Vendors and users of electronic health record modules should monitor them closely for potential data security breaches, according to the Health IT Standards Committee, Government Health IT reports.
The suggestion was included in a summary of the committee's recommendations on the interim final rule on standards and certification criteria for health IT under the 2009 federal economic stimulus package. The rule describes the requirements for certified EHR systems that physicians and hospitals must use to qualify for health IT adoption incentives.
John Halamka -- vice chair of the committee, who published a summary of the recommendations in a March 9 blog post -- said the committee "recommended that a list of acceptable technology standards be included in the certification process" in part because IT security standards change quickly, particularly for those strengthening encryption.
According to Halamka, the committee also recommended that the interim final rule "specify broad families of standards" for clinical operations, such as a major version of each standard that also includes a "detailed implementation guide that serves as a floor."
The Office of the National Coordinator for Health IT has offered the interim final rule for public comment until Monday (Mosquera, Government Health IT, 3/11).