http://fcw.com/articles/2009/11/12/fisma-compliance-patient-data-exchange.aspx By Alice Lipowicz FCW.com Nov 12, 2009 Health and Human Services Department officials are looking for information technology solutions that comply with a key federal cybersecurity law while also allowing for exchange of federal health data with private entities, a senior health data exchange official said today. Currently, federal medical agencies that handle patient data must comply with the Federal Information Security Management Act. If they want to share that data, the recipients also may need to comply with FISMA, according to Vish Sankaran, program director of HHS. Federal Health Architecture. Similar issues apply to compliance with the Health Insurance Portability and Accountability Act , he added. Sankaran said federal agencies are looking for guidance and solutions to enable them to exchange patient data while also maintaining compliance with FISMA. One possibility being considered is a legal mechanism that may involve the patient authorizing transfer of the data so that it is no longer federal data, he suggested. The department also is considering technical solutions, such as use of intermediaries, cloud computing or Software as a Service, which might allow for FISMA compliance with both sender and recipient. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Fri Nov 13 2009 - 01:01:54 PST
This archive was generated by hypermail 2.2.0 : Fri Nov 13 2009 - 01:10:51 PST