Webinar: Trust Fabric must cover all aspects of NHIN
 |
The webinar, “The Trust Fabric of the NHIN: Making Exchange a Good Choice,” was presented by the National eHealth Collaborative, as part of its NHIN University webcast series.
The NHIN Workgroup of the HIT Policy Committee was formed in the fall of 2009 “to create set of recommendations around policies and technical framework that allows NHIN to be open to all and to foster innovation,” Yeager said. “Everybody realizes that interoperability is not one size fits all.”
“We needed to make sure there was an environment that was fostering existing exchanges and allowing new exchanges to come forward, but also looking at the types of issues around policies and accountability in the mix,” she said. “Trust was an absolute important underpinning of that activity.”
The group recognized that privacy and security protections are essential, and that trust as an element of information exchange may be implemented differently across organizations, Yeager said. “The framework allows for that variability,” and offers a way to talk about trust in a more substantial way, she added.
The NHIN Workgroup made its recommendations to the HIT Policy Committee on April 21. The group advised that the ONC adopt an overarching trust framework at a national level, not to dictate what states and local entities do, "but to allow a way to talk about and articulate and have a nomenclature around trust,” she said.
The group identified five elements for a national trust framework:
1. Agreed-upon business, policy and legal requirements: All participants will abide by an agreed upon set of rules, including compliance with applicable law and act in a way that protects the privacy and security of the information. Exchange participants must comply with HIPAA and applicable laws. Information exchange is limited to permitted purposes, and participants have a duty to respond to information queries, Gravely said. NHIN permissions are based on digital credentials, and participants must have the necessary operational infrastructure to support exchange, he said.
3. Transparent oversight: Oversight of the exchange activities to assure compliance. Oversight should be as transparent as possible and is handled by the NHIN Exchange Coordinating Committee and Technical Committee. Robust breach reporting requirements are built-in, along with the supporting infrastructure, Gravely said, and “the multi-level dispute resolution process ends up with the Coordinating Committee.”
4. Identity assurance: All participants need to be confident they are exchanging information with whom they intend and that this is verified as part of the information exchange activities. Coordinating Committee vets applications from prospective participants. Every participant signs DURSA, the defining legal document for exchange. “That is foundational to mutual trust--knowing that everyone at the table is operating by the same set of rules and meets the same set of requirements,” Gravely said.
5. Technical requirements: All participants agree to comply with some minimum technical requirements necessary for the exchange to occur reliably and securely. Must adhere to defined specifications and must undergo validation testing and have self-auditing capabilities, said Gravely.
“We started off with the aspiration that we could create an infrastructure that would make trust a reasonable choice. Now, we have created a model in which trust is a reasonable choice…by finding a way to implement these components of trust into operational, living, breathing documents, procedures and infrastructure, said Gravely.
“That’s a good thing, because as I read the HITECH Act, it’s no longer optional that we do this: It’s mandatory that we do this if we have any hope [of achieving] the level of operational activity that the HTIECH act requires for healthcare providers as we move forward,” he concluded.