HIE Guidance Coming in Phases

New Approach Replaces NwHIN Governance Rule
HIE Guidance Coming in Phases

The Office of the National Coordinator for Health IT is changing its approach to offering guidance designed to help pave the way for secure national exchange of health information. ONC has confirmed it will issue a series of voluntary HIE guidelines instead of a Nationwide Health Information Network governance rule.

See Also: Live Webinar | Embracing Digital Risk Protection: Take Your Threat Intelligence to the Next Level

The revised plan calls for eventually launching a monitoring program for HIEs to make sure they are achieving governance goals, such as ensuring the privacy of patient data. But some observers are already questioning whether such a monitoring program, without mandatory regulations, would prove effective.

Back in September, ONC announced that it was backing away from issuing one rule containing voluntary "rules of the road" for health information exchange, contending that it would be premature because most HIEs are in the earliest stages of development (see: ONC Backs Off HIE 'Rules of the Road').

As the year draws to a close, Farzad Mostashari, who heads ONC, describes the new, phased-in, approach to guidance in a blog. The goal of the voluntary guidelines, Mostashari says, is to "increase interoperability, decrease the cost and complexity of data exchange and increase trust among participants to mobilize trusted exchange to support patient care."

When asked by HealthcareInfoSecurity if ONC's revised approach was much different from the earlier plan for issuing voluntary "rules of the road" in an NwHIN governance rule, an ONC spokesman responded:

"The guidelines we will publish will address the practices or actions that we think are important for governance of electronic health information exchange across the nation. And they will encourage, but not require, those practices. You could call them 'rules of the road,' but you have to remember that while these are important items, they are not mandatory. This is just one of a series of activities that we will do for governance."

In his blog, Mostashari explains that those other activities include a number of hearings and sessions to discuss HIE issues and also new federal grants "to advance collaboration within private or public sector organizations that have already established governance of health information exchange."

Reaction to Plans

Just as ONC's earlier decision to scrap the NwHIN governance rule sparked debate, the ONC's plans to issue voluntary governance guidelines is drawing a mixed reaction, with some observers offering strong support for the approach and others raising some concerns (see: HIE 'Rules of Road': What's Next?.

John Halamka, CIO at Beth Israel Deaconess Medical Center in Boston and vice chair of the HIT Standards Committee, which advises ONC, says that issuing guidelines and best practices for secure health information exchange makes more sense than strict regulations.

"Health information exchange is pretty embryonic," he notes. He points out that some states, including Massachusetts, have privacy laws that are stricter than some provisions of HIPAA. He also notes that states take widely varying approaches to obtaining patient consent. Some require patients to opt in to have their data exchanged, while others have decided that patient data will be exchanged unless patients opt out.

"The approach ONC is taking for health information exchange is to provide a framework of best practices and guidelines, rather than explicit rules, explicit details," Halamka adds.

Adam Greene, a partner at the law firm Davis Wright Tremaine LLC who formerly worked at the HHS Office for Civil Rights, also believes that a phased-in approach to providing voluntary guidance is more pragmatic than issuing federal rules.

"ONC can revise the guidance in light of changes in technology or based on lessons learned far more swiftly than through the regulatory process," he says. But he questions what steps ONC will take to ensure the guidance, without the force of law, will lead to compliance. "ONC may require compliance with the guidance as a condition of receiving federal funding, or NwHIN participants may make it a contractual condition of participation," he speculates.

Dixie Baker, a member of the HIT Standards Committee and chair of its privacy and security workgroup, also acknowledges that the new approach to guidance has some advantages. "The guidance [approach] allows more flexibility in interpretation than regulations, and is easier to update as circumstances change," she notes.

The guidance approach, however, carries some risks. "I would note that, in general, healthcare privacy and security policies and practices have been strengthened through a top-down approach, including HIPAA and HITECH, rather than bottom-up. I fear that this approach of seeking common ground most likely will result in a lowest common denominator for privacy and security."

Monitoring Program

In his blog, Mostashari says ONC will launch a monitoring program to ensure HIE governance goals are being addressed.

"I question how the 'monitoring program' will work, since 'guidelines' don't offer the enforcement power of regulations," says Baker, who is a partner at the consulting firm Martin, Blanck and Associates.

Greene also stresses the importance of setting clear standards for monitoring of exchanges "to ensure that potential patterns of improper access are detected."

In the Pipeline

ONC's other planned activities tied to governing health information exchange include:

  • A new grant program that will provide up to $400,000 to "selected governance organizations" to collaborate with ONC in developing and implementing HIE policies, interoperability requirements and business practice requirements;
  • An online town hall meeting Jan. 17 on the governance of health information exchange that will enable stakeholders to describe key issues, priorities and concerns;
  • A Jan. 29 public hearing hosted jointly by the HIT Policy Committee and HIT Standards Committee to further discuss the current state of health information exchange;
  • An effort coordinated by the National e-health Collaborative focused on enabling key HIE governance entities to work together on addressing key issues.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.