HIE Governance Comments SoughtWorkgroup Revamping Its NHIN Recommendations
The governance workgroup has spent weeks crafting complex, detailed guidelines for governing HIEs to verify that they meet federal standards, including those for privacy and security. But at a meeting of the Health IT Policy Committee on Nov. 19, the workgroup was asked to continue its efforts to clarify just how an organization validating HIE compliance would do its job.
As a result, the workgroup is seeking health information exchange governance comments on such topics as:
- What governance responsibilities should be handled by the federal government and what should be delegated to others?
- Should there be an overarching validation entity to accredit other certification or accreditation bodies?
- Are there critical needs that require a coordinating/implementation support governance mechanism be established soon? If so, should this role be handled by a federal advisory committee or though some sort of public/private or non-government approach?
Comments are due by Dec. 8.
NHIN StandardsThe HITECH Act, which provided states with funds to spur development of statewide HIEs, also called for development of the Nationwide Health Information Network. NHIN is not an actual network, but "a set of policies, standards and services that enable the Internet to be used for secure and meaningful exchange of health information," according to the official government definition.
The idea behind NHIN is to pave the way for the exchange of electronic health records and other information coast-to-coast by linking various HIEs and other networks that all adhere to the same standards.
To make NHIN work, someone needs to offer a "seal of approval" that an HIE meets the NHIN standards, including those for privacy and security. HITECH requires federal regulators to issue a rule on NHIN governance, but that's been delayed until next year.
HIE Governance Details SoughtAt the Nov. 19 Health IT Policy Committee meeting, David Blumenthal, M.D., national coordinator for health IT for the Department of Health and Human Services, instructed the workgroup to add more details to its proposals and present them more clearly as a series of choices.
For example, the workgroup called for Blumenthal's office to designate a non-government organization to validate that HIEs meet "conditions of trust and interoperability." And that organization could, in turn, designate others to lend a hand with validation.
Several committee members wanted to know far more about how this validation process would work and suggested that perhaps a government agency should handle it.
"My real heartburn comes with having a central validating body that's a private organization," said Deven McGraw, a committee member who is director of the health privacy project at the Center for Democracy & Technology. "I can't move forward on the recommendation for a central, private validating authority without a lot more detail about what that would look like."
The governance workgroup will meet again Dec. 10, and the next HIT Policy Committee meeting is Dec. 13.