The Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) have recently launched a joint HIPAA Security Risk Assessment (SRA) Tool. The tool is designed to assist small and medium-sized health care practices and business associates in complying with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Particularly, the SRA Tool helps entities identify and assess risks and vulnerabilities to their electronic protected health information (ePHI) and can be downloaded at no cost. It is designed to help smaller organizations identify risk and make a plan for remediation and compliance.

A new toolkit by the Office of the National Coordinator for Health Information Technology (ONC) aims to provide the health information technology (IT) community with a practical resource for implementing SDOH initiatives. The toolkit includes 11 foundational elements of SDOH information exchange such as mission and purpose, community readiness, and technical, finance, legal and policy considerations. These are approaches healthcare professionals can use to advance their unique SDOH information exchange goals.

According to ONC, creating interoperability can be very complex and require multiple connections. Deputy National Coordinator for Health IT Steven Posnack said the agency is continuing to pursue ways to streamline some of the processes by focusing on six different initial exchange purposes — and to achieve it at the network scale and the national level for TEFCA. “Where there's some variability today from a policy perspective is that certainly the networks focus on treatment and a lot of them do that as well but including public health, including payers, including other types of health operations, other business cases and benefits determination. Those are other exchange purposes that we've included now up front as part of the common agreements expectations,” said Posnack.

Ensuring data security while keeping critical health care information flowing across agency networks continues to be a major challenge amid evolving security threats. Certain policies can make it more difficult for organizations to move patient data in a secure and private manner. Elisabeth Meyers, deputy director of the Office of Policy at the Office of the National Coordinator for Health Information Technology (ONC), said that agencies have the technology moving in the right direction, but there are still policy barriers to overcome.  

“The policy barriers are that we often find that the perceived risk of privacy is overtaking the very real risk of not being able to share data accurately for care. So, there is a real privacy risk that is realistic. We know that that exists,” Meyers said. “But very often, the perception of technology being new or different in health care is overtaking that and putting barriers in place … when we could be more freely aggregating data and sharing data in a useful way for care coordination, research, public health and closing that circle of how that data works together.”

The nation’s healthcare network is developing strategies and manpower to ensure it is ahead of the curve to respond to a potential new wave of infections. One of them is a $73-million effort by the Office of the National Coordinator for Health Information Technology (ONC) of the U.S. Department of Health and Human Services (HHS). Funds are allotted under the Public Health Informatics & Technology Workforce Development Program to train 5,000 people across the country in Public Health Informatics and Technology (PHIT).