[ISN] HHS seeking solutions to address FISMA compliance for health exchange

From: InfoSec News <alerts_at_private>
Date: Fri, 13 Nov 2009 03:01:54 -0600 (CST)
http://fcw.com/articles/2009/11/12/fisma-compliance-patient-data-exchange.aspx

By Alice Lipowicz
FCW.com
Nov 12, 2009

Health and Human Services Department officials are looking for 
information technology solutions that comply with a key federal 
cybersecurity law while also allowing for exchange of federal health 
data with private entities, a senior health data exchange official said 
today.

Currently, federal medical agencies that handle patient data must comply 
with the Federal Information Security Management Act. If they want to 
share that data, the recipients also may need to comply with FISMA, 
according to Vish Sankaran, program director of HHS. Federal Health 
Architecture. Similar issues apply to compliance with the Health 
Insurance Portability and Accountability Act , he added.

Sankaran said federal agencies are looking for guidance and solutions to 
enable them to exchange patient data while also maintaining compliance 
with FISMA.

One possibility being considered is a legal mechanism that may involve 
the patient authorizing transfer of the data so that it is no longer 
federal data, he suggested. The department also is considering technical 
solutions, such as use of intermediaries, cloud computing or Software as 
a Service, which might allow for FISMA compliance with both sender and 
recipient.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Fri Nov 13 2009 - 01:01:54 PST

This archive was generated by hypermail 2.2.0 : Fri Nov 13 2009 - 01:10:51 PST