design – Harvard University is leading platform based research to create new and improved system designs that facilitate information exchange while ensuring the accuracy, privacy, and security of electronic health information.

“AREA FOUR: Secondary Use of EHR Information – Mayo Clinic of Medicine is developing strategies to improve the overall quality of healthcare by leveraging existing EHR data to generate new, environmentally appropriate, best practice suggestions.”

SHARP Project Officer:
Wil Yu, Special Assistant, Innovations
ONC, Office of the Chief Scientist

Frequently Asked Questions
Original Funding Announcement

Direct Links to Programs
Security and Health Information Technology:
Patient-Centered Cognitive Support:
Health Care Application and Network Design: .
Secondary Use of EHR Information:
#                     #                  #

For more on project officer Wil Yu, see e-Healthcare Marketing blog.

Previous e-Healthcare Marketing posts on SHARP Program:
June 7, 2010: Updates on ONC’s SHARP — Strategic Healthcare IT Advanced Research Projects
April 7, 2010: Blumenthal Letter #11: Research and Innovation that Translates to Practice–SHARP Grants  includes Health IT Buzz Blog Post from Dr. Charles Friedman, Chief Scientific Officer, ONC: “SHARP: Confronting IT Challenges Head-on and Investing in the Future of Health Care”

Health Information Exchange: From Princeton to Washington, DC Conferences

July 22, 2010: HIE Day in Two Cities
WASHINGTON, DC (July 22, 2010) — With more than 400 delegates to the National HIE Summit from 38 states meeting in the nation’s capital today and over 125 delegates to the New Jersey HIE Summit & Expo meeting in Princeton, NJ, you can see federalism at work in Health IT.

In the Washington, DC Conference produced by the national eHealth Initiative, and hosted at the Omni Shoreham Hotel, the the topics of the day are:
Getting Started: What to do first?
Sustainability: What works?
Getting to Meaningful Use
Inter-State Coordination
Understanding and Connecting to the NHIN
Engaging Consumers in Health Information Exchange
Measuring Your Progress: What Really Matters?
Beyond Implementation: Planning for Privacy

The Washington session ends with a networking reception.

The Princeton, NJ Conference produced by NJTC (New Jersey Technology Council), and hosted at the New Jersey Hospital Association Conference Center, will cover:
NJ Health IT Extension Center (NJ-HITEC)
Colleen Woods, newly appointed Statewide Health IT Coordinator for New Jersey, will make a presentation.
Components of a Successful HIE
                 Developing a Sustainable Business Model for HIE
                 Managing an Effective Procurement Process
                 Engaging and Supporting Physicians in the Adoption of Heath IT
                 Building Public Private Sector Partnerships for HIE
HIPAA HITECH – Audits, Breaches & Fines
Navigating the Winding Road
                 Know Your Obligations
                 Identify and Address Gaps
                 Security Rule Compliance
                 Test Your Program and Consider Lessons Learned now Your Obligations
HIE Privacy, Security and Compliance
                 Understanding Meaningful Use Requirements
                 Understanding and Applying the New Standards Requirements
                 Developing and Implementing Strong Privacy and Security Policies
                 Advancing Administrative Simplification Efforts

Technologies that Transform Patient Care    

The Princeton session ends with an ice cream reception.   

Personal Notes
In Princeton, Vikas Khosla, President and CEO of  BluePrint Healthcare IT (and my boss), is participating in a panel discussion and focusing on  ”Developing and Implementing Strong Privacy and Security Policies” and joining two of my colleagues Gregory Michaels, Director, Security and Compliance; and Pam Kaur, Client Services Team Lead, who will be attending and working BluePrint’s exhibit table.

In Washington, as VP, Strategic Development and Public Policy, for BluePrint (and as e-Healthcare Marketing blogger), I will be listening, learning, meeting, and greeting state HIE coordinators and Health IT folks from across the country. And we’ll compare notes when the day is done.

BluePrint also issued a press release July 21, 2010 announcing two products that support secure health information exchange by lowering barriers to HIE interoperability and promoting patient confidence: HIE Secure and EMR Secure.

While e-Healthcare Marketing independently collects and reports information on Health IT including EHRs, ONC, CMS, and public policy, a view of the blogger and his business colleagues seemed worth noting today. Thank you for reading.
Mike Squires

ONC Blogs on ‘EHR Security: A Top Priority’

EHR Security: A Top Priority
Monday, July 19th, 2010 | Posted by:
Dr. Deborah Lafky, MSIS Ph.D. CISSP on ONC’s Health IT Buzz Blog and republished in e-Healthcare Marketing
With the passage of the HITECH Act, Congress made health IT security a top priority. ONC is committed to making electronic health information as secure as technically and humanly feasible.

That’s why ONC on April 1, 2010, launched an 18-month, multi-million dollar effort to improve the state of security and cybersecurity across the health IT spectrum. Key initiatives include:

  • Increasing health IT security by systematically assessing risk and providing tools and guidance to minimize it, including product configuration manuals and checklists to help assure secure health IT installations;
  • Educating the health IT community about security awareness with training, video, literature, and other materials;
  • Equipping the health IT workforce with the knowledge they need to manage health IT securely; and
  • Creating support functions such as back-up, recovery, and incident response plans to help when security emergencies strike.

Our ultimate goal is to protect patient information and create confidence in health IT’s security. These initiatives, and others, will help us do just that.

ONC recognizes that breaches are a serious issue. Despite stronger laws regarding breach notification, we must be vigilant and ensure they are reported. What may be surprising are the statistics. For example, we know that in the past 5 years, 80 percent of reported lost records were the result of hard drives, laptops, and other storage devices that disappeared. Interestingly, less than 10 percent of health care information breaches resulted from hacking or Internet crime.

So what does this mean in terms of security? It shows that simply preventing the theft or loss of data storage devices would have a huge impact on the security of our electronic health records. Fortunately, this doesn’t require a major investment in equipment or training. Instead, it requires some clear, common sense policies, such as:

  • Securing all computers that contain patient data;
  • Protecting laptops with a combination of physical, technology, and policy-related methods;
  • Locking drive bays to prevent hard drives from being removed;
  • Placing servers in secure areas, strictly limiting access, and maintaining entry/exit logs; and
  • Establishing security policies that require the use of a high-grade encryption algorithm.

As we roll out these ONC initiatives, I hope some of the readers of this blog will share their own best practices: What security measures have you taken or observed? How do you ensure the security of EHRs in your daily work? Share with us what has worked for you – and what has not. We can all learn from experience.

Watch the ONC website for updates on our available security materials and to see our progress.
#                     #                      #
To comment directly to this post on ONC’s  Health IT Buzz Blog, please click here.

Blumenthal Blogs on Future of Healthcare with EHRs and New Rules

Advancing the Future of Health Care with Electronic Health Records
Tuesday, July 13th, 2010 | Posted by: Dr. David Blumenthal on Health IT Buzz Blog and reposted here by e-Healthcare Marketing here. 

Today, we’ve taken great steps forward in bringing America’s health records into the 21st century. Widespread and meaningful use of fully functional electronic health record systems combined with a robust infrastructure for broad-based health information exchange can improve the quality, safety, and efficiency of health care for all Americans.

As more organizations adopt electronic health records, physicians will have greater access to patient information, allowing faster and more accurate diagnoses. Complete patient data helps ensure the best possible care.

Patients too will have access to their own information and will have the choice to share it with family members securely, over the Internet, to better coordinate care for themselves and their loved ones.

Digital medical records make it possible to improve quality of patient care in numerous ways. For example, doctors can make better clinical decisions with ready access  to full medical histories for their patients—including new patients, returning patients, or patients who see several different providers. Laboratory tests or x-rays downloaded and stored in the patient’s electronic health record make it easier to track results. Automatic alerts built into the systems direct attention to possible drug interactions or warning signs of serious health conditions. E-prescribing lets doctors send prescriptions electronically to the pharmacy, so medications can be ready and waiting for the patient.

And while electronic health records require an initial investment of time and money, clinicians who have implemented them have reported saving money in the long term. With the efficiencies that electronic health records promise, their widespread use has the potential to result in significant  cost savings across our health care system.

The future looks bright, but the vision can’t become reality without first laying a firm foundation.

Helping us in this endeavor are the providers, software developers, health care administrators, patients, and others on the frontlines of health care. We talked with them about their experiences and expectations of health IT. We heard their aspirations and their reservations.   Our commitment to ensure privacy and security of electronic health records and health information exchange will remain at the forefront of all our efforts.  We are confident that what we’ve learned from these ongoing conversations will lead to the development of a structure designed to support and improve health care in this country.

The final rules recently released are the blueprints for that structure. The standards and certification final rule, released on July 13, 2010, helps ensure that certified electronic health records will have the capabilities necessary to achieve our goals. And now, with the release of the final rule for the meaningful use of electronic health records, we have a plan for how those capabilities can lead to better health care.

These rules are not an end in and of themselves, but provide us with a plan for the future.

I recognize the challenges and obstacles before us. Fundamental changes are difficult to undertake but I saw the difference an EHR made in my practice and I can clearly see where meaningful use of health information technology can take us.

Now that we have the foundation in place and the blueprints in hand, I encourage you to continue  your electronic health record adoption and implementation efforts so we can transform our vision into reality.

– Dr. David Blumenthal, National Coordinator for Health Information Technology
To comment directly on ONC’s Health IT Buzz Blog, click here.

See previous post on e-Healthcare Marketing for Final Rules PDFs, Press Release, Fact Sheets, and additional info.