TRENDING:

Building Trust in Data Exchange

'Town Hall' Attendees Call for Standards Marianne Kolbasuk McGee (HealthInfoSec) • January 22, 2013    
Building Trust in Data Exchange

Several attendees at the first of two "town hall" online meetings about secure health information exchange offered federal officials a clear message: Standards are needed to help build trust that patient information will remain private, secure and reliable.

See Also: Prescription for Savings: Pharmaceutical Innovator Trusts the Cloud to Make Medicine Affordable

Paul Wilder, a director at the New York eHealth Collaborative, a not-for-profit HIE advisory group, said "policy mismatches" across regional HIEs within the same state are a cause for frustration. For instance, while some HIEs say only physicians can access information, other HIEs might allow anyone at a covered entity to access patient data. And that raises serious issues when the HIEs connect.

"The variability is causing problems in connecting," he says. That's why he'd like to see "unified baseline standards, and then move it up over time."

"Federal leadership is needed," said Jeff Smith, assistant director of advocacy at the College of Healthcare Information Management Executives, which represents 1,400 CIOs. "Exchange standards are not clear ... There's a need for more granular work in exchange standards."

Guidance on the Way

The Office of the National Coordinator for Health IT held the online town hall meeting Jan. 17 to gain insights to put to use as it prepares to issue voluntary guidance for secure information exchange in phases during the months ahead (see HIE Guidance Coming in Phases).

A second town hall is slated for Feb. 14. Plus, two federal advisory committees plan a hearing on HIE issues on Jan. 29.

Earlier, ONC backed away from its original plan to issue a federal rule containing voluntary "rules of the road" for nationwide health information exchange after reading the voluminous comments in response to its proposal (see: ONC Backs Off HIE 'Rules of Road').

The consensus of the responses received was that a regulatory approach was premature because HIEs are still evolving, said Farzad Mostashari, M.D., who heads ONC. So the new approach is to "shine a light" on best practices for health information exchange so that ONC can provide incremental guidance, he explained.

While ONC hasn't disclosed the timing for the guidance, the expectation is that recommendations will be issued before 2014, when Stage 2 of the HITECH Act's electronic health record incentive program kicks in. In stage 2, participants will be required to ramp up the exchange of patient information.

Secure Connections

The theme of trust was common to several of the attendees' comments. For example, HIEs must be able to trust that information will remain secure when its exchanged - especially when privacy and security policies vary from organization to organization, and laws vary from state to state.

"There needs to be trust in the security practices of partners," said David Kibbe, M.D., president and CEO of DirectTust.org, a non-profit organization that's developing a security and trust framework for direct health information exchange.

Kibbe suggested that organizations like his, which will kick off an accreditation program in February for HIE "trust agents," such as Internet service providers, can play a role in helping validate if organizations follow various standards or best practices for patient data sharing.

Other key areas where some attendees said more guidance is needed included:

  • Patient ID matching: Ensuring that the correct records for the correct patient is exchanged in HIE queries;
  • User authentication: Addressing such issues as enabling clinicians authorized as users on one HIE to be deemed trusted users on another HIE;
  • Patient information reliability: Confirming, for instance, the source of patient medical information in a query response.

One attendee suggested the use of "source tagging" to indicate the original source of all information, so that receiving healthcare providers can decide "how much weight to put on the data."

Mostashari noted that source tagging could also apply in segmentation of sensitive data, such as mental health data.

Previous
HIPAA Omnibus: Impact on Breach Notices
Next
Screening Trend: 'Ban the Box'

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.



Around the Network

Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.