A New Federal Patient Privacy AgendaBuilding a Nationwide Infrastructure Raises Critical Issues
The workgroups that advise the Office of the National Coordinator for Health IT on privacy and security issues are shifting gears as the ONC focuses on building an interoperable, nationwide health IT infrastructure.
The Privacy and Security Tiger Team, formed four years ago, had been focusing on helping ensure patient records remain private and secure as they're automated and exchanged, with the help of funding from the HITECH Act electronic health record incentive program.
That big picture focus for the renamed Privacy and Security Workgroup, which advises ONC's Health IT Policy Committee, won't change. But this fall, the workgroup will focus mainly on interoperability-related issues, such as safeguarding patient privacy as information is exchanged across different EHR platforms and among more healthcare entities.
Meanwhile, another panel, the new Transport and Security Standards Workgroup, also is preparing to tackle interoperability, as well as such key issues as data segmentation to protect the privacy of behavioral health information, managing patient consent for disclosure and tracking data provenance as related to data integrity and trustworthiness.
"Interoperability is indeed a key focus for all of the workgroups - not just the capability to exchange data, but the ability to find data, query for data, respond to queries, and exchange data that is semantically interoperable and usable for multiple purposes, for example, clinical decision support, quality measurement, outcomes improvement," says Dixie Baker, senior partner at the consulting firm Martin, Blanck. She's chair of the new Transport and Security Standards Workgroup.
As ONC's restructured advisory panels gear up to tackle their next challenges, sources tell Information Security Media Group that the Department of Health and Human Services is continuing to interview candidates to replace Joy Pritts, who left the post of ONC chief privacy officer in July. In the meantime, Kathryn Marchesini, a former adviser to Pritts, is ONC's acting chief privacy officer.
Vision for Future
With HITECH Act funding already starting to end for many programs, ONC this year has been repositioning itself with a 10-year game plan focused on building an interoperable, nationwide health IT infrastructure that supports secure exchange of patient information (see ONC's DeSalvo On Privacy, Security). Privacy and security are among the five core building blocks in that vision.
ONC leader Karen DeSalvo, M.D., on interoperability.
In an Aug. 6 blog, DeSalvo and Erica Galvez, ONC's interoperability and exchange portfolio manager, describe their goal of paving the way for secure national exchange of patient information. "Over the course of the coming months we will be drafting a document, with input from you - stakeholders who may be interested in contributing. The goal is to develop version 1.0 of a nationwide interoperability roadmap. The roadmap will be a companion to our vision paper and dive deeper on how we can collectively achieve the 3, 6, and 10 year interoperability milestones described in the paper.
"Our ultimate goal is to have a learning health system where accurate and evidence-based information helps ensure the right individual receives the right care at the right time to increase health care quality, lower health care costs and improve population health."
As part of that effort, ONC also has launched a new interoperability website where healthcare sector stakeholders can weigh in on the 10-year vision report that ONC released in June (see A Look At ONC's 10-Year Plan).
"We are asking that everyone provide their thoughts and comments by Sept. 12, 2014," DeSalvo and Galvez wrote in the blog. "That will give us time to synthesize all of the suggestions and feedback and account for as much of it as possible in the draft roadmap that will be presented to our federal advisory committees for their input and recommendations in October. We anticipate an updated version reflecting the advisory committee feedback to be posted for public comment in early 2015."
Deven McGraw, the long-time tiger team chair who will continue to lead the re-launched Privacy and Security Workgroup, says that a new co-chair and some new members will be added to the revamped group, probably by the time the panel meets in October. Former tiger team co-chair Micky Tripathi has been named to chair the new Interoperability and Health Information Exchange Workgroup.
ONC is not only moving away from having the same individuals chair or co-chair multiple advisory workgroups, the agency is also aiming to add more diversity to the panels, says McGraw, a partner at law firm Manatt, Phelps & Phillips LLP.
When the tiger team last met in June, the panel dived into discussing the legal, technology and other complex challenges involved with providing minors with access to their health information (see Navigating Access To Minors' Health Data).
Those discussions likely will be shelved temporarily while the restructured workgroup digs into privacy and security related issues that emerge from ONC's upcoming draft roadmap, McGraw says. "Interoperability will be tackled across the board by the policy committee workgroups" once the draft roadmap is presented to the advisory panels in October, she says.
New Standards Workgroup
Under ONC's recent realignment, a second workgroup that advises the office's standards committee on privacy and security issues was scrapped and replaced by the new Transport and Security Standards Workgroup. The new group will be chaired by Baker and co-chaired by Lisa Gallagher, vice president of technology solutions at the Healthcare Information and Management Systems Society.
The mission of the Transport and Security Standards Workgroup includes supporting standards for security and transport in EHR software certification criteria, including supporting alignment with the National Strategy for Trusted Identities in Cyberspace, ONC says. Examples of that include securing data at rest, security for application programming interfaces, data segmentation and digital signatures.
When the Transport and Security Standards Workgroup assembles in the fall, Baker says, it will tackle data segmentation to protect the privacy of behavioral health information; patient consent management; data provenance, and the 2017 Edition privacy and security standards and certification criteria of the HITECH Act EHR software certification program.