HIE governance best practices, ONC activities explored
“It’s imperative that there is a chain of trust throughout the exchange of healthcare information. We are only as strong as the weakest link,” said Paul Uhrig, chief administrative and legal officer, chief privacy officer, Surescripts, during a Sept. 17 National eHealth Collaborative (NeHC) webinar on health information exchange (HIE) governance activities.
The theme of trust as a critical foundation of HIEs emerged in the discussion with healthcare organizations and officials from the Office of the National Coordinator for Health IT (ONC).
Since April, NeHC and ONC have worked with 30 HIE governing entities to discuss, prioritize and catalog challenging aspects of HIE governance and identify common solutions.
For Surescripts, Uhrig said HIEs must have the ability to answer the following questions: Who can connect to, and transact with, the network? What are the requirements and conditions to connect (e.g. security)? What standards are used to exchange information? What message types can be transmitted? What are the conditions of continued participation?
To that end, he said HIE governance needs transparent processes and procedures to establish rules of participation, which are disseminated throughout the HIE.
Uhrig stressed that swift enforcement action must follow any breach of a rule of participation. “This can’t be stressed enough. It’s not enough to establish the chains of trust, you have to monitor compliance.” When a breach of a rule is identified, the party responsible must follow a remediation plan or lose their certification as an HIE participant.
Although disruptive, Uhrig also said that suspending services is necessary when evidence emerges that privacy and security are at stake.
David C. Kibbe, MD, MBA, executive director, DirectTrust, said that trust is a “layered and tiered construct,” thus systems of trust need to be federated and scaled, and also require standardization so they are easily operated and made to work for purposes of exchange.
Direct’s scalable trust strategy enables exchange between a large number of endpoints, including Health Information Service Providers (HISPs), users and subscribers, he said.
If scalable, he said trust should happen quickly and uniformly and a complete network will form voluntary. Over time, the complexity and cost of establishing the network will decrease while its value will increase as more data are added. “By being a part of a network, they are getting value and whatever they have to offer is more valuable because it is shared with more people,” Kibbe said.
Mariann Yeager, executive director, Healtheway, discussed implementing trust in a federated community of exchange partners. Like Uhrig, she stressed that importance of a common set of “rules of the road” and the importance of a governance structure to oversee exchange participations and enforce compliance.
Participants in Healtheway must sign a trust agreement that establishes the relationship of participants to each other and spells out compliance requirements, including technical testing, privacy and security standards and obligations for equitable exchange.
At the webinar, ONC Challenge Grant Director Kory Mertz also shared updates on ONC awards given last March to DirectTrust.org and the New York eHealth Collaborative to develop and adopt policies, interoperability requirements and business practices that align with national priorities.
DirectTrust’s work plan entails launching an accreditation program that includes 50 HISPs, CAs or RAs by the end of the first quarter of 2014. To date, 41 entities have achieved full or candidate accreditations for HISPs, CAs or RAs, Mertz reported. Another 13 applicants currently are seeking accreditation. Moreover, as part of its work plan, eight organizations have placed anchor certificates in the trust bundle, he said.
Looking forward, Mertz said DirectTrust is focusing on outreach and engagement and developing a HISP operating policy document to guide HISP operations and future accreditation. Exchange metrics will be posted on healthit.gov this fall, he added.
The New York eHealth Collaborative is investing its grant funding in an EHR/HIE Interoperability Workgroup (IWG). Its work plan involves testing various models for querying provider directories to support EHR-HISP and HISP-to-HISP exchange of Direct messages.
It also is testing an HPD+ directory standards and data model developed by the S&I Framework with help from 21 pilot participants including HIEs and vendor partners, he said. Results of the pilots will be incorporated into IWG’s Direct Implementation Guide by February 2014 and into the HIE certified testing program.