HIE Security Best Practices Get a Boost

Grants Support Secure Health Information Exchange Efforts
HIE Security Best Practices Get a Boost

Two organizations have received federal funding to support projects, including development of security best practices, designed to help pave the way for nationwide health information exchange

See Also: Confronting the New Economics of Cybersecurity with Risk Automation

The Office of the National Coordinator for Health IT on April 4 announced it awarded $280,000 to DirectTrust, a non-profit trade association that created and maintains a security and trust framework for using the Direct Project protocol for secure e-mail between healthcare providers.

DirectTrust will use the grant to support expanding security and trust best practices, standards and policies, says David Kibbe, the association's president and CEO. The federal funds also will support the organization's new accreditation program designed to advance adoption of its framework.

ONC also provided $200,000 to the EHR|HIE Interoperability Workgroup, led by the New York eHealth Collaborative, which oversees New York's statewide health information exchange efforts.

The workgroup will use the grant to support continued development of implementation specifications for interoperability between HIEs and electronic health record systems, says NYeC executive director David Whitlinger. That work will include development of healthcare provider directories to ensure that queries for patient information are sent to the correct physician addresses, he says.

Nationwide Data Exchange

Both projects are designed to help spur continued development of health information exchanges that adequately protect the privacy of patient information, says Claudia Williams, director of health information exchange at ONC. That could ultimately pave the way for the national exchange of data to improve coordination and quality of patient care.

"We will work closely with each of these entities and their partners to develop policies, interoperability requirements and business practices that align with national priorities to overcome interoperability challenges and reduce implementation cost," Williams says.

The work by both organizations also could help hospitals and clinics achieve the data exchange requirements for Stage 2 of the HITECH Act electronic health record incentive program, she adds.

ONC will award additional grants later "if funding is available," Williams says. ONC leaders had initially indicated that the office could award up to four grants worth $800,000 for these health information exchange efforts.

Other Efforts

Other HIE governance activities under way at ONC include a new HIE Governance Forum, which is working on identifying key issues and common challenges in the governance of health information exchange along with best practices to address them. That forum will meet for the first time next week.

Also, ONC will soon release a framework of principles for HIE governance, Williams says. The framework will provide voluntary goals regarding privacy, business practices and interoperability for secure health information exchange. Those goals "will be higher level" than the voluntary "rules of the road" for HIE governance that ONC had originally planned to offer as part of a Nationwide Health Information Network governance rule, she explains.

ONC dropped plans for the rule and shifted to gradual rollout of guidelines, contending that issuing a formal rule would be premature because most HIEs are in the earliest stages of development (see: ONC Backs Off HIE 'Rules of the Road').

The guidance will be based, in large part, on the recommendations of the Health IT Policy Committee and its Privacy and Security Tiger Team, says Farzad Mostashari, who heads ONC, a unit of the Department of Health and Human Services.

Collaborative Work

The funding to DirectTrust and NYeC under ONC's Exemplar HIE Governance Program are actually "cooperative agreements" rather than grants, explains DirectTrust's Kibbe.

"That's a major distinction," he says. "We are obligated to work with each other and with ONC to align our efforts" in advancing secure HIE, he says.

DirectTrust is partnering with the Electronic Healthcare Network Accreditation Commission in an accreditation program that kicked off in February. Under the program, organizations offering products and services based on the Direct Project protocol can be accredited for meeting DirectTrust's security and trust framework. That framework is a set of technical, legal, and business standards, best practices and policies.

The Direct Project offers specifications for a secure, scalable, standards-based way to send encrypted health information directly to known, trusted recipients over the Internet.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.