The comment period on the RFI closes July 6. After that, ONC will propose rules to create a governance mechanism for the NwHIN, as required by law. These would affect not only the NwHIN Exchange, which will become a public-private entity in the fall, but would also impose certain requirements on other health information exchanges and entities that voluntarily choose to participate in the NwHIN.
Of the four major organizations that submitted comments, three--the HIMSS Electronic Health Record Association (EHRA), the eHealth Initiative (eHI), and the Certification Commission on Health IT (CCHIT)--said that a public-private partnership, rather than ONC, should establish governance of and conditions for participation in the NwHIN.
CCHIT said that governance of the NwHIN by an independent public-private entity "may be a more effective approach in establishing trust, gaining wide adoption, and allowing for multi-stakeholder representation."
[ Is it time to re-engineer your clinical decision support system? See 10 Innovative Clinical Decision Support Programs. ]
The American Hospital Association (AHA) said that ONC should focus on establishing a governance framework, but should not formulate regulations on "conditions of trusted exchange" (CTEs)--standards that would specify how and by whom health data could be exchanged. AHA was particularly concerned that any such regulations might be applied to information exchanges within healthcare enterprises, rather than just HIEs that connect unrelated organizations.
The EHRA agreed that the initial focus should be on developing a governance mechanism, rather than specifying CTEs, which should be created by a public-private governing body. The use of the government regulatory apparatus to define standards for information exchange, it said, could easily become a "de facto mandate" for all HIEs.
The eHealth Initiative noted that many of the 250 community HIEs it tracks are in an immature state and have not yet found a sustainable business model. These entities need more time to develop before they're regulated under a national governance structure, eHI said.
Steven Posnack, director of ONC's federal policy division, said in a presentation on the RFI that ONC wanted to issue regulations now because:
-- The healthcare system needs more health information exchange;
-- Conditions of trust are required to accelerate data exchange;
-- A common set of rules on security and privacy, interoperability, and business practices is needed "to create a consistent trust baseline for stakeholders"; and
-- In the absence of national guidance, some states, private stakeholders, and consortiums are beginning to create their own standards, which might conflict with national standards later on.
But eHI argued that the proposed framework fails to address the real issues that are holding back HIEs and that some aspects of it--notably the imposition of additional privacy standards--might hamper their growth. AHA, similarly, said that, instead of adding a whole new set of privacy requirements, the NwHIN should adopt only extra privacy safeguards that would improve on existing requirements.
The RFI asks for input on NwHIN governance; CTEs in the areas of privacy and security, interoperability, and business practices; and a mechanism for "validating" entities that wish to show conformance with the CTEs. Among the entities that ONC expects will become NwHIN-validated entities (NVEs) are electronic health record developers; integrated delivery networks; regional, state, and local HIEs; health information service providers; and state and federal agencies.
Under the framework suggested in the RFI, NwHIN governance would be subject to oversight by the Federal Trade Commission and the Department of Health and Human Services' office of civil rights. That, and the fact that ONC itself would issue rules on NwHIN governance, add up to a heavy layer of federal regulation that the private-sector organizations view as burdensome and unnecessary.