The Weakest Health IT Link, Inc.

A major failing of the government's plan to digitize paper medical records, assert some privacy advocates, is that you just can't trust pointy headed bureaucrats to keep that information safe. That sentiment isn't unfounded, says a CMS official, but it is misplaced.

Rather, private companies that seek to establish electronic links to government systems have "basic amateur problems" that could undermine privacy and security, says Julie Boughn, chief information officer at the Centers for Medicare and Medicaid Services. Alice Lipowicz, writing for Federal Computer Week, reported Boughn's remarks, made Tuesday at a Health Information Technology conference sponsored by the Bethesda chapter of AFCEA.

"These are large companies that you all have heard of," said Boughn. "It is almost embarrassing."

CMS will play a key role in distributing payments, authorized by the ARRA "stimulus law," that seek to incentivize doctors and hospitals to adopt electronic medical records. Organizations that want to be part of the health IT infrastructure must abide by the Federal Information Security Management Act, says Boughn, who called FISMA "an excellent framework."