The DNA of Healthcare

Visit Corporate Site
Close this search box.

CIOs Struggle with Privacy in New Data Sharing Regulations

data sharing
Associate Vice President, Vertical Solutions Consultants

When the U.S. Department of Health and Human Services (HHS) released its five-year strategic plan last week, the agency made one thing clear: it can’t accomplish its goals alone. The plan is described as a roadmap for federal health IT activities and a catalyst for industry growth.

It encourages health IT vendors to work with government agencies to help drive the adoption of data sharing that is interoperable, secure, and transparent…wording that definitely seems to have the best interest of the healthcare consumer in mind. All involved recognize the value in making patient data accessible to the right parties to improve health outcomes and better engage the patient in their own care.

The Why but Not the How

So we understand and recognize the why. Now the question is, how?

Our third annual focus group of healthcare CIOs, all members of CHIME, was conducted this week, and it’s clear the how is the big question. Many of the executives expressed concern over ONC regulations on data sharing and how they were going to be able to keep that data secure.  Then, a day later, HHS released the plan, which likely added additional concern.

Addressing Data Privacy Concerns with Identity Authentication

There seemed to be confusion on who that data security burden fell to—third parties aggregating and storing the data for the patient or the providers themselves. Most CIOs felt the regulations obligated them to share the data with the third parties, even while they recognized that their identity authentication strategy did not cover verifying the patient’s identity before passing information to the third party requesting the data purportedly on behalf of the patient.

Instead, identity authentication by providers has focused on validating patients using their own patient portals. HHS acknowledged the industry blowback from the information blocking rule proposed last year, of which the CIOs clearly expressed concern over. What remains to be seen is how the health IT industry will respond to security and privacy concerns while still maintaining the integrity and interoperability of the data. It will surely be a hot topic at this year’s HIMSS.

What we at LexisNexis Risk Solutions have seen creates success for our customers is a layered identity authentication strategy, paired with data cleansing and linking, which gives organizations a solid foundation for both being able to exchange data and keep it and identities secure. What remains clear is the key to the success of the HHS plan is an ongoing collaboration between the growing health IT industry and the agency stakeholders, with additional coordination now being required with third-party data apps.

The DNA of Healthcare

At LexisNexis Risk Solutions, our goal is to provide the healthcare industry with insights and innovations to improve outcomes, grow market share, reduce fraud and increase compliance.

Related Articles

These blogs are published for information purposes only and can be statements of opinion. Although we LexisNexis rigorously check the accuracy of all information at the time of publishing the blogs, no representations or warranties are expressed or implied as to the blog, its contents and any accompanying materials and it should not be relied upon for acting in specific circumstances. Although links to external websites on any blog posts are tested and deemed accurate at the time of the blog posting, we LexisNexis accept no liability for such links to external websites and do not endorse or warrant in any way any materials available through such links or any privacy or other practices of such sites. In addition to this blog disclaimer, access and use of the blogs is governed by the LexisNexis website.