Electronic medical records are the wave of the future, and with this transformation will come a series of both minor and major IT security risks. The federal government is trying to get ahead of the curve and is now looking for a contractor who will assess those cyber risks for both the public and private sectors.

The Department of Health and Human Services (HHS) has posted a "presolicitation" notice for the program. The notice, available at www.fbo.go and listed under solicitation number OS28871, states:

"The purpose of this contract is to carry out a sequence of related activities with the goal of understanding security risks to Health Information Technology, planning and executing risk mitigation strategies, testing certain risk mitigation strategies, communicating to stakeholders the results, lessons learned, and actions that can be taken to reduce risk in HIT, which will create the foundation for policy development."

The solicitation also said that cybersecurity has been identified as a top strategic priority by the White House. "As health information exchange between enterprises increases, protecting it in its transit across cyberspace becomes increasingly important," it said.

The project is envisioned as an 18-month endeavor, and it will focus on "creating a safe and secure health information technology ecosystem."

President Obama signed the stimulus law a year ago that includes The Health Information Technology for Economic and Clinical Health Act of 2009. This law lays out a plan for advancing the appropriate use of health information technology to improve quality of care and establishing a foundation for healthcare reform.

For more on health IT:
- see this Healthcare Information Security article

Related Articles:
IT to cut SSA disability wait
HHS likely to certify EMR technologies
HHS spends $60M to find EMR obstacles