Governance & Risk Management , Healthcare Information Exchange (HIE) , HIPAA/HITECH

How Final Is HHS' 'Final' 5-Year Health IT Strategic Plan?

Experts Assess HHS' Latest Patient Data Access, Secure Info Exchange Plan
How Final Is HHS' 'Final' 5-Year Health IT Strategic Plan?

Federal regulators have issued the final version of a five-year strategic health IT plan that sets goals and objectives focused around providing patients secure access to their health data. But what do experts think of the plan, and would it stick under a potential Biden administration?

See Also: OnDemand | Making the Connection Between Cybersecurity and Patient Care

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology says its final 2020-2025 Federal Health IT Strategic Plan, released on Oct. 30, was developed with input from 25 other federal organizations.

The document was also “informed” by the nearly 100 public comments received about the draft version of the plan ONC released in January, HHS says. (see: HHS Reveals Draft of 5-Year 'Strategic Health IT Plan').

As called for under the HITECH Act of 2009, HHS ONC periodically updates its federal health IT strategic plan. HHS notes that ONC issued its previous five-year federal health IT strategic plan – for 2015-2020 – in September 2015.

Strategic Road Map

The more than two dozen federal organizations that collaborated with ONC on the latest plan include the Department of Homeland Security, the Federal Trade Commission and the Department of Defense. The organizations “regulate, purchase, develop, and use health IT to help deliver care and improve patient health,” HHS notes.

The plan serves as a road map at the federal government level and “as a catalyst for activities” in the private sector, HHS notes.

“We created a plan that will promote modern health IT for all stakeholders and help to address barriers to the access, exchange, and use of electronic health information,” HHS says.

Exchange and Access of Health Information

The Federal Health IT Strategic Plan “continues the momentum created by the 21st Century Cures Act and reflects the federal government’s commitment to making patients’ electronic health information accessible on their smartphones,” said Donald Rucker, M.D., national coordinator for health IT at the Department of Health and Human Services, in a statement.

Donald Rucker, M.D., HHS national coordinator for health IT at the Department of Health and Human Services

Earlier this year, ONC and HHS’ Centers for Medicare and Medicaid Services released health IT interoperability and information blocking regulations – as called for under the 21st Century Cures Act of 2015 (see: HHS Releases Final Data Sharing Rules).

Those 21st Century Cures Act regulations aim to advance secure health information exchange among healthcare providers and different health IT platforms as well as secure access by patients to their health records, including through their mobile devices, via standardized application programming interfaces.

Building upon the 21st Century Cures Act provisions, HHS says the latest strategic health IT plan defines a set of “goals, objectives, and strategies the federal government will pursue to support the access, exchange, and use of electronic health information.”

The key principles outlined in the plan include:

  • Putting individuals first by focusing on person-centered care;
  • Focusing on value by promoting and pursuing activities that improve health and care quality;
  • Building a culture of secure access to health information;
  • Putting research into action;
  • Encouraging innovation and competition;
  • Developing health IT policies through open, transparent and accountable processes.

Subject to Change?

While the final outcome of the presidential election was still unknown on Thursday, some experts say aspects of the HHS ONC plan could potentially continue to serve as a foundation for a health IT strategy moving forward in either a Trump or Biden administration due to several key tenets, including support for patient access to their health data and secure interoperable health data exchange.

"I do think the plan will 'stick' in [a] Biden administration, because interoperability is really a bipartisan issue."
—Deven McGraw, Ciitizen

”I think the plan is very comprehensive, and I was quite pleased to see an emphasis on patient access to health information, and the goal of using all possible federal health authorities to the achievement of these goals,” says privacy attorney Deven McGraw, co-founder and chief regulatory officer of Ciitizen, a consumer health technology startup.

“I do think the plan will ’stick' in [a] Biden administration, because interoperability is really a bipartisan issue,” adds McGraw, who served as former deputy director of health information privacy at HHS’ Office for Civil Rights during the Obama administration.

Other experts, however, note that the plan lacks focus on some important details and contains regulatory gaps and other issues that need to be addressed, regardless of who occupies the White House.

”The health IT strategic plan continues to gloss over measures to provide consumers safeguards that will protect the confidentiality and security of health information that is created or shared when it is not subject to the requirements of the HIPAA standards,” says privacy attorney David Holtzman of the consultancy HITprivacy.

“Americans should not be forced to choose between giving up the privacy of their health data to take advantage of new technologies that provide freer access and control to their health information,“ he says.

“Strategic plans are meant to be modified to fit changing needs and priorities,” he added. “Who could have predicted that we would have been struck by a devastating pandemic? It would not be unusual to see adjustments made to the health IT plan as a result of changing priorities of a new presidential administration.”

Challenging Issues

Other experts note that, while some of the key objectives advocated by the latest federal health IT strategic plan make sense, actually implementing those principles in the private sector is more difficult.

“Although I certainly wholeheartedly support allowing patients the ability to more easily access and control their electronic health information, I have often noted that - practically speaking - this represents only that portion of the patient population who choose to and, more importantly, are able to control their health information in this manner,” says regulatory attorney Helen Oscislawski of the law firm Attorneys at Oscislawski LLC.

For instance, “I think the laser-focus on just pushing for patient access via apps and other technology will somewhat miss the mark with a large swath of patients who have challenging health issues, such as the elderly population, and individuals with behavioral health or substance abuse issues,” she notes.

What is needed in these cases is the ability for physicians and others directly and indirectly involved in the care for such persons to be able to exchange information freely between themselves in order to more efficiently and accurately coordinate care, she says.

In addition, barriers continue to prevent data from being shared due to outdated state laws that create legal obstacles when the health IT cannot support data segmentation when needed to work around these regulatory variations, she says.

”A push to require certified health IT to support such segmentation is at least as equally important, but I do not see the same push for this.”


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.