ONC Backs Off HIE 'Rules of Road'

Nationwide Health Information Network Rule Shelved

By , September 10, 2012.
ONC Backs Off HIE 'Rules of Road'

The Office of the National Coordinator for Health Information Technology has dropped plans to draft regulations setting voluntary "rules of the road," including privacy and security guidelines, for health information exchanges to help pave the way for the national exchange of information.

See Also: Security Alerts: Identifying Noise vs. Signals

Farzad Mostashari, M.D., who heads ONC, a unit of the Department of Health and Human Services, explains in a blog why the office has shelved plans to launch a Nationwide Health Information Network Governance Rule based on feedback to a request for information about the proposed regulation.

"We started with an RFI because we recognized that the health information exchange marketplace is still in its infancy, and we wanted to get broad input before issuing a proposed rule," Mostashari says. "Based on what we heard and our analysis of alternatives, we've decided not to continue with the formal rulemaking process at this time, and instead implement an approach that provides a means for defining and implementing nationwide trusted exchange with higher agility, and lower likelihood of regret."

The blog goes on to explain why ONC has veered away from drafting a formal NwHIN rule.

"First and foremost, we heard that there are a lot of promising health information exchange activities currently under way and emerging, perhaps more than is widely appreciated. There are also existing and emerging consortia and voluntary governance bodies, both for directed as well as query-based exchange. One concern we heard repeatedly was that the very act of beginning a regulatory process may actually slow the development of trusted exchange at a time when we cannot afford that."

Comments Pro and Con

ONC received a wide variety of comments in responses to its RFI. While some organizations sought mandatory, rather than voluntary compliance with national guidelines for information exchange, others advocated a go-slow approach toward HIE guidelines and cautioned against going beyond existing HIPAA privacy and security rules (see: Sorting Out NwHIN Comments).

For example, the College of Health Information Management Executives, which represents CIOs, urged the federal government not to use the NwHIN governance rule to change existing HIPAA regulations.

"CHIME is very uncomfortable with the notion that the NwHIN governance mechanism and the related CTEs [conditions for trusted exchange] could become a means for imposing requirements that go beyond the HIPAA privacy and security rules," CHIME officials said. "We urge, instead, that any perceived deficiencies in the HIPAA privacy and security rules be addressed directly, through changes in those rules following the usual opportunity for public input. "If such perceived deficiencies require statutory changes, then HHS should work with the Congress to address these issues."

In contrast, two consumer advocacy groups - the Center for Democracy & Technology the National Partnership for Women and Families - argued that new privacy and security guidelines that go beyond HIPAA requirements are essential.

"It will not be possible to give providers 100 percent assurance that the other providers with whom they share patient information will not breach or misuse that data. But HIPAA likely will not provide a sufficient foundation to alleviate the concerns of providers contemplating sharing data with other providers across a network," the consumer groups contend. "Consequently, it will be critical for NwHIN privacy and security governance conditions to focus on provider concerns about data sharing across a network that can be reasonably addressed through a set of additional NwHIN governance conditions."

Fear of Hobbling HIEs

In his blog, Mostashari points out: "Our goal is to encourage the exchange activities that are gaining steam across the country and across the industry, and not to hobble them. As we are accelerating the implementation and expectations of standards-based exchange in [HITECH Act] Stage 2 Meaningful Use, this is the last thing we want."

So instead of issuing a guidance, ONC "will continue to evaluate how and what consumer protections can be appropriately applied to health information exchange through existing regulatory frameworks, and we will work with our federal partners to do that," he adds.

Follow Marianne Kolbasuk McGee on Twitter: @HealthInfoSec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE California Bolsters Breach Notification

Legislation signed into law Sept. 30 by California Governor Edmund Brown Jr., which amends the...

Latest Tweets and Mentions

ARTICLE California Bolsters Breach Notification

Legislation signed into law Sept. 30 by California Governor Edmund Brown Jr., which amends the...

The ISMG Network