In September 2024, the Department of Health and Human Services’ (HHS) Office of the National Coordinator for Health IT (ONC) released its 2024–2030 Federal Health IT Strategic Plan. The plan was developed in collaboration with more than 25 federal organizations and comments from the public. It defines the goals, objectives, and strategies of the government to improve health experiences and outcomes.
The 2024–2030 plan builds on ONC’s 2020–2025 version, emphasizing the policy and technology components that are essential for securing electronic health data.
More info: What is protected health information (PHI)?
ONC advances the adoption and use of strong health IT infrastructures and promotes the nationwide exchange of healthcare. The HHS department coordinates nationwide efforts to implement advanced health IT and facilitates the secure exchange of health information. To this effect, ONC creates policies to improve healthcare in the United States through technology.
The department’s 2020–2025 Federal Health IT Strategy Plan concentrated on privacy and security along with strong API standards. Prime objectives of this plan included increasing patient empowerment and high-quality patient care, as well as improving health outcomes. Published in 2022, the Trusted Exchange Framework and Common Agreement (TEFCA) furthered the focus of the 2020–2025 plan. It defined the standards for interoperability as required by the 2021 21st Century Cures Act.
TEFCA broadened the idea of access by including health information networks, federal agencies, public health, individuals, payers, providers, and technology developers. Soon after, ONC updated its Common Agreement for Nationwide Health Information Interoperability through TEFCA for Qualified Health Information Networks (QHINs). A QHIN is a network of people or organizations working together to share data.
See also: What was the Nationwide Health Information Network (NHIN)?
ONC’s 2024–2030 plan furthers the objectives of the 2020–2025 plan to improve health access and deliver better patient care. Accordingly, the broad goals of both plans center on:
The 2024–2030 plan stresses the importance of the policy and technology components used to secure the data of all health IT users. Within, ONC added language to address advancing TEFCA “to create a universal governance, policy, and technical floor for nationwide interoperability; enabling individuals to access their [electronic health information] and simplifying connectivity for organizations to securely exchange information.”
The first goal aims to improve health experience and outcomes for individuals, populations, and communities. The overall idea is to increase reach and trust and therefore high-quality patient care. With this goal, the objectives are to help individuals and communities feel more empowered to manage their health, experience modern and equitable healthcare, and feel healthier and safer.
Specific tactics to reach this goal comprise:
The second goal focuses on improving how patients and caregivers experience care, how healthcare providers and others deliver safe, high-quality care, and how health plans reimburse for care. The objectives of the second goal are to get providers to deliver improved care and reduce regulatory and administrative burden, expand access and reduce or eliminate disparities, improve competition and transparency, and get the health workforce to use health IT with confidence.
Some specific ideas to do this are:
The third goal emphasizes advancing opportunities to accelerate scientific discovery and innovations. Its objectives involve giving researchers and other health IT users access to high-quality data, enhancing individual and population-level research with health IT, and advancing health equity by using health data that incorporates underrepresented groups.
Strategies to reach this goal include:
The final goal concentrates on the policies and technologies needed to support the data needs of health IT users. Objectives are the development and use of health IT, providing health IT users clear and shared expectations for data sharing, ensuring underserved communities have access, ensuring that PHI remains protected, private, and secure, and supporting communities with modern and integrated public health systems.
Several plans created to make this happen are:
Healthcare organizations operate within the stringent regulatory framework of the HIPAA Act. HIPAA sets national standards for safeguarding personal health data and ensures its confidentiality, integrity, and availability. The need to safeguard PHI is at the heart of creating a protected health IT environment. This is why ONC mentions HIPAA within its 2024–2030 plan and works with the regulations to promote health IT.
Integrating secure cybersecurity practices is not only defensive but can be offensive as well. Cybersecurity measures, such as data encryption and rigorous access controls, prevent unauthorized access and maintain patient-provider trust. A layered cybersecurity program helps organizations avoid severe penalties, legal repercussions, and reputational damage.
Such safeguards are needed to help ONC further its health IT strategies. By offering guidance and practical support, ONC facilitates the successful integration of health IT into healthcare and furthers its goals as laid out in its federal health IT plans.
Additional reading: HIPAA Compliant Email: The Definitive Guide
HIPAA compliance is required for:
Penalties for noncompliance can range from monetary fines to criminal charges, depending on the severity and circumstances of the violation. The Office for Civil Rights (OCR) can impose penalties, which can range from $1307 to $68,928 per violation, with a maximum annual penalty of $2,067,813.
HIPAA mandates that electronic health records (EHRs) must be secured to protect patient information. This involves implementing access controls, encryption, audit controls, and transmission security measures.