The U.S. Department of Health and Human Services reiterated this week that the department is planning prioritize the security and privacy of individuals’ health information for the foreseeable future.

In a draft document released by The Office of the National Coordinator - a division of the HHS' Office of the Secretary – the ONC outlined its goals for the next five years, including efforts its taking to "put individuals first" by ensuring there’s patient-centric healthcare on what it calls an interoperable health IT infrastructure.

According to the document, 2020-2025 Federal Health IT Strategic Plan, the concept is one of the ONC’s six federal health principles for 2020-2025:

Specifically, the ONC says it’s focusing on making investments and fine-tuning standards and policies for secure application programming interfaces (APIs) in addition to fostering other technologies.

Developing and moreso settling on standards for healthcare APIs and interoperability is easier said than done. There exist implementation standards but they're not all enforced or adopted. Stakeholders will have to resolve outstanding challenges before these APIs are widely embraced.

That said, whenever there's a problem, one of the first steps is admitting it. The ONC is apparently cognizant of this, admitting that despite an uptick in breaches over the years, "healthcare organizations still have poor understandings of cybersecurity risks and best practices," adding that more robust mechanisms will be necessary going forward.

One of the ONC's objectives is to connect healthcare and health data through an interoperable health IT infrastructure. One way its planning to do this is by implementing privacy and security mechanisms that are appropriate for the sensitivity of the data. This can be achieved through multi-factor authentication and encryption embedded in APIs.

“ONC, along with our partners across the federal government, strive to promote a health IT economy that increases transparency, competition, and consumer choice, while also seeking to protect the privacy and security of individuals’ health information,” ONC Chief Don Rucker, MD, wrote.

To develop the plan the ONC claims it worked with 25+ federal organizations involved in overseeing health information technology and recommendations made by its Health IT Advisory Committee, a group started in wake of the 21st Century Cures Act that contains officials from a handful of universities and hospitals, in addition to Epic, Anthem Blue Cross Blue Shield, and the federal sphere – including the DoD, the Department of Commerce, Justice, Veterans Affairs, and Homeland Security.

The ONC is welcoming feedback on the document until March 18. Whenever it's finally approved, the 2020-2025 plan will function as a roadmap for federal agencies and help bring entities in the private sector closer together, HHS said.