ONC Seeks Help Measuring Interoperability Progress
Addressing the ‘Holy Grail’ of Secure, Nationwide Health Data Exchange
Federal regulators are seeking healthcare sector input on how to measure the progress that’s being made toward achieving nationwide secure exchange of health data to help improve the quality of care.
The Department of Health and Human Services’ Office of the National Coordinator for Health IT is seeking comment on a proposed Interoperability Standards Measurement Framework to evaluate progress so far by healthcare sector stakeholders – including health IT vendors, healthcare providers and health information exchange organizations – in implementing and using standards facilitating health information exchange now that electronic health record use is widespread.
That ONC roadmap came, in part, in response to pressure from Congress to demonstrate a return on investment on the more than $30 billion spent on the HITECH Act financial incentive program for “meaningful use” of electronic health records.
Among its critical principles, the ONC roadmap included proposed milestones for achieving an “ubiquitous, secure network infrastructure” to help facilitate nationwide health information exchange.
Roadmap recommendations for achieving those milestones stated that “technology developers should follow best practice guidance for ‘building security in’ their health IT products and services. Security considerations should be incorporated at all phases of the software development lifecycle, including penetration testing. Health IT products and services should be deployed with secure defaults enabled, such as encryption, and easily patched when security issues are identified.”
Now, with its proposed Interoperability Standards Measurement Framework, ONC is looking to assess how the healthcare sector is progressing in implementing and using interoperability standards.
“Measuring interoperability is essential to monitoring progress toward a goal set by Congress,” ONC writes in the proposed measurement framework. “In the Medicare Access and CHIP Reauthorization Act of 2015, Congress declared a national objective to achieve widespread exchange of health information through interoperable certified EHR technology nationwide by Dec. 31, 2018. If this objective is determined to have not been met, then a report will be issued that identifies barriers to achieving widespread interoperability and recommends actions that the federal government can take to achieve the stated objective.”
The purpose of the proposed Interoperability Standards Measurement Framework, according to ONC, is to “determine the nation’s progress in implementing interoperability standards in health information technology and the use of the standards as a way to measure progress toward nationwide interoperability. Additionally, the framework will help identify specific barriers to standards implementation and use that need to be addressed. Given that standards play a critical role in interoperability, it is essential that ONC measures the implementation and use of standards when exchanging health information.”
ONC is seeking comments by July 31 on its proposed interoperability standards measurement framework and how to best engage data holders and other relevant stakeholders in implementing it.
The ability for healthcare providers to securely exchange patient data nationally to help improve the quality of care “is the holy grail – and as expected – not easily achieved,” says Mac McMillan, president of security consulting firm CynergisTek.
“Security systems and controls rely on understanding what is allowed/not allowed, normal/abnormal, and having consistent standards for interoperability provides the basis for making these determinations,” he says. “It’s also important because it provides the basis for trust between organizations sharing data.”
The biggest hurdle standing in the way of healthcare entities securely exchanging patient information “is agreeing on a standard or set of standards and getting manufacturers to develop systems or software that conform with those standards,” McMillan says.
“Proprietary systems and software makes this a huge challenge. An internal issue that makes this difficult is actual control of the network. Many CIOs in healthcare do not control all of the systems that connect to the enterprise – medical devices and printers are a good example of this. For standards to affect interoperability, everyone has to use them.”
ONC says its proposed interoperability standards measurement framework includes two main measurement objectives:
- Implementation of standards in a health IT product;
- Use of standards, including customization of the standards, by end users to meet specific interoperability needs.
In its proposed standards measurement framework, the term “standards” is used to refer to both standards and accompanying implementation specifications, ONC notes.
“Experience has shown that just because technology includes ‘standardized’ capabilities they are not necessarily used to their fullest extent nor are they always implemented in a ‘standardized’ manner,” writes Steven Posnack, director of ONC’s office of standards and technology in an April 26 blog announcing the measurement framework.
“ONC recognizes the critical role that health IT developers, health information exchange organizations, and healthcare organizations will need to play to develop an agreed upon set of measures to assess the implementation and use of standards.
Patient Matching Challenge
In addition to unveiling its proposed interoperability measurement framework, ONC announced that in June in will launch a “patient matching algorithm challenge” that will award six cash prizes totaling $75,000. The algorithms would be designed to make sure the right records are matched to the right patient, especially as data is exchanged.
Posnack says ONC “expects the result of this challenge will spur the development of innovative new algorithms, benchmark current performance, and help industry coalesce around common metrics for success.”
Accurate patient identity matching has been a big challenge for the healthcare sector in attempting to securely and safely share electronic patient data. When Congress passed HIPAA in 1996, the law called for the creation of a unique health identifier for individuals. But in response to privacy concerns, Congress in 1999 passed a law that prohibits federal funds to be used to develop any such identifier.
Source: SANS ISC SecNewsFeed @ May 2, 2017 at 03:03PM