Deven McGraw, Project HealthDesign Regulatory and Assurance Advisory Group, Center for Democracy & Technology
On May 15, the Office of the National Coordinator for Health IT (ONC) released a formal Request for Information from the public (RFI) on governance of the Nationwide Health Information Network (NwHIN). ONC defines NwHIN as a "set of standards, services, and policies that enable secure health information exchange over the Internet." In the early years of federal health IT initiatives, the NwHIN was described as a “network of networks,” reflecting a strategy of achieving nationwide health information exchange by establishing state or regional health information exchanges and linking them together. The new definition reflects the belief that exchange does not require the building of new networks but also can be achieved through the use of common, interoperable standards in an environment of trust.
In the RFI, ONC observes that electronic exchange to date “has been governed by a patchwork of contractual relationships, procurement requirements, State and Federal laws, and industry self-regulation,” and this this patchwork has led to “asymmetries in the policies and technical standards.” In developing governance conditions, ONC hopes to establish “a consistent, baseline set of ‘rules of the road’ for electronic exchange.”
The RFI proposes "conditions for trusted exchange" (CTEs) in three areas: safeguards (which focus on the protection of individually identifiable health information), interoperability (which focus on the technical standards needed for interoperable exchange), and business practices (sound operational and financial practices). These CTEs would impose some requirements that go above and beyond what current law requires. For example, one of the safeguard CTEs would require entities to implement security safeguards like encryption that currently are not mandatory for health care providers. ONC anticipates that the CTEs will be reviewed annually and evolve over time (some will be retired, others will be added), as exchange needs become more robust and standards are improved. The 16 proposed CTEs, and the specific questions ONC has asked the public to weigh in on, can be found in the RFI.
The entities ONC intends to govern are not individual providers but instead the intermediaries that facilitate exchange among providers and patients. Examples include state or regional health information organizations (RHIOs), health information exchanges (HIEs), and private networks established by vendors. The RFI proposes that intermediary entities be validated with respect to their compliance with the governance CTEs. Those intermediary entities that are validated are then called NwHIN Validated Entities or NVEs. The RFI also proposes oversight over the validators; ONC will remain responsible for overseeing NwHIN governance but also intends to seek and select a private-sector entity to have oversight over the validators.
NwHIN governance is proposed to be voluntary, although ONC anticipates that they could become mandatory conditions for participation in certain federal programs. The idea is to create a set of conditions for trusted exchange that intermediary entities will seek to follow – and those intermediaries will agree to exchange data with other intermediaries who have committed to following the same conditions.
Comments on the RFI are due on June 14, and can be filed electronically. The Health IT Policy Committee also will be considering comments to the RFI at its June 6 meeting. ONC expects the public comments to help shape a forthcoming proposed regulation on NwHIN governance.