HIT Consultant Blog: “The law [HITECH, the law gives incentives to healthcare organizations to digitize personal health information before 2020], which also updates parts of HIPAA, gives the Secretary of Health and Human Services until mid-August to define what constitutes an electronic medical record. In Schmidt’s view initial requirements should start with strong authentication and encryption, and so far, the Secretary has done just that. Citing existing NIST and FIPS standards, HHS guidance includes healthcare data at rest, data in motion, as well as the proper destruction of Protected Health Information. Unfortunately, some health practitioners have begun purchasing e-health systems before the full complement of standards is known.”Â – No matter how you slice it, security is always going to be a problem. Even now, security is a primary concern for any healthcare facility in the United States. As you expand outside the walls of your existing system it is only going to get worse. I agree that practitioners should slow down and wait until some of this gets worked out. There’s nothing worse than investing in a system that has to be scrapped secondary to jumping the gun.