recommended reading

ARCHIVES

White House Issues Cyber Framework for Protecting ‘Precision Medicine’ Patient Data

By Mohana Ravindranath // May 27, 2016

everything possible/Shutterstock.com

Medical treatment tailored to a patient’s exact genetics, lifestyle and history might be more effective than a one-size-fits-all approach. But it also requires health systems to gather vast amounts of personal information about large numbers of patients.

Personalized treatment for patients is the end-goal of the White House’s Precision Medicine Initiative, a $215 million program launched last year. The program aims to create a “research cohort” of at least a million people’s data, in collaboration with outside groups and volunteers.

But that data, which might include details about insurance claims, demographics, genomic and biological characteristics, and information transmitted from smartphones or implantable devices, needs to be highly secured, according to a new White House security framework.  

The new framework recommends several steps for ensuring that sensitive data is impenetrable by outsiders. The steps include encrypting data, continuous monitoring, rapidly responding to breaches, inviting third parties to check security, and writing clear access policies.  

More specifically, contributing groups should think of a way to verify the identity of users and contributors -- which include medical patients and health care providers -- before giving them access credentials. They should also use multifactor authentication and a modular authorization protocol that only grants...

HHS Wants A Way to Move Patient Data Securely

By Mohana Ravindranath // May 9, 2016

Mascha Tace/Shutterstock.com

Want to transfer your health records from one place to the next with a single tap of your phone?

Chances are your health system isn't equipped to let you do that yet. But the federal government wants ideas for systems that could let consumers choose to move their health data wherever they want -- and to do so seamlessly. 

The Health and Human Services Department is hosting a competition in search of an application programming interface that would allow patients to "securely authorize" records transfer "to destinations they choose." 

Participants must create their own APIs and test them on individuals they've recruited. Those testers must also have agreed to release their health data. 

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The contest is multiphase: the first awards $5,000 to 10 finalists for API proposals. The second gives $20,000 to up to five teams based on a prototype they create. In the third phase, up to two finalists could win $50,000 for implementing their products. Finalists are then expected to demonstrate their consumer-facing API. 

The event, called the Move Health Forward challenge, is operated by HHS' Office of...

HHS Says Health Records Should Communicate With Each Other. What Does That Mean?

By Mohana Ravindranath // April 8, 2016

love work 51/Shutterstock.com

When a patient moves from one health system to another, there’s no guarantee his or her electronic medical records are compatible with the new system’s.

The Department of Health and Human Services wants to change that, with a number of efforts aimed at making electronic health record technology more “interoperable.”

But how does a health system measure “interoperability,” and how does the department know if it’s successful? HHS doesn’t know the answer -- and it’s looking to the public for help.

In a new request for information, HHS is asking for input on metrics that could measure interoperability. The eventual goal, according a recent blog post, is a national system in which “health data flows seamlessly and securely.”

Specifically, HHS wants to know which “populations and elements of information” it should examine, how current data and metrics can be used to assess progress, and what new data and metrics HHS should include when sizing up a health system’s “interoperability” levels.

Currently, HHS’ Office of the National Coordinator for Health IT is considering “nationally representative surveys,” gathered from hospitals and physicians, to assess progress, among other potential solutions, the RFI says.

The 2015 Medicare Access and...

FDA Crowdsourcing its Way to Precision Medicine. But What About Security?

By Hallie Golden // November 25, 2015

venimo/Shutterstock.com

When it comes to achieving President Barack Obama’s Precision Medicine Initiative -- an effort to laser-target medical care based on patients' genetic make-up -- collaboration among researchers is key.

So a team at the Food and Drug Administration is launching a crowdsourced platform to provide a digital environment for members of the genomics community to work together.  

PrecisionFDA is a cloud-based research and development portal designed to allow researchers to analyze genome data and run comparisons against reference material, such as sample data widely accepted. FDA launched the project in July, and a team of developers devoted to the project released a closed beta version of the site earlier this month. In just a few weeks, the site will transition into a beta format.

But with the onslaught of federal agency breaches, the question of securing a platform containing piles of genome data that anyone could potentially access by simply applying for an account is an important one.

“Privacy and security is not something you sprinkle on top at the end,” said Taha Kass-Hout, FDA’s chief health informatics officer, in an interview with Nextgov. “We worried a lot about meeting industry standards and federal standards as far as the infrastructure...

Should VA Scrap VistA? CIO Evaluates Future of Home-Grown Health Records System

By Jack Moore // October 29, 2015

LaVerne Council, the assistant VA secretary for information and technology.
LaVerne Council, the assistant VA secretary for information and technology. // Veteran Affairs Department

The new top IT official at the Department of Veterans Affairs told lawmakers Tuesday she is meeting with her staff this week to discuss the future of a planned upgrade of the department’s in-house electronic health record system.

The meeting comes after an independent report by MITRE Corp. concluded the homegrown system, first developed in the 1980s and still highly rated by clinicians, is “in danger of becoming obsolete.”

Amid ongoing concerns about the multiple, failed attempts to develop interoperable electronic health records between VA and the Defense Department, the report recommended VA conduct a cost-analysis of upgrading the Veterans Health Information Systems and Technology Architecture, known as VistA, compared to using open source EHRs and commercial off-the-shelf options.

LaVerne Council, the assistant VA secretary for information and technology and the agency’s chief information officer, will review the business case for the VistA upgrade along with VA Undersecretary of Health Dr. David Shulkin and then “determine the next steps,” Council told a joint congressional subcommittee hearing Tuesday.

VA, DOD Take Separate Paths on EHR Upgrades

In the two years since VA and DOD scrapped a plan to develop an integrated electronic health record, VA has been working on...

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.