Voluntary HIE Standards in Works

Comments on Plans for NwHIN Governance Rule to be Sought
Voluntary HIE Standards in Works

Voluntary national standards, including privacy and security guidelines, for health information exchanges are inching forward. Federal authorities soon will issue a formal "request for information" seeking comments on long-overdue plans for a Nationwide Health Information Network Governance Rule.

See Also: The Application Security Team's Framework For Upgrading Legacy Applications

The proposed rule would create an NwHIN "brand" that health information exchanges and others could voluntarily earn, much like the Energy Star program that signifies the energy efficiency levels of appliances, says Farzad Mostashari, who heads the Department of Health and Human Service's Office of the National Coordinator for Health IT. Statewide, regional or local health information exchanges, integrated delivery systems, electronic health record system vendors and others could apply to receive recognition as complying with the NwHIN standards, which will include privacy and security provisions, he notes.

The development of the rule will start with solicitation of ideas in a Federal Register announcement in the coming days. Then ONC and its advisory groups will work on crafting what Mostashari portrays as "rules of the road" for HIEs once they review comments.

ONC decided to start with a request for information "because we do think there are sufficient areas of ambiguities and questions, so we need to get the broadest possible feedback prior to rulemaking," Mostashari said in opening remarks at a May 2 meeting of the Health IT Policy Committee, which advises ONC.

An HIE Catalyst?

Mostashari believes the NwHIN Governance Rule could help jump-start the exchange of patient records, much like the HITECH Act's electronic health record incentive program has served as a catalyst for the adoption of EHRs. So far, hospitals and physicians have received $4.5 billion in incentives through that program, officials announced at the HIT Policy Committee meeting. HITECH also is providing funding for statewide HIEs and certain other exchange projects.

National standards for health information exchange are necessary, Mostashari says, because many states are already developing "unique and potentially conflicting" rules for HIEs. The NwHIN rule "will make it more efficient to exchange health information while protecting patient privacy and security," he says. It also will help "lay the foundation" for future stages of the HITECH Act EHR incentive program, which will emphasize the importance of exchanging patient records among providers treating a patient, he adds.

The NwHIN rule will describe standards, services and policies "that enable trusted exchange," Mostashari says. It will include policies on privacy and security safeguards, confidentiality and data integrity.

Recently Released Guidance

While awaiting development of the NwHIN Governance Rule, ONC recently issued detailed privacy and security guidelines for federally funded health information exchanges based largely on the recommendations of the HIT Policy Committee and its privacy and security tiger team (see: HIEs Get Privacy Guidance).

That guidance, which could possibly foreshadow some of what may eventually be included in the NwHIN rule, spells out what federally funded HIEs "should" be doing in such areas as encryption, authentication and patient consent. The program information notice containing the guidance points out that HIEs that are not taking the recommended privacy and security steps must develop a "strategy, timeline and action plan for addressing these gaps."


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.