ONC must go slow on NwHIN governance


The healthcare and health IT associations that recently slammed the Office of the National Coordinator for IT's plan to devise a governance structure and rules of the road for the Nationwide Health Information Network (NwHIN) have a point: It does look like the heavy hand of federal regulation coming down on a sector that's still trying to find its footing.

Moreover, the stakeholders should be better represented in this initiative than they would be under ONC's plan. Because health information exchange (HIE) is so important to healthcare providers, both public and private entities should have a lot of input into the governance mechanism and the specifications for data exchange.

The Certification Commission for Health IT (CCHIT), the eHealth Initiative (eHI), and the HIMSS Electronic Health Record Association (EHRA) would all like to see some kind of public-private consortium decide how the NwHIN should be run. That approach has worked well in some areas: for example, ONC collaborated effectively with the private sector on the Direct Project; the Health IT Policy Committee and the Health IT Standards Committee have advised ONC ably on issues related to Meaningful Use and the certification of electronic health records, respectively; and the government successfully tapped the expertise of health IT firms to apply the VA's Blue Button personal health record in the private sector.

Of these initiatives, however, only the Direct Project was related to health information exchange on an operational level. And, while the Direct Project solved the technical problem of moving clinical data securely online, it did not specify how providers should establish conditions of trust, or what networks they should use to send the data. That essentially was left to a number of entities, including HIEs, that have established their own authentication methods and health ISPs. There's nothing wrong with that, but eventually, these approaches need to be standardized--either by the government or by some public-private entity.

In the privacy area, similarly, various healthcare systems and states have adopted policies and passed laws, respectively, requiring that patients either opt in or opt out of permission to have providers exchange their personal health information. There are strong arguments on both sides, and as John Halamka, CIO of Beth Israel Deaconess Medical Center in Boston, recently told me, we'll learn a lot from the different approaches as they're being used. Eventually, though, the best method of protecting patient privacy will become apparent, and that should be the one that's applied nationally.

In the meantime, ONC would be wise to take it slow. While it is statutorily required to create a governance structure for the NwHIN, and the NwHIN Exchange is going to be spun off as a private-public unit in the fall, there is no need to move yet on the governance of the entire network, now and in the future. Such a structure would affect only those HIEs that plan to join the NwHIN. But sooner or later, most will, and onerous requirements imposed now would, as eHI argues, have a dampening effect on the development of a fragile sector.

Finally, eHI notes that "the barriers to information exchange are not addressed by the framework presented" in ONC's request for information. This strikes at the heart of ONC's proposal, which claims to be providing stakeholders with the consistent rules of the road that they need to make progress on information exchange.

Even if those standards existed--and even if they were easier to meet than the ones ONC is suggesting--the central problems of HIEs would not go away. Until health information exchanges have a sustainable business model, no amount of standardization will make them spring up everywhere. - Ken

Suggested Articles

Welcome to this week's Chutes & Ladders, our roundup of hirings, firings and retirings throughout the industry.

Women and family health startup Maven landed $45 million in series C funding with some high-profile backers.

Over 41 million patient records were breached in 2019 as the healthcare industry faces new hacking techniques and threats.