Blumenthal defers judgment on FISMA use

The top federal official for health information technology has not taken a position on one of the pressing issues that affects nationwide sharing of health information — whether all health systems must comply with the Federal Information Security Management Act (FISMA).

Dr. David Blumenthal, the national coordinator for health IT, said he has not formed an opinion. The FISMA legislation in 2002 established information security requirements for federal computer systems. What is under discussion is whether health care providers, including doctors' offices and hospitals, should comply with FISMA in order to expand their information sharing with federal agencies.

Under the economic stimulus law, Congress set aside $350 million to assist the national coordinator’s office in establishing health information exchange systems. One of the pilot efforts underway is the Nationwide Health Information Network.

Several federal health officials have recently suggested that private entities ought to be FISMA-compliant. Applying FISMA to the health care industry is “a showstopper for us,” Vish Sankaran, program director for the Federal Health Architecture, told Government Health IT magazine in the July/August issue. “This is a high priority. ... The sooner we get [Office of Management and Budget] guidance, the better.”