Health IT Groups Criticize Information Exchange Regulation Plan
Private sector asks the feds to ease up on Nationwide Health Information Network governance; too much regulation could squash growing health information exchanges, they say.
8 Health Information Exchanges Lead The Way
(click image for larger for slideshow)
Organizations representing private-sector stakeholders have reacted negatively to the framework for governance and operations of the Nationwide Health Information Network (NwHIN) that the Office of the National Coordinator of Health IT (ONC) described in a recent request for information (RFI). The main thrust of their comments on the RFI, which was issued May 15, is that the proposed framework contains too large a dose of federal regulation and control and is premature.
The comment period on the RFI closes July 6. After that, ONC will propose rules to create a governance mechanism for the NwHIN, as required by law. These would affect not only the NwHIN Exchange, which will become a public-private entity in the fall, but would also impose certain requirements on other health information exchanges and entities that voluntarily choose to participate in the NwHIN.
Of the four major organizations that submitted comments, three--the HIMSS Electronic Health Record Association (EHRA), the eHealth Initiative (eHI), and the Certification Commission on Health IT (CCHIT)--said that a public-private partnership, rather than ONC, should establish governance of and conditions for participation in the NwHIN.
CCHIT said that governance of the NwHIN by an independent public-private entity "may be a more effective approach in establishing trust, gaining wide adoption, and allowing for multi-stakeholder representation."
The American Hospital Association (AHA) said that ONC should focus on establishing a governance framework, but should not formulate regulations on "conditions of trusted exchange" (CTEs)--standards that would specify how and by whom health data could be exchanged. AHA was particularly concerned that any such regulations might be applied to information exchanges within healthcare enterprises, rather than just HIEs that connect unrelated organizations.
The EHRA agreed that the initial focus should be on developing a governance mechanism, rather than specifying CTEs, which should be created by a public-private governing body. The use of the government regulatory apparatus to define standards for information exchange, it said, could easily become a "de facto mandate" for all HIEs.
The eHealth Initiative noted that many of the 250 community HIEs it tracks are in an immature state and have not yet found a sustainable business model. These entities need more time to develop before they're regulated under a national governance structure, eHI said.
Steven Posnack, director of ONC's federal policy division, said in a presentation on the RFI that ONC wanted to issue regulations now because:
-- The healthcare system needs more health information exchange;
-- Conditions of trust are required to accelerate data exchange;
-- A common set of rules on security and privacy, interoperability, and business practices is needed "to create a consistent trust baseline for stakeholders"; and
-- In the absence of national guidance, some states, private stakeholders, and consortiums are beginning to create their own standards, which might conflict with national standards later on.
But eHI argued that the proposed framework fails to address the real issues that are holding back HIEs and that some aspects of it--notably the imposition of additional privacy standards--might hamper their growth. AHA, similarly, said that, instead of adding a whole new set of privacy requirements, the NwHIN should adopt only extra privacy safeguards that would improve on existing requirements.
The RFI asks for input on NwHIN governance; CTEs in the areas of privacy and security, interoperability, and business practices; and a mechanism for "validating" entities that wish to show conformance with the CTEs. Among the entities that ONC expects will become NwHIN-validated entities (NVEs) are electronic health record developers; integrated delivery networks; regional, state, and local HIEs; health information service providers; and state and federal agencies.
Under the framework suggested in the RFI, NwHIN governance would be subject to oversight by the Federal Trade Commission and the Department of Health and Human Services' office of civil rights. That, and the fact that ONC itself would issue rules on NwHIN governance, add up to a heavy layer of federal regulation that the private-sector organizations view as burdensome and unnecessary.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.