CRE Interventions
  Agency Administrative Actions

  Federal Computer Incident Response Center
  National Infrastructure Protection Center
  National Telecommunications and Information Administration
 US Department of Commerce
 US Office of Management and Budget

  Domain Name Rights Coalition
  Electronics Frontiers Foundation
  ICANN at Large
  Internet Society
  The Non-Commercial Domain Name Holders Constituency

Technical Orgs
CERT Coordination Center
Internet Architecture Board
Internet Assigned Numbers Authority
Internet Corporation for Assigned Names and Numbers
Internet Engineering Task Force
Internet Mail Consortium
Internet Research Task Center
Requests for Comments Editor


Public Response to the NHIN Request for Information: Stringent, State-of-the-Art Security Needed
HHS has released a summary of the more than 500 comments received in response to their request for information on the planned National Health Information Network (NHIN). Although the summary does not include the comments themselves, or even identify the commenting parties, HHS has stated that the responses "will be made available" on the Department's health information technology website "in accordance with Freedom of Information Act standards."

The responses of some stakeholders are currently available through the CyberSecure.US e-Health Interactive Public Docket. The IPD also provides a forum for public comment on the responses.

In summarizing public responses to the request for information, HHS noted that the key challenges to implementing NHIN include:

  • Addressing privacy concerns; and
  • Paying for the system.
The Summary explains that "while there was no uniform consensus on who should pay" for the system, there was significant support for ensuring that the stakeholders who would benefit the most from the system contributed to its financing.

HHS' Summary also pointed out that "nearly every...response addressed patient privacy and reiterated that the American public must feel confident that their health information is secure, protected, portable and under their control."

HHS went on to state many respondents made clear "that privacy and security should be viewed as fundamental business and technical requirements of a NHIN in developing the architecture, data access and control policies, business rules and governance models, and not viewed as constraints or trade-off elements. State-of-the-art and stringent security features were identified as a crucial component of a NHIN if privacy is going to be preserved."

The public has made clear that security needs to be addressed up front as a core NHIN's defining principle.
  • See e-Health Interactive Public Docket
  • See HHS Press Release
  • See HHS Summary of Responses

  • Copyright 2004 The Center for Regulatory Effectiveness.
    All rights reserved.