21st Century Cures Act: Will It Revamp Health Data Exchange?DirectTrust CEO David Kibbe Discusses New Law's Provisions and Their Potential Impact
The 21st Century Cures Act presents a number of critical but challenging issues pertaining to the advancement of nationwide secure health information exchange that federal regulators must address, says David Kibbe, M.D., president and CEO of DirectTrust, which developed a secure healthcare email protocol.
The legislation, signed into law late last year by former President Obama, aims to accelerate the development of medical innovation as well as reform the nation's mental health system. It includes several important health IT provisions designed to help achieve those goals by easing secure health information sharing.
The law directs the Department of Health and Human Services' Office of the National Coordinator for Health IT to take the lead role in carrying out those provisions. For example, ONC must "convene public and private stakeholders to develop or support a common national trust framework and agreement."
But Kibbe notes in an interview with Information Security Media Group: "It's unclear in the minds of many people what a 'common national trust framework' means."
That provision, Kibbe says, appears to be "a holdover idea from the HITECH Act ... when policy-setters and the federal government at that time thought we would have something called the 'national health information network,' and that would sort of be the railroad line on which health information and data would be exchanged in this country. Instead of that, we have a set of at least two health information networks - one being DirectTrust for 'push' [exchange of data] and the other being the [Sequoia Project] eHealth Exchange for query, which are standards-based and are used extremely widely."
A number of health information exchange organizations around the country all "have their own security and trust networks and rules in which the delivery of and access to information are governed," he adds. "We also have some vendor [data exchange] networks. So we have a patchwork quilt."
Kibbe says it makes sense to look at the principles and practices of trust, security and identity in those various networks and "perhaps come up with some basic rules that ought to be part of a 'framework of the frameworks.' But I do think it will be very difficult to try to pick out a one-size-fits-all trust framework and get people to sign on to that. So, it's going to be a challenge."
ONC will host a June 9 Direct Exchange Workshop focusing on the adoption and use of the Direct specification to improve health IT interoperability.
In the interview, Kibbe also discusses:
- The challenges involved with a 21st Century Cures Act provision that allows for civil monetary penalties to be imposed upon healthcare entities and vendors that participate in intentional and inappropriate "information blocking";
- Whether ONC has enough funding and resources to carry out all the health IT provisions called for under the new law;
- Other emerging cybersecurity and information privacy challenges faced by the healthcare sector.
Kibbe, a physician, is founding president and CEO of DirectTrust, a not-for-profit trade association that created and maintains the security and trust framework for using the Direct Project protocol. The protocol provides specifications for a secure, scalable, standards-based way to send encrypted health information directly to known, trusted recipients over the internet. Kibbe is also senior adviser to the American Academy of Family Physicians.