Category Archives: HIE

Beacon Community Program: Technical Call – June 1, 1pm EDT

Posted on by
Reply

Office of Nat’l Coordinator for Health IT Technical Assistance Call:
Tuesday 6/1/10, 1:00 – 2:00 PM EDT  (Link to slides below)
Excerpted from Office of National Coordinator for Health IT Web site and email on 6/1/10:
An additional $30.3 million is currently available to fund two additional Beacon Community cooperative agreement awards.  Please note that the Office of the National Coordinator for Health Information Technology is accepting Letters of Intent from potential applicants until 11:59 PM EDT June 9, 2010.”

“In addition, as was announced last week, ONC will be hosting a Technical Assistance call for potential applicants today, Tuesday, June 1 at 1:00 PM EDT.  This call will be a presentation on preparing proposals for this cooperative agreement. The purpose of this note is to pass on the specific dial-in information for today’s call.”

Technical Assistance Call (for round 2 Beacon applicants):  6/1/2010

Previous Technical Assistance Calls

Technical Assistance Call: 12/14/09

Technical Assistance Call:  1/20/2010

Learn more about the Beacon Community Cooperative Agreement Program:

Evaluation of State HIE Coop Programs: Leadership Webinar

Posted on by
Reply

Webinar (Slides) with State HIE Participants May 20, 2010:
Evaluation of State Health Information Exchange Cooperative Agreements Program
NORC (National Opinion Research Center) at the University of Chicago made a presentation to State HIE Leaders on May 20, 2010 on the evaluation project that Office of National Coordinator (ONC) for Health IT has hired them to perform. NORC will seek best practices and evaluate progress of state programs against those best practices and goals of the State HIE Cooperative Agreement Program.

Excerpted from State HIE Leadership Forum
Slide set PDF

Webinar with State HIE Participants
May 20, 2010

Agenda
• Introduce the evaluation team
• Provide an overview of the evaluation approach
• Discuss the evaluation technical assistance that the evaluation team will provide
• Provide an overview of the work that is being done to identify measure to track progress towards state goals

NORC Key Staff
• Prashila Dullabh (Project Director)
• Alana Knudson (Co-Project Director)
Other listed as well as sub-contractors

Overview of the Evaluation
• ONC awarded NORC contract in March 2010 to:
          Evaluation of the State Health Information Exchange (HIE)
          Cooperative Agreement Program focusing on systematic and timely feedback
          Identify best practices that successful states are taking to enable or facilitate exchange
         Analyze issues and challenges
         Assess the effectiveness of the Program in furthering information exchange capability within states

• Convene a Technical Advisory Group (TAG)
• Provide evaluation-related Technical Assistance (TA)

Research Domains
 The evaluation team will explore the following key research questions:
1. What are the various approaches that states are taking to enable or facilitate health information exchange?
2. What progress have states made in supporting health information exchange?
3. How does the approach relate to the level of implementation progress?

Evaluation Activities
• Review of state plans
• Conduct initial case studies
• Conduct structured interviews
• Review and analysis of data from states
• Collect additional data

Case Studies
• Objective: Identify lessons learned and strategies for overcoming barriers to HIE
• After reviewing the state plans, the evaluation team will propose a selection of possible candidates for the TAG’s review and approval.
• Selection criteria include:
          Stage of development
          Best practices for rapid implementation
         Overall model, scope and level of stakeholder participation
         Innovative or different technical approach
         Services provided
         Geographic diversity/Approaches to interstate exchange
• A case study report of key findings will be produced and shared with the program managers

Case Studies Approach
• Case studies to involve:
         Site visits
         Analysis of background materials and developing profiles of selected states
         One-on-one discussions with HIE leadership and stakeholders
         Focus group discussions with users and non-users

Evaluation Technical Assistance
• The evaluation team will provide technical assistance to the
states in their evaluation efforts by:
          Conducting webinars and teleconferences related to specific components of evaluation
          Holding evaluation seminars/workshops for state evaluation personnel to share ideas and listen to best practices
         Collating available tools and resources on evaluation
• What other approaches to technical assistance would be helpful?

Background on Performance Measures
• Reporting on performance measures is a program requirement and stipulated as part of the funding received by all states
• Purpose is to provide assessments on the overall progress and success of the Cooperative Agreement Program
• Focus is to develop measures that allow ONC to gain a deeper understanding of the current level of exchange within each state program and monitor changes over time
• Evaluation team to collaborate with ONC to develop baseline performance measures that relate to the development of HIE and compliments the overall evaluation

Selection and Design
Factors considered:
• Relevance of the measure across or within each of the phases of HIE maturity
• Relevance of the measures to the proposed meaningful use criteria
• Availability of data sources which could populate each measure
• Feasibility of states to get access to data sources

Approach
• Assist ONC in the development of a draft set of process-based and outcome-based measures
• Refine the draft set of measures with input from states and ONC
What are optimum approaches to involve the states in the development of the measures?

McClellan at Brookings: Making ‘Enhanced Use’ of Health Information Webcast

Posted on by
Reply

McClellan, Health IT Leaders Discuss More Effective Use of Health IT
in Half-Day Session with Far-Reaching Look Ahead
at Promotion, Models, and Policy Implications
Webcast, Podcast, Transcripts Available
In an excellent half-day session on May 14, 2010, Mark McClelland, MD, PhD,  Director, Engleberg Center for Health  Care Reform at Brookings, led a series of discussions among leaders of Health IT focusing on how to use the same data that is being collected, and will increasingly be collected, in patient care to help improve the health care system beyond the individual patient.

Brookings Events Page: “Making ‘Enhanced Use’ of Health Information”
Includes: Archived Webcast
Three Audio Sections
Issues Brief pdf (under Event Materials)
Transcripts

Summary
Starting off the discussion on promoting use of Electronic Health Records, Farzad Mostshari, Deputy Director, Policy and Programs, Office of National Coordinator (ONC) for Health IT,  said the ONC always started from the end goal, as he laid out key principles including keeping data as close to the source as possible and data “collected once and used many times.” When asked how meaningful use was going, he answered with one word “Fantastic” and a broad smile, and then pointed out that focus on quality was the core of “meaningful use.” (See John Halamka’s blog for a list of the principles Mostashari laid out.)

When it comes to promoting the use of Electronic Health Records, John Halamka, CIO, Harvard Medical School and Beth Israel Deaconess Medical Center, and Amanda Parsons, who oversees New York City’s Primary Care Information Project (PCIP), agreed “it’s about the workflow:” don’t be disruptive to the physician’s delivery of care to the patient, while at the same time changing the way they work/think to take best advantage of the data and  the wisdom that electronic health records and information exchange can offer. As Parons stressed “don’t let the perfect get in the way of the good,” one of the constant refrains of EHR and Health IT evangelists.

The next panel titled “Compelling Models of Enhanced Use of Health Information,” shared such models including those conducted by Geisinger Health System in Pennsylvania described by James Walker, chief health information officer of Geisinger; the multi-state metro Cincinnati HealthBridge described by Robert Steffel, president and CEO of HealthBridge; South Carolina HIE described by David Patterson who oversees the HIE along with the state’s Medicaid Director; Wisonsin Health Exchange described by Michael Raymer of Microsoft; and Kaiser Permanante’s Institute for Health Research described by its senior director John Steiner. Geisinger recently won a Beacon Community award from the ONC to extend the kind of Health IT structure it uses to support patients within its IDN to patients and physicians outside its delivery system.

“Implications for Policy” looked ahead with views from White Office of Science and Technology; Carol Diamond of Markle Foundation; Landen Bain of Clinical Data Interchange Standards Consortium Healthlink Program, and Andrew Weber, National Business Coalition on Health.

In answer to a question about what can be done on a policy end to help physicians  think and work with their patients differently for enhanced use of Health IT tools, Diamond said “The key from my perspective in terms of giving them the capacity to use these tools in a way that provides value to them is to not make quality and research a compliance exercise, but to make it part of the way care is delivered. And the only way I know how to do that is to give them the tools at the point of care while they’re with the patient and give them the flexibility to use those tools towards common goals.” Parsons agreed with another panelist when she added “Frankly, it just has to be an alignment of health reform and reimbursement rate.”

Bain may have summed up the impact of the day’s discusssions when he added he was glad that the conversation at Brookings had focused on workflow and business processes: ”I really am encouraged that we’ve moved off of what I call data blindness, where all you can think about is just data and this abstract quality that you want to get a hold of.”

McClelland’s Issue Brief “Using Information Technology to Support Better Health Care: One Infrastructure with Many Uses” (link to Brookings event page) provides an insightful perspective on Health IT and its impact on healthcare and health reform, as well as a good summary of what he described in his opening remarks.

HIT Policy Committee May 19 Meeting: Workgroup Updates

Posted on by
Reply

Updates on Meaningful Use, NHIN, Health IT Strategic Plan,
Information Exchange, Privacy & Security Plus
Opening Remarks from Blumenthal and ONC Update from Daniel
May 19, 2010         10:00 a.m. to 2:45 p.m. [Eastern Time]
Washington, DC
See documents and how to participate below:
AGENDA  (PDF Version)
10:00 a.m. CALL TO ORDER – Judy Sparrow
Office of the National Coordinator for Health Information Technology
10:05 a.m. Opening Remarks – David Blumenthal, MD, MPP
National Coordinator for Health Information Technology
10:15 a.m. Review of the Agenda
– Paul Tang, Vice Chair of the Committee
10:30 a.m. Strategic Plan Workgroup: Health IT Strategic Framework
–Paul Tang, Chair
–Jodi Daniel, Co-Chair
11:15 a.m. Information Exchange Workgroup Update
–Deven McGraw, Chair
–Micky Tripathi, Co-Chair
11:45 a.m. LUNCH BREAK
12:45 p.m. Meaningful Use Workgroup Update
–Paul Tang, Chair
–George Hripcsak, Co-Chair
1:15 p.m. Privacy & Security Policy Workgroup Update
–Deven McGraw, Chair
–Rachel Block, Co-Chair
2:00 p.m. NHIN Workgroup Update
–David Lansky, Chair
–Farzad Mostashari, Co-Chair
2:15 p.m. ONC Update
–Jodi Daniel, Office of the National Coordinator
2:30 p.m. Public Comment
2:45 p.m. Adjourn

Meeting Documents

  • Agenda [PDF - 304 KB]
  • Strategic Plan Workgroup: Health IT Strategic Framework [PPT - 1.78 MB]
  • Information Exchange Workgroup [PPT - 427 KB]
  • Meaningful Use Workgroup [PPT - 664 KB]
  • Privacy & Security Policy [PPT - 1.18 MB]

    • How to Participate
    Webconference:

    • At least 10 minutes prior to the meeting start time, please go to: http://altarum.na3.acrobat.com/HITpolicy
      • (If for any reason the link does not work, simply copy and paste the URL into your browser’s address bar)
      • Select “enter as a guest” 
      • Type your first and last name into the field 
      • Click “enter room” 
    • Test Your System:
      • You will need to have an up-to-date version of Flash Player to view the webconference.  Please test your system prior to the meeting by visiting http://altarum.na3.acrobat.com/common/help/en/support/meeting_test.htm Exit Disclaimer
      • When running this system test, you do not need to install the Adobe Connect Add-in (step 4 of the test), as that is not relevant to this meeting.
    * Please note:  Space in the Web conference is limited.  If for any reason you are unable to log in, you can still dial in via phone to listen to the audio (numbers below). 

    Audio:

    • You may listen in via computer or telephone.
      • US toll free:   1-877-705-6006
      • International Direct:  1-201-689-8557
      • Confirmation Code: HIT Committee Meeting  

    iPhone:

    • You can now watch & listen via your iPhone or iPod Touch (requires Wi-Fi). Here is how:
      • You must acquire the Connect Pro App for the iPhone/IPod Touch
        • On a computer – iTunes> Applications folder
        • On your mobile device – App Store
      • Search for the “Adobe Connect Pro” App
      • Follow the App Store steps to download the application
      • Once you have the app installed on your mobile device, you can simply follow the link & instructions above for participating in the Web conference.

    For more information, please go to: http://www.connectusers.com/tutorials/2010/02/connectpromobile/index.php Exit Disclaimer If you have any technical questions, please send an email to webmeeting@altarum.org

    Blumenthal Letter #15: No ‘One-Size-Fits-All’ in Building a Nationwide Health Information Network

    Posted on by
    1

    There Is No ‘One-Size-Fits-All’ in Building
    a Nationwide Health Information Network

    Dr. David Blumenthal

    Dr. David Blumenthal

    A Message from Dr. David Blumenthal, National Coordinator for Health Information Technology 
    Emailed May 14, 2010 (and copied below)

    Private and secure health information exchange enables information to follow the patient when and where it is needed for better care.  The Federal government is working to enable a wide range of innovative and complementary approaches that will allow secure and meaningful exchange within and across states, but all of our efforts must be grounded in a common foundation of standards, technical specifications, and policies.  Our efforts must also encourage trust among participants and provide assurance to consumers about the security and privacy of their information.  This foundation is the essence of the Nationwide Health Information Network (NHIN).

    The NHIN is not a network per se, but rather a set of standards, services, and policies that enable the Internet to be used for the secure exchange of health information to improve health and health care.  Different providers and consumers may use the Internet in different ways and at different levels of sophistication.  To make meaningful use possible, including the necessary exchange of information, we need to meet providers where they are, and offer approaches that are both feasible for them and support the meaningful use requirements of the Centers for Medicare & Medicaid Services (CMS) Electronic Health Record Incentives Programs.  As with the Internet, it is likely that what is today considered “highly sophisticated” will become common usage.  Moreover, users may engage in simpler exchange for some purposes and more complex exchange for others.

    Current NHIN exchange capabilities are the result of a broad and sustained collaboration among Federal agencies, large provider organizations, and a variety of state and regional health information organizations that all recognized a need for a high level of interoperable health information exchange that avoided “one-off” approaches.  Based on this pioneering work, a subset of these organizations is now actively exchanging information.  This smaller group currently includes the Department of Defense, Social Security Administration, Veterans Health Administration, Kaiser Permanente, and MedVirginia.  They initially came together to show, on a pilot scale, that this type of highly evolved exchange was possible.  Having succeeded, they continue to expand the level of exchange among their group and with their own respective partners in a carefully phased way to demonstrate and learn from these widening patterns of exchange. The robust exchange occurring at this level has several key attributes, including the:

    1. Ability to find and access patient information among multiple providers;
    2. Support for the exchange of information using common standards; and
    3. Documented understanding of participants, enabling trust, such as the Data Use and Reciprocal Support Agreement (DURSA).

    Not every organization and provider, however, needs or is ready for this kind of health information exchange today.  Nor do the 2011 meaningful use requirements set forth by CMS in the recent proposed rule require it. Direct, securely routed information exchange may meet the current needs of some providers for their patients and their practices, such as receiving lab results or sending an electronic prescription. 

    To enable a wide variety of providers – from small practices to large hospitals – to become meaningful users of electronic health records in 2011, we need to ensure the availability of a reliable and secure “entry level” exchange option that aligns with the long-range information exchange vision we have for our nation.  Such an option should balance the need for a consistent level of interoperability and security across the exchange spectrum with the reality that not all users are at the same point on the path to comprehensive interoperability.  In an effort to provide the best customer service possible, the Office of the National Coordinator for Health IT (ONC) will consider what a complete toolkit would be for all providers who want to accomplish meaningful health information exchange.

    Broadening the use of the NHIN to include a wider variety of providers and consumers who may have simpler needs for information exchange, or perhaps less technically sophisticated capabilities, is critical to bolstering health information exchange and meeting our initial meaningful use requirements.  Building on the solid foundation established through the current exchange group mentioned above and the recommendations of the HIT Policy Committee (which originated with the Committee’s NHIN Workgroup), ONC is exploring this expansion of NHIN capabilities to find solutions that will work across different technologies and exchange models. 

    The newly launched NHIN Direct Project  is designed to identify the standards and services needed to create a means for direct electronic communication between providers, in support of the 2011 meaningful use requirements.  It is meant to enhance, not replace, the capabilities offered by other means of exchange.  An example of this type of exchange would be a primary care physician sending a referral and patient care summary to a specialist electronically.

    We are on an aggressive timeline to define these specifications and standards and to test them within real-world settings by the end of 2010.  Timing is critical so that we may provide this resource to a broader array of participants in health information exchange as a wave of new, meaningful users prepare to qualify for incentives provided for in the HITECH Act and ultimately defined by CMS. This model for exchange will meet current provider needs within the broader health care community, complement existing NHIN exchange capabilities, and strengthen our efforts toward comprehensive interoperability across the nation.

    A natural evolution in NHIN capabilities to support a variety of health information exchange needs is being reinforced by trends that are leading us toward widespread multi-point interoperability. The current movement toward consolidation in health care, coupled with health reform’s encouragement of bundled payments for coordinated care, will mean more providers need it.  Quality improvement, public health, research, and a learning health care system all require it.  Ultimately, simple exchange will be part of a package of broader functions that allows any provider, and ultimately consumers, to exchange information over the Internet, enabled by NHIN standards, services, and policies.

    Your continued input will help guide us toward and maintain a direction that is in harmony with the rapid innovations in health IT today.  The NHIN Direct Project will conduct an open, transparent, and collaborative process throughout its development by using a community wiki, blogs, and open source implementation already available on the project’s website (http://nhindirect.org/ ).  I encourage you to participate through the website, via public participation at the implementation group meetings, and by deploying and testing the resulting standards and specifications.  For those of you who are participants in the current exchange group, I urge you to take every opportunity to share your experiences.  Lessons learned from the NHIN Direct Project and the exchange group will inform the evolution of the NHIN as new uses and users come forward, and as continued innovation occurs to meet the growing needs of our community.

    As we head into the next stage in the development of nationwide health information exchange, we should all take a moment to reflect on how far we have come and evaluate our plans for the future.  ONC is committed to providing resources and guidance to stakeholders at all levels of exchange through HITECH programs, such as the Health IT Regional Extension Centers, the national Health IT Research Center, and the State Health Information Exchange Program.  As you assess your own needs for exchange, please take advantage of the many Federal resources available to you on the ONC website and the online resources of the programs mentioned above, as well as through the “NHIN University” education program hosted by our public-private partner, the National eHealth Collaborative Exit Disclaimer.

    We have done a great deal of work in the short period of time since the passage of the HITECH Act.  We at ONC appreciate your willingness to stay engaged and involved in every step of our journey, and we look forward to our continuing collaboration to improve the health and well-being of our nation.

    Sincerely,
    David Blumenthal, M.D., M.P.P.
    National Coordinator for Health Information Technology
    U.S. Department of Health & Human Services

    The Office of the National Coordinator for Health Information Technology (ONC) encourages you to share this information as we work together to enhance the quality, safety and value of care and the health of all Americans through the use of electronic health records and health information technology.

    CMS Awards Add’l $9.1 Mil for Medicaid Health IT to New Jersey, Louisiana, Maryland, and Minnesota

    Posted on by
    Reply
    Four New CMS Awards for Health IT Programs for Medicaid
    Ups  Total to $67.6 Mil for 41 State/Territory Medicaid Agencies
    Centers for Medicare and Medicaid (CMS) announced its four latest federal matching fund awards on May 11, 2010 as part of the CMS Electronic Health Records Incentive Program with $9.2 million in this round divided between the Medicaid agencies for New Jersey with $4.93 million, Louisiana with $1.85 million, Maryland with $1.37 million, and Minnesota with $1.04 million.

    Among the 41 State/Territory Medicaid agencies, New Jersey captured the second largest award, with New York maintaining its top spot at $5.91 million. The midpoint for award amounts remains about $1.4 million per agency. See complete chart below with states, amounts, and dates announced.

    The press release for each state award continues to say “The Recovery Act provides a 90 percent federal match for state planning activities to administer the incentive payments to Medicaid providers, to ensure their proper payments through audits and to participate in statewide efforts to promote interoperability and meaningful use of EHR technology statewide and, eventually, across the nation.”

    All award announcements  (May 11, 2010 and prior) can be viewed via a search of CMS press releases that this link launches. 

    CMS Matching Funds for EHRs  

    State Amount Date
    Alabama $269,000 2/26/2010
    Alaska $900,000 1/21/2010
    Arizona $2,890,000 2/26/2010
    Arkansas $815,000 2/26/2010
    California $2,480,000 12/9/2009
    Colorado $798,000 3/24/2010
    Florida $1,690,000 2/26/2010
    Georgia $3,170,000 12/9/2009
    Idaho $142,000 12/9/2009
    Illinois $2,180,000 2/26/2010
    Iowa $1,160,000 11/23/2009
    Kansas $1,700,000 2/26/2010
    Kentucky $2,600,000 1/21/2010
    Louisiana $1,850,000 5/11/2010
    Maine $1,400,000 2/26/2010
    Maryland $1,370,000 5/11/2010
    Michigan $1,520,000 2/26/2010
    Minnesota $1,040,000 5/11/2010
    Mississippi $1,470,000 3/24/2010
    Missouri $1,530,000 4/26/2010
    Montana $239,000 12/9/2009
    Nebraska $894,000 2/26/2010
    Nevada $1,050,000 3/24/2010
    New Jersey $4,930,000 5/11/2010
    New Mexico $405,000 4/26/2010
    New York $5,910,000 12/9/2009
    North Carolina $2,290,000 3/24/2010
    Oklahoma $587,000 2/26/2010
    Oregon $3,530,000 4/26/2010
    Pennsylvania $1,420,000 1/4/2010
    Puerto Rico $1,800,000 4/26/2010
    South Carolina $1,480,000 1/21/2010
    Tennessee $2,700,000 1/4/2010
    Texas $3,860,000 12/9/2009
    US Virgin Islands $232,000 12/9/2009
    Utah $396,000 3/24/2010
    Vermont $294,000 2/26/2010
    Virginia $1,660,000 2/26/2010
    Washington $967,000 4/26/2010
    Wisconsin $1,370,000 1/21/2010
    Wyoming $596,000 3/24/2010
    TOTAL $67,584,000  

    For additional background information on CMS Awards, see these previous posts on e-Healthcare Marketing.
    March 29, 2010: “CMS Awards Total of $50 Million to 32 State Medicaid EHR Programs”
    April 26, 2010: “CMS Awards Add’l $8.2 mil for Medicaid Health IT to Oregon, Puerto Rico, New Mexico, Washington, and Missouri”

    Privacy & Security Workgroup Reviews Trust Framework, Role of Individual Consent for HIE Recommendations

    Posted on by
    Reply

    Trust Framework, Role of Individual Consent for HIEs
    Recommendations Review by Privacy & Security Workgroup
    of Health IT Policy Committee
    Agenda and Draft Recommendations excerpted from ONC site on May 7, 2010.
    To participate, see ONC Meetings Page.
    Audio Access during meeting:
    US toll free:   1-877-705-2976

    Agenda [PDF - 302 KB]
    2:00 p.m. Call to Order – Sarah Wattenberg, ONC
    2:05 p.m. Introductions & Overview of Agenda
               Deven McGraw, Chair
               Rachel Block, Co-Chair
    2:15 p.m. Discussion on Recommendations on the Trust Framework & Role of Individual Consent for HIE
    3:45 p.m. Public Comment
    4:00 p.m. Adjourn

    Next HIT Policy Meeting: May 19, 2010

    Recommendations [PDF - 257 KB]
    DRAFT: 5/6/2010 

    Framing

     The Policy Committee has endorsed a set of meaningful use criteria that require the exchange of data with other providers, with patients, to public health agencies, and, to a limited extent, with payers (for insurance eligibility checks). The expectation is that subsequent stages of meaningful use will likely require greater health information exchange.

     ONC is seeding a number of health information exchange activities, including NHIN Direct, direct funding states to create health information exchange infrastructure, and regional initiatives, in order to support current and future meaningful use requirements. All of these initiatives must have at an early stage a stable privacy framework that can set expectations early and support the evolution to a broader range of services involving potentially greater sharing and distributed use of health information.

     The work to establish standards for exchange – particularly for NHIN Direct – is proceeding rapidly, but to date this work has been uninformed by a clear set of policy expectations and requirements. There is urgent work to be done on technical elements of NHIN Direct, including the specification of standards for the kinds of health information sharing that would support meaningful use.

     But technical standards and technology approaches for information sharing always are based on established or assumed use cases and policy addressing what information is shared, how it is accessed and where it is stored. Thus, in the absence of specific policy the selection of standards and technical approaches inevitably create policy de facto -but without a full discussion of those embedded policy assumptions. Privacy and security policies should be established before, or at least be established in tandem with, technical standards. If the policy requirements are not clearly set at the start of these activities, it will be difficult to impossible to retrofit technology later – in terms of both impact to lives and financial costs. 

     Standards (for security or for health information generally) are not a substitute for clear policies that are essential to reassure healthcare professionals and consumers that information exchange can improve health outcomes without expressly or implicitly opening the door to inappropriate disclosures or uses of information. Appropriate information flows are essential to improving both individual and population health – but clear, unambiguous policies, and supporting technology, are needed to enable these information flows without (intentionally or unintentionally) exposing that information to unnecessary risk. 

     Current law provides a baseline set of requirements– but doesn’t provide adequate guidance or answer the important questions posed by the new exchange environment we are trying to create. If we fail to act, the weaknesses in current law will only be exploited by the greater data sharing contemplated by meaningful use.

     ONC issued a Nationwide Privacy and Security Framework in December 2008 that established a set of principles to govern health information exchange. These principles are guideposts – but principles alone are not a policy framework because they do not define the more specific policies and practices needed to implement them. Principles are meant to set high level aspirations – but they are only useful if translated into policies, practices, and technology solutions that specifically implement them in a comprehensive manner.

     The time has come to set forth more specific policies to govern health information exchange – early in the evolution of NHIN Direct and exchange through a local, state, regional or national HIE. The Workgroup began this discussion a couple of months ago looking specifically at the issue of the role of consent in health information exchange. But information policies are never effectively created in isolation. Rather, they must be created within a framework of complementary protections, both policy and technical, that work together to protect personal information.

    Recommendations

     We need a complete policy and technology framework that implements the principles in the Nationwide Privacy and Security Framework, that includes the specific policies and practices to govern digital health information exchange, and that sets expectations for what the technology must achieve. Such a framework should assume existing law and fill gaps, clarify the policies that technology and operational practices must enforce, be applicable to all entities that are exposed to health information, and be established through a combination of policy requirements, policy-specific technical requirements, and industry best practices.

     We must begin this work immediately, and it should proceed joined at the hip with the work currently being done to establish standards for NHIN Direct and requirements for state HIE and extension center grants. FACA bodies have an important role to play in establishing this framework, but we will need more support in order to make more specific recommendations and meet strict timelines. 

     Much of the focus of privacy conversations (both nationally and at the state level) is on the role of consumer consent, and consumer choice or consent plays an important role in a comprehensive policy and technology framework. But consent should not be the driver in setting privacy policy, because it essentially shifts the burden of protecting privacy to the individual who is left to choose whether data use and exchange within a particular model is trustworthy (a model the individual is not likely to understand). To truly build trust in health information exchange, we must do the hard work of setting terms and conditions of usage and exchange (both in terms of policy and technology). The role that effective, well informed consent can play should be considered within that context. 

     We have in place a set of laws that currently provide some context for “point-to-point” exchange of data, particularly for Stage 1 of Meaningful Use, where there is no “intermediary” in the middle with access to the data. [Note: the term "intermediary" refers to entities in the middle that access some data – at any layer of the technology stack that is required to share information securely- in order to perform a function that facilitates exchange or provides a a "value added" service.] This type of point-to-point exchange without an intermediary feels most like the type of exchange that occurs today. Current law was built on the assumptions in this model, and it is largely consistent with patient expectations. Consequently, in this narrow setting, we don’t believe that any additional patient consent requirements are needed beyond what is already set forth in current law. 

     However, even simple exchange is likely to depend on an intermediary providing some type of service that involves access to data, creating additional exposures and vulnerabilities. (For example, the HIPAA Security Rule addresses clearinghouses, which may help covered entities bring their HIPAA transactions into compliance with standards.) There need to be clear enforceable policies and technology requirements for all participants in health information exchange as well as for intermediaries of several types who may have varying levels of access to information. Such policies should include:

              o constraints on collection, access and disclosure of identifiable data;
              o constraints on data retention and re-use; and
              o minimal security requirements.

    We should consider the role of consent in direct exchange using intermediaries – but should do so only as part of a broader discussion about the policy and technology framework.

    Further Discussion:

     Examples of just some of the questions that should be addressed in developing this framework, beginning with direct exchange: 

              o For intermediaries providing basic levels of services like identity management, routing, or provider directory services, what access to data in the message envelope is needed to perform the service(s)? Is there any justification for allowing access to unencrypted data in the payload (message content)?
              o How long should such data collected be retained? What happens to the data after the service has been provided?
              o What, if any, reuses of such data should be permitted?
              o What technological requirements are needed to support policies around data access, use, disclosure, and retention (even on media that are reused)?
             o What other services are intermediaries likely to provide and what specific policies are needed to secure and maintain trust?
            o Who can access patient information directly from intermediaries and for what purposes?
            o What about further use and disclosure of de-identified information?
            o What did we learn from the Health Information Security and Privacy Collaborative (HISPC) work that can be instructive here?

     We also need to contemplate the broad range of exchange architectures that could exist (and whether they should exist), and how should the privacy and security principles be translated into policies and technology requirements needed to build trust in a particular type of exchange. The Workgroup has spent much of its time talking about direct or “vetted” exchange, where information is shared directly between two covered entities. But other models, such as those that involve the creation of large databases of individually identifiable health information that can be mined or queried , while allowable within current law, may raise concerns with respect to patient expectations. What policies and technical requirements are needed to build trust in these models, and what additional role should consumer choice play in building public trust?

     Enforcement of policies and requirements is also critical. These intermediaries are likely to be business associates under HIPAA. But unfortunately the business associate rules as currently interpreted do not provide sufficient specificity to serve as an effective policy framework to govern the activities of intermediaries in exchange. Among the concerns raised by workgroup members are the following:

    -business associate rules are either too lax or have been interpreted to allow chains of business associates to use information to serve their own or others’ business needs (vs. merely serving the needs of the covered entity whose data they possess).

    -an increase in the access to and use of de-identified data in an environment with insufficient protections against (and penalties for) inappropriate re-identification.

    -potential access to intermediary data by entities not currently governed by federal (or sometimes state) health privacy rules.

    -data moving through chains of subcontractors with uncertain accountability.

     Even with more specific rules, it is unclear whether business associate agreements provide an effective enforcement tool.

    -Currently, BA agreements are not required to include specific provisions limiting access to information. They have customarily been largely form documents that require compliance with HIPAA.

    -The balance of power may more likely be tipped toward the HIE/intermediary than the covered entity (for example, to take advantage of using the network to exchange data for MU, the covered entity may be required to agree to less desirable terms with respect to data use and re-use).

    -If it is possible to have more clear rules on business associate agreements, at least for intermediaries (for example, require certain provisions), enforcing these policies through BAAs has the advantage of piggybacking on substantial penalties for failure to comply.

    -However, this is only effective to govern two levels of exchange – from covered entity to one business associate; it does not effectively govern beyond those levels – such as a business associate to its sub-contractor.

     If the business associate rules are not an effective mechanism for setting policy and technology requirements for intermediaries, we may need to enforce through other governance mechanisms.

    -Is governing and overseeing these policies and requirements just a federal responsibility or do states/communities have a role?

    -Do we have sufficient existing authority to implement these policies in a consistent manner? (critical for interoperability)

    ONC Blog: Beacon Communities Lead Charge to Improve Health Outcomes

    Posted on by
    Reply

    Blumenthal Blogs on Health IT Buzz Blog plus add’l Links
    Beacon Communities Lead the Charge to Improve Health Outcomes
    Wednesday, May 5th, 2010 | Posted orginally by Dr. David Blumenthal on Health IT Buzz Blog.
    Excerpted directly from ONC Health IT Buzz Blog.
    Across the nation, in communities large and small, health information technology (health IT) innovators are boldly leading the way toward the adoption and meaningful use of electronic health records (EHRs). Yesterday, we awarded $220 million in Beacon Community cooperative agreements to 15 trailblazing community consortiums that will demonstrate how the meaningful use of electronic health records can serve as a critical foundation for achieving measurable improvement in the quality and efficiency of health care in the United States.

    Health care providers often suggest that health IT is challenging to implement, and that certain types of communities are better prepared (and funded) to reap its benefits.

    The 15 Beacon Communities named today, however, demonstrate the significant diversity among those who have been successful in implementing and using health IT. The areas of diversity represented in the consortiums receiving grants include:

    • Geographic – Beacon Communities are located from coast to coast and beyond to Hawaii
    • Population Density – Beacon  Communities serve both urban and rural populations
    • Populations – Beacon programs address health disparities among minority populations, including Native American, African American, and Hispanic, among others

    Equally important, these communities are committed to demonstrating tangible outcomes:

    • Individual Health Outcomes – Beacon Communities’ outcomes encompass a variety of disease states and treatment approaches, including diabetes, cardiovascular disease, asthma, and chronic obstructive pulmonary disease
    • Population Health outcomes – Beacon Communities target varying dimensions of population and public health, from improved immunization and cancer screening rates, to innovations for public health surveillance

    Additionally, the Beacon Community Program demonstrates robust collaboration among Federal agencies.   Two of the grantees seek to improve Veterans’ care by leveraging the Department of Defense’s and Department of Veteran Affairs’ Virtual Lifetime Electronic Record (VLER) program for active duty, Guard and Reserve, retired military personnel, and eligible separated Veterans.

    These diverse partners will provide unique insights into best practices that can be applied to similar communities nationwide, as they strive to build a health IT infrastructure as a critical foundation for health system improvement. In doing so, the Beacon Community program will support the nationwide adoption of health IT by 2015.

    I congratulate the Beacon Community awardees and am confident the Beacon Communities will succeed in demonstrating the promise of health IT and facilitating other communities’ adoption and meaningful use of technology.

    –David Blumenthal, M.D., M.P.P. – National Coordinator for Health Information Technology
    For the original post, comments and the complete Health IT Buzz Blog.
                                           #              #               #

    White House Video of VP Biden and Sec’y HHS Sebelius Announcement

    Additional e-Healthcare Marketing posts with info on Beacon Communities
    –Blumenthal Letter #14 on Beacon Communities
    –White House Announcement on $220 Million Awards with Communities Listed
    –ONC Named for Beacon Communities Program
    –ONC Roles and Posts–Includes Overall Director, Ofc of State and Community Programs

    CMS Webinar Series on Health IT Starts May 13, 2010

    Posted on by
    Reply

    CMS Webinar Series on Health IT Starts May 2010
    Follow up to Feb 2010 CMS Conference on Health IT
    Excerpted from CMS Webinar Series site on May 5, 2010. Updated May 22, 2010.

    Webinar Series Starting May 13, 2010
    CMS Webinar Series    “CMS is pleased to announce that a series of Webinars is being conducted for individuals who were unable to participate in ”CMS Second Annual Multi-State Health IT Collaborative for E-Health Conference” that ran February 2010 in Washington, DC.

    Five sessions will be offered over the next several weeks, with two already scheduled for time and date.

    Session Title and Session Date/Time
    Promoting Electronic Records Adoption/ Communications/ Outreach
    5/13/2010 1:00 pm ET     Register–click here.

    Establishing Health Information Exchange Governance and HIT Exchange Planning
    Week of May 18 specific date/time TBD

    Lessons Learned and Best Practices for Medicaid Health Information Technology Promotion
    5/27/2010 1:00 pm ET    Register, click here.

    Health Information Exchange and Tribal Affairs
    6/2/2010 1:00 pm ET      Register, click here.

    Technical Assistance Resources for State Agencies
    6/9/2010 2:00 pm ET      Register, click here.

    Promoting Electronic Records
    Adoption Communications/Outreach
    TBD

    You may register for as many Webinars as you like, and registration is free; however, you must be registered to attend.

    Please note: A dry run will take place 24 hours prior to each Webinar session to ensure that you are able to participate through the computer system you will be using.

    After you have registered, additional information on how to access both the dry run and the Webinar session will be emailed to you approximately 1 week prior to the session date.

    For Additional Questions or Support, go to the CMS Webinar page for instructions.

    “CMS Second Annual Multi-State Health IT Collaborative for E-Health Conference”
    For e-Healthcare Marketing post about “CMS Second Annual Multi-State Health IT Collaborative for E-Health Conference” that ran in February in Washington, DC.

    For direct link to materials and presentations from “CMS Second Annual Multi-State Health IT Collaborative for E-Health Conference.”

    HIPAA Privacy Rule Accounting: Nine Questions from HHS Focusing on PHI Disclosures

    Posted on by
    Reply

    Nine Questions About HIPAA Privacy Rule Accounting
    for PHI Disclosures; Asked by HHS Office of Civil Rights 
    Excerpted from Federal Register under Proposed Rules section on Monday, May 3, 2010. (Vol. 75, No. 84; Page 23214). These are selections from the Request for Information about accounting for disclosures of protected health information (PHI). See PDF for full text and how to submit written comments, requested by May 18, 2010.

    HIPAA Privacy Rule Accounting of Disclosures Under the Health Information Technology for Economic and Clinical Health Act; Request for Information
    AGENCY: Office for Civil Rights, Department of Health and Human Services.

    45 CFR Parts 160 and 164  RIN 0991–AB62

    ACTION: Request for information.

    SUMMARY: Section 13405(c) of the Health Information Technology for Economic and Clinical Health (HITECH) Act expands an individual’s right under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to receive an accounting of disclosures of protected health information made by HIPAA covered entities and their business associates. In particular, section 13405(c) of the HITECH Act requires the Department of Health and Human Services (‘‘Department’’ or ‘‘HHS’’) to revise the HIPAA Privacy Rule to require covered entities to account for disclosures of protected health information to carry out treatment, payment, and health care operations if such disclosures are through an electronic health record. This document is a request for information (RFI) to help us better understand the interests of individuals with respect to learning of such disclosures, the administrative burden on covered entities and business associates of accounting for such disclosures, and other information that may inform the Department’s rulemaking in this area.

    DATES: Submit comments on or before May 18, 2010.

    II. Questions
    1. What are the benefits to the individual of an accounting of disclosures, particularly of disclosures made for treatment, payment, and health care operations purposes?

    2. Are individuals aware of their current right to receive an accounting of disclosures? On what do you base this assessment?

    3. If you are a covered entity, how do you make clear to individuals their right to receive an accounting of disclosures? How many requests for an accounting have you received from individuals?

    4. For individuals that have received an accounting of disclosures, did the accounting provide the individual with the information he or she was seeking? Are you aware of how individuals use this information once obtained?

    5. With respect to treatment, payment, and health care operations disclosures, 45 CFR 170.210(e) currently provides the standard that an electronic health record system record the date, time, patient identification, user identification, and a description of the disclosure. In response to its interim final rule, the Office of the National Coordinator for Health Information Technology received comments on this standard and the corresponding certification criterion suggesting that the standard also include to whom a disclosure was made (i.e., recipient) and the reason or purpose for the disclosure. Should an accounting for treatment, payment, and health care operations disclosures include these or other elements and, if so, why? How important is it to individuals to know the specific purpose of a disclosure—i.e., would it be sufficient to describe the purpose generally (e.g., for ‘‘for treatment,’’ ‘‘for payment,’’ or ‘‘for health care operations purposes’’), or is more detail necessary for the accounting to be of value? To what extent are individuals familiar with the different activities that may constitute ‘‘health care operations?’’ On what do you base this assessment?

    6. For existing electronic health record systems:
    (a) Is the system able to distinguish between ‘‘uses’’ and ‘‘disclosures’’ as those terms are defined under the HIPAA Privacy Rule? Note that the term ‘‘disclosure’’ includes the sharing of information between a hospital and physicians who are on the hospital’s medical staff but who are not members of its workforce.
    (b) If the system is limited to only recording access to information without regard to whether it is a use or disclosure, such as certain audit logs, what  nformation is recorded? How long is such information retained? What would be the burden to retain the information for three years?
    (c) If the system is able to distinguish between uses and disclosures of information, what data elements are automatically collected by the system for disclosures (i.e., collected without requiring any additional manual input by the person making the disclosure)? What information, if any, is manually entered by the person making the disclosure?
    (d) If the system is able to distinguish between uses and disclosures of information, does it record a description of disclosures in a standardized manner (for example, does the system offer or require a user to select from a limited list of types of disclosures)? If yes, is such a feature being utilized and what are its benefits and drawbacks?
    (e) Is there a single, centralized electronic health record system? Or is it a decentralized system (e.g., different departments maintain different electronic health record systems and an accounting of disclosures for treatment, payment, and health care operations would need to be tracked for each system)?
    (f) Does the system automatically generate an accounting for disclosures under the current HIPAA Privacy Rule (i.e., does the system account for disclosures other than to carry out treatment, payment, and health care operations)?
               i. If yes, what would be the additional burden to also account for disclosures to carry out treatment, payment, and health care operations? Would there be additional hardware requirements (e.g., to store such accounting information)? Would such an accounting feature impact system performance?
               ii. If not, is there a different automated system for accounting for disclosures, and does it interface with the electronic health record system?

    7. The HITECH Act provides that a covered entity that has acquired an electronic health record after January 1, 2009 must comply with the new accounting requirement beginning January 1, 2011 (or anytime after that date when it acquires an electronic health record), unless we extend this compliance deadline to no later than 2013. Will covered entities be able to begin accounting for disclosures through an electronic health record to carry out treatment, payment, and health care operations by January 1, 2011? If not, how much time would it take vendors of electronic health record systems to design and implement such a feature? Once such a feature is available, how much time would it take for a covered entity to install an updated electronic health record system with this feature?

    8. What is the feasibility of an electronic health record module that is exclusively dedicated to accounting for disclosures (both disclosures that must be tracked for the purpose of accounting under the current HIPAA Privacy Rule and disclosures to carry out treatment, payment, and health care operations)? Would such a module work with covered entities that maintain decentralized electronic health record systems?

    9. Is there any other information that would be helpful to the Department regarding accounting for disclosures through an electronic health record to carry out treatment, payment, and health care operations?

    Dated: April 26, 2010.
    Georgina Verdugo,
    Director, Office for Civil Rights.
    See PDF for full text and how to submit written comments, requested by May 18, 2010.

    Related articles
    Mary Mosquera reported on May 3, 2010 in Government HealthIT, “To help guide the Health and Human Services Department in tightening rules for health information privacy, HHS has asked providers, payers and consumers to comment on the benefits and burdens of accounting for the disclosure of protected health information, even if the data is intended for treatment and billing purposes.”
    Dom Nicastro, wrote a background and review of questions on May 3, 2010, for HealthLeaders Media.
    Joseph Goedert wrote brief report in HealthData Management on May 3, 2010.