The Office of the National Coordinator for Health IT has released new guidelines to provide recommended policies and practices for health information service providers (HISPs), trust communities and accrediting bodies such as DirectTrust to enable providers to securely exchange patient information across geographic, organizational and vendor boundaries.
The guidelines, released May 24, were developed due to ONC's concern that HISPs were not using a "common standard" and were "creating islands of automation." ONC encourages that the guidelines be adopted and believes that voluntary adoption will help providers meet Stage 2 of the Meaningful Use program and provide care coordination.
Some of the recommended guidelines include:
- Have a contractually binding legal contract with clients who send and receive patient information, including all terms and conditions needed in a business associate agreement
- Issue Direct addresses only to organizations and /or individuals that have had their identities verified according to NIST level 3 assurance requirements
- Provide users with mechanisms to directly establish trust with another user
"The guidelines will give providers and their data trading partners confidence that Direct is being implemented in a manner that supports privacy, security and interoperability," ONC's Claudia Williams, director of the State Health Information Exchange Program, said in a Health IT Buzz blog post released the same day.
ONC opted not to proceed with regulations mandating HIE governance, and instead provide voluntary support to entities working to improve interoperability. Patients and others have expressed concern about the security of data being shared electronically.