TRENDING:

Revised NHIN Governance Plan Advances

Panel Calls for 'Conditions of Trust' for Health Information Exchange Howard Anderson (ismg_editor) • December 13, 2010    
Revised NHIN Governance Plan Advances
A federal advisory panel has endorsed the basic elements of what should be included in a new rule spelling out how to govern organizations using national standards for health information exchange.

The Health IT Policy Committee approved recommendations from its governance workgroup Monday calling for creation of a program to validate that those involved in information exchange are properly using the Nationwide Health Information Network standards. Although use of NHIN is voluntary, the committee recommends that the standards should be the "preferred approach" to exchanging information. And it called on the Office of the National Coordinator for Health IT to create "strong incentives" for organizations to use the NHIN standards.

The recommendations also call on ONC to precisely define "conditions of trust and interoperability," including spelling out standards for privacy and security. Security standards, for example, would address encryption, authentication and auditing, among other issues.

Fewer HIE Governance Specifics

The governance workgroup's recommendations were greatly scaled back after the committee rejected the group's initial NHIN governance proposals last month. The original plan contained far more specifics, endorsing, for example, the creation of a non-governmental organization to head the NHIN governance effort, which raised concerns among committee members.

The greatly revamped governance recommendations endorsed by the HIT Policy Committee Monday are much more vague. They state, for example, that the federal government should "participate fully and directly" in governance, but "other entities should have specific appropriate roles within the framework."

In passing the recommendations, the committee added language specifying that regulators should take steps to ensure that certification standards for electronic health records software under the HITECH Act incentive program incorporate applicable NHIN conditions of trust and interoperability.

"This has been among the most challenging set of recommendations" to develop and approve, acknowledged David Blumenthal, M.D., who heads ONC, which is a unit of the Department of Health and Human Services. He called the overdue NHIN governance rule, now slated for release next year, "the glue to make interoperability work."

The HITECH Act, which provided funding to support statewide health information exchanges, also called for development of NHIN.

The NHIN Concept

NHIN is not an actual network, but "a set of policies, standards and services that enable the Internet to be used for secure and meaningful exchange of health information," according to the official government definition. The idea behind NHIN is to pave the way for the exchange of electronic health records and other information coast-to-coast by linking various health information exchanges and other networks that all adhere to the same standards.

To make NHIN work, someone needs to offer a "seal of approval" that networks meet the NHIN standards. That's the intent of the governance rule that's in the works.

Meanwhile, seven pilot projects are beginning tests of The Direct Project, which enables simple, secure exchanges of information between two healthcare organizations.

If the tests are successful, the open source specifications for the project, formerly known as NHIN Direct, could be made available for use by electronic health records vendors, organizations facilitating health information exchange and others by next spring, says Arien Malec, project coordinator.

Matching Patients to EHRs

The HIT Policy Committee also received an update from its Privacy and Security Tiger Team, which is working on recommendations regarding how to match patients to the right records when information is exchanged among organizations. The team, which held a hearing on the issue Dec. 9, expects to produce recommendations early next year.

In explaining the issue, Paul Egerman, tiger team co-chair, said federal authorities must develop guidelines to ensure that if one organization sends information to another, it's correctly matched to any data on the patient the second organization already has. "Data linking challenges increase as data gets further removed from the source and when more sources of data are introduced," according to the tiger team's presentation.

A big part of the challenge in patient matching is a 1999 law prohibiting HHS from spending any money to develop a unique health identifier for patients without prior Congressional approval. The law was enacted because of controversy over initial discussions about carrying out a HIPAA mandate for a patient identifier by using the Social Security number, in whole, in part or expanded, as a patient identifier.

Meanwhile, a presidential panel has called for the creation of a universal exchange language that would tag information in EHRs with related privacy information. "Addressing a widespread privacy concern, such a system would not require the creation or assignment of universal patient identifiers, nor would it require the creation of any centralized federal database of patients' health information," the council noted.

That universal exchange language could potentially wind up in requirements for future stages of the HITECH EHR incentive program.

Electronic Health Record Standards

At its Monday meeting, the HIT Policy Committee continued its preliminary discussions of Stage 2 EHR requirements. A federal rule for Stage 2, which begins in 2013, is due late in 2011. Requirements for Stage 1 of the HITECH EHR incentives which begins next year, are final.

Among the draft EHR meaningful use objectives for Stage 2 under early consideration are:

  • Continuing the Stage 1 requirement for conducting a risk analysis and correcting deficiencies, but updating the analysis requirement to include emerging NHIN privacy policies.
  • Requiring physicians to enable 20 percent of patients to use a personal health record to access their information and offer 30 percent of patients secure messaging. Physicians also would have to give patients the ability to download new information in their records within four days of the data becoming available;
  • Requiring hospitals to offer 80 percent of patients the ability to view and download within 36 hours of discharge the relevant information contained in their records.
Previous
2nd Business Assoc. Breach Hits Hospital
Next
Two More EHR Certifiers Selected

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

CyberArk CEO Touts New Browser That Secures Privileged Users
CyberArk CEO Touts New Browser That Secures Privileged Users
Are We Facing a Massive Cybersecurity Threat?
Are We Facing a Massive Cybersecurity Threat?
Why Cyber Defenders Need Partnerships, Tools and Education
Why Cyber Defenders Need Partnerships, Tools and Education
Threat Detection for 'DEED' Environments of Enterprises Today
Threat Detection for 'DEED' Environments of Enterprises Today
Checking Out Security Before Using AI Tools in Healthcare
Checking Out Security Before Using AI Tools in Healthcare
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
Securing OT and IoT Assets in an Interconnected World
Securing OT and IoT Assets in an Interconnected World
What's Inside Washington State's New My Health My Data Act
What's Inside Washington State's New My Health My Data Act
Integrating Generative AI Into the Threat Detection Process
Integrating Generative AI Into the Threat Detection Process
Top Privacy Considerations for Website Tracking Tools
Top Privacy Considerations for Website Tracking Tools

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.