TECH­NOL­OGY:

But NWHIN se­cu­rity, pri­vacy con­cerns re­main

Modern Healthcare - - MODERN HEALTHCARE - Joseph Conn

Pri­vate sec­tor will take lead on na­tion­wide health info net­work

Many of the health­care in­dus­try’s in­for­ma­tion tech­nol­ogy cognoscenti are pleased that the top U.S. of­fi­cial over health in­for­ma­tion tech­nol­ogy hit the reg­u­la­tory pause but­ton to al­low the pri­vate sec­tor to take the lead on the na­tion­wide health in­for­ma­tion net­work. Even some who like the ap­proach, though, won­der whether the still-em­bry­onic net­work can over­come long un­re­solved pri­vacy and se­cu­rity is­sues with­out the fed­eral gov­ern­ment tak­ing a more force­ful role.

Dr. Farzad Mostashari, head of the Of­fice of the Na­tional Co­or­di­na­tor for Health In­for­ma­tion Tech­nol­ogy at HHS, an­nounced Sept. 6 that “now is not the time” for for­mal reg­u­la­tion of the pro­posed net­work, known as NwHIN.

Mostashari’s of­fice will still keep an eye on pri­vate-sec­tor at­tempts at self-reg­u­la­tion and plans to chip in with help and ad­vice on oc­ca­sion, but it will step back in only if for­mal reg­u­la­tion is needed, he said. One rea­son for con­tin­ued ONC at­ten­tion is that Congress un­der the Amer­i­can Re­cov­ery and Rein­vest­ment Act man­dated that the ONC es­tab­lish a “gov­er­nance mech­a­nism” for the NwHIN.

Yet even the mer­est inkling of a NwHIN gov­er­nance plan, which was about all the fed­eral agency re­leased in its for­mal “re­quest for in­for­ma­tion” on May 15, was too much reg­u­la­tion for many of the 140 in­di­vid­u­als and or­ga­ni­za­tions that sub­mit­ted for­mal com­ments on the pro­posal.

“We are ex­tremely pleased that Dr. Mostashari heard our con­cerns,” said Jen­nifer Covich Bor­denick, CEO of the New York­based not-for-profit eHealth Ini­tia­tive, which, in its for­mal com­ments on the ONC plan, asked Mostashari’s crew to hold off while the mar­ket de­vel­ops self-reg­u­la­tion mech­a­nisms.

Dan Por­reca, ex­ec­u­tive di­rec­tor of HealtheLink, a re­gional health in­for­ma­tion ex­change based in Buf­falo, N.Y., also praised the doc­tor’s call. “I give Dr. Mostashari a lot of credit and ap­pre­ci­ate the fact that he asked for feed­back and he lis­tened to the feed­back he re­ceived,” Por­reca said in an e-mail. “There is a lot go­ing on and a lot of ad­vance­ments throughout the coun­try.”

Al­though it has gone by var­i­ous names over the years, an in­tra-na­tional health in­for­ma­tion net­work that would en­able providers and re­searchers to look up, re­trieve and se­curely ex­change pa­tient in­for­ma­tion has been the enig­matic goal of the ONC since the agency’s for­ma­tion in 2004. Dr. David Brailer, the first ONC leader, called for the for­ma­tion of a “net­work of net­works,” link­ing re­gional health in­for­ma­tion or­ga­ni­za­tions, or RHIOs, into a na­tion­wide grid.

“There are top­ics that need to have good dis­course, but it is dif­fer­ent in many ar­eas across the coun­try.”

—Dave Whitlinger, New York eHealth Col­lab­o­ra­tive

In re­cent years, the ONC has placed con­sid­er­able em­pha­sis on the Di­rect project, an ini­tia­tive it launched in March 2010 with pri­vate sec­tor par­tic­i­pa­tion to de­velop a bare-bones set of com­mon stan­dards, in­clud­ing se­cu­rity-pro­tect­ing en­cryp­tion, for clin­i­cal mes­sag­ing. Di­rect is likely to carry much of the load for peer-to-peer and clin­i­cian-to-pa­tient mes­sag­ing in the re­cently re­leased Stage 2 mean­ing­ful-use re­quire­ments of the fed­er­ally funded EHR in­cen­tive pay­ment pro­gram, for ex­am­ple. Direc­tTrust.org, a newly formed, pri­vate­sec­tor gov­er­nance project for Di­rect mes­sag­ing par­tic­i­pants, was linked by Mostashari in a re­cent blog post on NwHIN gov­er­nance.

But it was a broader, more com­plex na­tion­wide query and re­trieve sys­tem that has proved more net­tle­some from a pol­icy-set­ting per­spec­tive, said Dave Whitlinger, ex­ec­u­tive di­rec­tor of the New York eHealth Col­lab­o­ra­tive, which co­or­di­nates ac­tiv­i­ties of New York’s statewide health in­for­ma­tion ex­change net­work. Mul­ti­ple self-reg­u­la­tion schemes for this broader net­work also are in the works, he said.

While Mostashari still wants an NwHIN, as a fed­eral of­fi­cial, “try­ing to force the next level of record ex­change, what he refers to as query-based ex­change, has a num­ber of is­sues, mostly pol­icy is­sues, data rights and pri­vacy is­sues,” Whitlinger said.

“New York has writ­ten a lot of pol­icy and has ex­change go­ing in 12 dif­fer­ent com­mu­ni­ties and has a lot go­ing for it on a state-based net­work with 20 mil­lion peo­ple,” Whitlinger said. But some other states “are just get­ting started,” he said.

Also, New York has one of the more strin- gent state pri­vacy poli­cies, in that pa­tients must be asked and pro­vide their con­sent, or “opt in,” to have their med­i­cal records trans­ferred through the state ex­change.

In con­trast, providers that are mem­bers of the In­di­ana Health In­for­ma­tion Ex­change don’t need to ob­tain pa­tient con­sent for their data to be ac­ces­si­ble through the ex­change, re­ly­ing in­stead on the more lax Health In­sur­ance Porta­bil­ity and Ac­count­abil­ity Act’s 2002 pri­vacy rule re­vi­sion.

It al­lows for shar­ing of pa­tient in­for­ma­tion for treat­ment, pay­ment and many other health­care op­er­a­tions with­out con­sent, which Whitlinger called “the ex­act op­po­site” of New York. Still, other state ex­changes use an “opt out” frame­work; con­sent is im­plied, and pa­tients may re­quest that their records not be in­cluded.

These dif­fer­ences raise ques­tions, Whitlinger said: “Does the pa­tient know who is see­ing this data and for what pur­poses? There are top­ics that need to have good dis­course, but it is dif­fer­ent in many ar­eas across the coun­try.” For now, he said, those pol­icy dif­fer­ences “are too great to sur­mount.”

Oth­ers com­plained that the ONC’s de­ci­sion to with­draw from for­mal rule­mak­ing means not only that pri­vacy and se­cu­rity is­sues may im­pede a na­tion­wide net­work, but also that the gov­ern­ment is fail­ing to ad­dress those con­cerns.

“No reg­u­la­tions mean the in­dus­try and the data min­ers will still dom­i­nate the process, but reg­u­la­tions mean the poor pa­tients will at least have a shot at hav­ing im­pact on the process through ad­vo­cacy,” said Dr. Deb­o­rah Peel, an Austin, Texas psy­chi­a­trist and founder of not­for-profit Pa­tient Pri­vacy Rights Foun­da­tion. In its com­ments, the foun­da­tion urged the ONC to seize this “crit­i­cal op­por­tu­nity” to ad­dress “pri­vacy and se­cu­rity flaws in cur­rent sys­tems and state and fed­eral data ex­changes.”

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.