The Security Scrutinizer with Howard Anderson

Should NwHIN Compliance be Voluntary?

HIE 'Rules of the Road' Finally Progressing

At long-last, the Nationwide Health Information Network Governance Rule is inching closer to reality.

See Also: Live Webinar | Embracing Digital Risk Protection: Take Your Threat Intelligence to the Next Level

NwHIN won't be an actual network, but rather, a set of "rules of the road" for health information exchanges, paving the way for them to more easily exchange data nationally. NwHIN has been in the talking stages for years. But federal authorities plan to take a significant step in the coming days when they issue a "request for information" seeking comments on the concept. That notice likely will first appear on the Federal Register Electronic Public Inspection Desk.

The NwHIN Governance Rule will make it more efficient to exchange health information while protecting patient privacy and security. 

Farzad Mostashari, who heads the Department of Health and Human Services' Office of the National Coordinator for Health IT, provided a brief update on NwHIN at the HIT Policy Committee meeting May 2 (see Voluntary HIE Standards in Works). He stressed that the proposed rule would create an NwHIN "brand" that health information exchanges and others could voluntarily earn, much like the Energy Star program that signifies energy efficiency levels of products.

Statewide, regional or local health information exchanges, integrated delivery systems, electronic health record system vendors and others could apply to receive recognition as complying with the NwHIN standards, which will include privacy and security provisions, he noted.

The HIT Policy Committee, and its Privacy and Security Tiger Team, already have spent many months crafting guidelines for HIEs. Virtually all their recommendations were included in recent privacy and security guidance provided to federally-funded HIEs (see: HIEs Get Privacy Guidance).

I'm hoping that all the guidance provided to federally funded HIEs will wind up as requirements for earning the NwHIN brand. After all, privacy and security requirements are arguably the most important components of "rules of the road" for HIEs. Without public trust, HIEs are destined to fail.

Voluntary Approach?

But I'm wondering whether a voluntary approach to NwHIN is appropriate. I suppose that, over time, any HIE that lacks the NwHIN "seal of approval" will have a tough time attracting participants and support. But why not just make compliance with the NwHIN governance rule mandatory for all HIEs that handle a specific set of transactions?

ONC decided to start with a request for information "because we do think there are sufficient areas of ambiguities and questions, so we need to get the broadest possible feedback prior to rulemaking," Mostashari said. Let's hope ONC reviews comments quickly and drafts the propposed NwHIN Governance Rule ASAP. After all, ONC can leverage the guidance it has already provided to federally funded HIEs. And we cannot afford to wait much longer to spell out guidelines for the many dozens of HIEs - federally funded or not - that are already are in development or fully operational.

National standards for health information exchange are necessary, Mostashari noted, because many states are already developing "unique and potentially conflicting" rules for HIEs. The NwHIN Governance Rule "will make it more efficient to exchange health information while protecting patient privacy and security," he said. It also will help "lay the foundation" for future stages of the HITECH Act EHR incentive program, which will emphasize the importance of exchanging patient records among providers treating a patient, he added.

NwHIN guidelines have been debated since 2010. They've been repeatedly delayed. ONC needs to publish a proposed NwHIN Governance Rule sooner, rather than later.



About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.