[ISN] HHS seeking solutions to address FISMA compliance for health
exchange
InfoSec News
alerts at infosecnews.org
Fri Nov 13 03:01:54 CST 2009
http://fcw.com/articles/2009/11/12/fisma-compliance-patient-data-exchange.aspx
By Alice Lipowicz
FCW.com
Nov 12, 2009
Health and Human Services Department officials are looking for
information technology solutions that comply with a key federal
cybersecurity law while also allowing for exchange of federal health
data with private entities, a senior health data exchange official said
today.
Currently, federal medical agencies that handle patient data must comply
with the Federal Information Security Management Act. If they want to
share that data, the recipients also may need to comply with FISMA,
according to Vish Sankaran, program director of HHS. Federal Health
Architecture. Similar issues apply to compliance with the Health
Insurance Portability and Accountability Act , he added.
Sankaran said federal agencies are looking for guidance and solutions to
enable them to exchange patient data while also maintaining compliance
with FISMA.
One possibility being considered is a legal mechanism that may involve
the patient authorizing transfer of the data so that it is no longer
federal data, he suggested. The department also is considering technical
solutions, such as use of intermediaries, cloud computing or Software as
a Service, which might allow for FISMA compliance with both sender and
recipient.
[...]
More information about the ISN
mailing list