Updates and Evaluation
By John Halamka, MD
Twitter: @jhalamka
The June HIT Standards Committee focused on an update and evaluation of the standards and interoperability framework initiatives, consistent with the overall theme of ONC’s recent reorganization and strategic plan to focus on fewer goals with a greater depth. Steve Posnack, who now leads the ONC Office of Standards and Technology, introduced the topic. Mera Choi and John Feikema provided an overall update. Evelyn Gallego, Jonathan Coleman, and Marc Hadley described their projects.
It was truly an amazing discussion. The energy in the room was palpable.
Common themes included
- Embrace FHIR, JSON, REST and OAuth
- Avoid a different standard for every use case – research, clinical care, and population health should use the same standards if the standards are suitable for purpose
- Limit scope as needed to get real transactions in production
- Use emerging technologies whenever possible – use “early automobiles” not faster horses or fancier buggy whips
- Keep it simple (as simple as possible but no simpler)
- Support modularity and an innovative ecosystem of third party apps with Application Programming Interfaces (read/write) in EHRs
- Data provenance (who generated the data) and data integrity/quality are important
- Integration of transactions into sender and receiver workflow must be considered
- Market forces are even more powerful incentives than certification/regulation
- A trust fabric with appropriate security to respect patient privacy preferences is foundational
With these themes in mind, every member of the committee was asked to name the most important standards and interoperability framework priority.
Everyone agreed that data provenance/integrity and support for query-based exchange via APIs were the topics we should work on.
The entire committee came to a conclusion, representing independent opinions from a multi-stakeholder perspective, that aligned perfectly with ONC’s 10 year vision. Per the recent ONC whitepaper, the goals of the next 3 years should be
*provider and patient ability to send, receive, query, and use data
*data provenance/quality and patient matching
*privacy and trust
At our next meeting we’ll drill deeper into a refinement of the standards and interoperability framework by asking what we are missing in the existing initiatives that is foundational to the ONC 10 year vision. Although Meaningful Use is important, we need to think about standards beyond the confines of the next stage of Meaningful Use.
After the framework discussion, Dixie Baker and Lisa Gallagher provided an update on the Privacy and Security Workgroup’s evaluation of the 2015 Certification Notice of Proposed Rulemaking. They recommended edits to 5 areas, which were approved by consensus:
Two-Factor Authentication – ONC should use a risk based framework aligned with DEA controlled substance e-prescribing without generally requiring two-factor authentication capability.
Accounting of Disclosures – given that the concept of a “Complete EHR” has been replaced with a series of selectable criteria, there no longer needs to be a statement that accounting of disclosures is optional.
Audit clarification within the context of ASTM E2147 – The PSWG believes it is feasible to certify EHR compliance with the ASTM E2147 audit log standard, and does not recommend ONC specify other actions in an updated standard for the 2017 Edition, or that ONC consider any additional standards.
Server authentication – A mechanism should exist for computer to computer data transfers as part of a trust fabric.
Automatic time-outs – A timeout should restrict access to protected health information and ONC does not need to be prescriptive about how this happens.
A great meeting!
John D. Halamka, MD, MS, is Chief Information Officer of Beth Israel Deaconess Medical Center, Chairman of the New England Healthcare Exchange Network (NEHEN), Co-Chair of the HIT Standards Committee, a full Professor at Harvard Medical School, and a practicing Emergency Physician. This article was originally published in his blog Life as a Healthcare CIO and is reprinted here with permission.