At the September meeting of the Health IT Policy Committee, National Coordinator for Health IT Farzad Mostashari announced that the Office of the National Coordinator for Health IT was dropping its plans to issue regulations setting voluntary "rules of the road" for participation in the Nationwide Health Information Network (NwHIN). This action removes one potential tool for advancing a framework of standards and policies to enable digital health information exchange among providers and patients.
With Stage 2 of meaningful use requiring more exchange of digital health information, the need to establish and implement such a framework has never been more urgent. HHS should more actively use its existing authorities to build a virtual network that facilitates the efficient sharing of health information in a way that health care providers and patients trust.
Back in May, ONC released a Request for Information seeking public comment on a set of voluntary policies aimed at establishing "conditions of trust and interoperability" that would enable health information exchange to flourish. ONC posited that providers would be capable of exchanging digital health information if participants in NwHIN were required to adhere to specific exchange policies and standards. In addition, providers would be willing to share information with other participants in NwHIN if there were greater assurances that all participants were abiding by a set of baseline policies and recommended best practices with respect to privacy and security.
CDT submitted comments expressing concerns about some of the proposed NwHIN governance conditions, but overall, we strongly supported HHS issuing a set of clear policies and standards to remove potential obstacles to the more robust exchange of health information that can improve individual and population health. Such policies and standards can and should reduce uncertainty about whether exchange among different providers is technically possible and can be done without undue risk to patient privacy, paving the way for exchange. We were joined in our comments by another prominent consumer organization, the National Partnership for Women and Families.
Although we supported the goals of NwHIN governance, we acknowledge that the voluntary governance structure proposed for NwHIN would have been an imperfect vehicle for implementing policies and standards that promote interoperability and build trust. Entities facilitating health information exchange would voluntarily adopt the NwHIN rules and be subject to audit and accreditation for adherence to those rules. However, a "consent of the willing" approach to governance works only if a significant number of the target population are willing to participate. Judging from the comments submitted to the RFI, that was not the case with the proposed NwHIN rules.
To avoid having the demise of voluntary NwHIN governance result in lack of progress on establishing a policy framework that promotes trust and interoperability, it is critical that HHS use its existing authorities to advance those policies and standards necessary to establish clear pathways for health information exchange. Conditions proposed in the RFI that are worth pursuing through existing policy authorities include:
- Requiring adoption of robust security protections by intermediaries that facilitate health information exchange;
- Ensuring that such intermediaries deliver secure messages between providers (or between providers and patients) without imposing financial preconditions;
- Providing patients with some choice with respect to health information sharing in new exchange models;
- Enabling providers to access provider directories to facilitate care coordination using electronic health information exchange; and
- Protecting data de-identified per HIPAA standards from intentional or inadvertent re-identification.
CMS and ONC should continue to use the meaningful use objectives and electronic health record certification criteria to establish conditions of interoperability and ensure EHRs have the capability to deploy strong security protections. ONC also should continue to work with its grant recipients to ensure that they adopt policies that implement fair information practice principles set forth in the Nationwide Privacy and Security Framework for the Electronic Exchange of Individually Identifiable Health Information.
ONC issued Program Guidance to state health information exchange grantees requiring the adoption of such policies; following through on and ensuring execution of that guidance becomes more important now that specific NwHIN governance rules are off the table.
The HIPAA Privacy and Security rules also are critical policy tools for advancing conditions of trust for nationwide health information exchange. However, this vehicle for advancing trust is currently being underutilized. Enforcement of HIPAA is improving but the final rules to implement -- and clear up uncertainties about -- the changes to HIPAA mandated by HITECH are bottled up at the Office of Management and Budget. Final implementation of these changes is now nearly three years overdue.
The Office for Civil Rights previously has issued guidance about compliance with HIPAA, but much more specific guidance will be needed in order to clarify expectations and reduce uncertainties for providers, many of whom will be exchanging health information digitally across networks for the first time.
Providers also need clarity on how the HIPAA rules apply to the exchange of clinical information with patients, such as through the Stage 2 view, download and transmit requirements. Such guidance should provide examples of activities that are (and are not) considered to be in compliance with the rules and should promptly address critical questions in time to enable providers to meet the exchange and patient engagement requirements of meaningful use. This may require internal process changes within the Administration to facilitate more nimble response.
In announcing the decision to drop plans to issue an NwHIN governance rule, ONC committed to using available levers to accomplish goals of trust and interoperability and leading through guidance. However, this commitment will need to extend throughout HHS and the Administration in order to accomplish seamless and trusted exchange for patients and providers.