Suggested Content
- HHS gives 6 more states $181M in HIX funding
- Veterans Affairs CIO Roger Baker on VLER progress
- Docs tell government panel EHR tales of woe
- VA launches fourth data exchange pilot on NHIN
- New York's Hudson Valley employs care managers, IT to cut readmissions
- HHS aims to help public gauge how healthcare is doing
- ONC taps public for help on nationwide exchange
- CMS lists names of EHR incentive recipients
- CMS to develop eligibility tools for insurance exchanges
- Advisory panel cautious about federal HIE proposals
WASHINGTON – Federal agencies must meet a number of security requirements that private firms are not held to, a higher bar that could impede the performance of their networks, information technology executives told policymakers Nov. 19.
Both the Federal Information Security and Management Act (FISMA) and National Institute for Standards and Technology (NIST) rules call for federal agencies to enhance their network security and continuously monitor their network traffic.
The additional tools and systems necessary for complying with those policies can weigh down network operations, said Stephen Warren, deputy CIO of the Veterans Affairs Department, who called for beefing up the power and capacity of federal networks.
"To mitigate this, network resiliency and redundancy must be increased and the costs for its construction and maintenance follow," he told the Office of the National Coordinator's Health IT Standards Committee Nov. 19
Warren was among a number of government and private sector executives who shared their experiences and concerns about protecting agency networks and health data. The committee is preparing to identify health information privacy and security standards for health IT funding incentives that would go into effect in 2013 and 2015.
Under FISMA and NIST guidance, federal agencies must configure their computer systems to increase protections when linking with non-government systems. This may present obstacles to rolling out a Nationwide Health Information Network (NHIN), federal officials have warned.
"Many of the government mandated standards are more stringent than their commercial equivalents," said Michael Mellor, deputy chief information security officer for the Centers for Medicare and Medicaid Services. That presents tensions in determining the boundaries for federal security policies and standards.
For example, CMS links with commercial players to transmit claims payment and to collect and distribute data.
"As systems and data are stretched out to these federal-commercial interfaces, the applicability of various federal standards becomes more difficult to determine," Mellor said. Stronger security controls drive up costs for their private industry partners.
Continued on next page...
