Check out this quote from an article at health care IT news that talks about the challenges the HIT Standards Committee has had understanding the committee’s recommendations:
However, some standards for 2011 – particularly those governing security and privacy – have been difficult to grasp, even for committee members. “They don’t understand what we’re recommending and how the pieces fit together,” said Dixie Baker, chairman of the committee’s privacy and security workgroup.
The security standards the committee has recommended are based on the HIPAA security and privacy rule, she said. Those include requirements to authenticate identity, control access to health information by authorized users, encrypt and decrypt information, and create an audit trail to track who has accessed data.
In explaining the security standards for 2011, Baker said they “are used on a daily basis when we use the Web even if you don’t realize it.” For instance, the standard that the committee used for identity authentication is the same standard used to conduct commercial transactions securely over shopping Web sites, such as Amazon.
“When you’re about to present a credit card (online) a picture of a lock appears in the lower corner (of the Website),” said Baker. “What locks that is an approach that’s called the Transport Layer Security,” which authenticates one or both ends of the exchange, she said.
Does this scare anyone else? First, you have to wonder what those people are doing on the committee. Second, you have to ask if the committee (who should be well educated on these subjects) has a challenge understanding their recommendations how are busy doctors going to do with the regulations? Doctors must be so excited to go through the 692 pages of Meaningful Use regulations.