There Is No ‘One-Size-Fits-All’ in Building
a Nationwide Health Information Network

Dr. David Blumenthal

A Message from Dr. David Blumenthal, National Coordinator for Health Information Technology 
Emailed May 14, 2010 (and copied below)

Private and secure health information exchange enables information to follow the patient when and where it is needed for better care.  The Federal government is working to enable a wide range of innovative and complementary approaches that will allow secure and meaningful exchange within and across states, but all of our efforts must be grounded in a common foundation of standards, technical specifications, and policies.  Our efforts must also encourage trust among participants and provide assurance to consumers about the security and privacy of their information.  This foundation is the essence of the Nationwide Health Information Network (NHIN).

The NHIN is not a network per se, but rather a set of standards, services, and policies that enable the Internet to be used for the secure exchange of health information to improve health and health care.  Different providers and consumers may use the Internet in different ways and at different levels of sophistication.  To make meaningful use possible, including the necessary exchange of information, we need to meet providers where they are, and offer approaches that are both feasible for them and support the meaningful use requirements of the Centers for Medicare & Medicaid Services (CMS) Electronic Health Record Incentives Programs.  As with the Internet, it is likely that what is today considered “highly sophisticated” will become common usage.  Moreover, users may engage in simpler exchange for some purposes and more complex exchange for others.

Current NHIN exchange capabilities are the result of a broad and sustained collaboration among Federal agencies, large provider organizations, and a variety of state and regional health information organizations that all recognized a need for a high level of interoperable health information exchange that avoided “one-off” approaches.  Based on this pioneering work, a subset of these organizations is now actively exchanging information.  This smaller group currently includes the Department of Defense, Social Security Administration, Veterans Health Administration, Kaiser Permanente, and MedVirginia.  They initially came together to show, on a pilot scale, that this type of highly evolved exchange was possible.  Having succeeded, they continue to expand the level of exchange among their group and with their own respective partners in a carefully phased way to demonstrate and learn from these widening patterns of exchange. The robust exchange occurring at this level has several key attributes, including the:

1. Ability to find and access patient information among multiple providers;
2. Support for the exchange of information using common standards; and
3. Documented understanding of participants, enabling trust, such as the Data Use and Reciprocal Support Agreement (DURSA).

Not every organization and provider, however, needs or is ready for this kind of health information exchange today.  Nor do the 2011 meaningful use requirements set forth by CMS in the recent proposed rule require it. Direct, securely routed information exchange may meet the current needs of some providers for their patients and their practices, such as receiving lab results or sending an electronic prescription. 

To enable a wide variety of providers – from small practices to large hospitals – to become meaningful users of electronic health records in 2011, we need to ensure the availability of a reliable and secure “entry level” exchange option that aligns with the long-range information exchange vision we have for our nation.  Such an option should balance the need for a consistent level of interoperability and security across the exchange spectrum with the reality that not all users are at the same point on the path to comprehensive interoperability.  In an effort to provide the best customer service possible, the Office of the National Coordinator for Health IT (ONC) will consider what a complete toolkit would be for all providers who want to accomplish meaningful health information exchange.

Broadening the use of the NHIN to include a wider variety of providers and consumers who may have simpler needs for information exchange, or perhaps less technically sophisticated capabilities, is critical to bolstering health information exchange and meeting our initial meaningful use requirements.  Building on the solid foundation established through the current exchange group mentioned above and the recommendations of the HIT Policy Committee (which originated with the Committee’s NHIN Workgroup), ONC is exploring this expansion of NHIN capabilities to find solutions that will work across different technologies and exchange models. 

The newly launched NHIN Direct Project  is designed to identify the standards and services needed to create a means for direct electronic communication between providers, in support of the 2011 meaningful use requirements.  It is meant to enhance, not replace, the capabilities offered by other means of exchange.  An example of this type of exchange would be a primary care physician sending a referral and patient care summary to a specialist electronically.

We are on an aggressive timeline to define these specifications and standards and to test them within real-world settings by the end of 2010.  Timing is critical so that we may provide this resource to a broader array of participants in health information exchange as a wave of new, meaningful users prepare to qualify for incentives provided for in the HITECH Act and ultimately defined by CMS. This model for exchange will meet current provider needs within the broader health care community, complement existing NHIN exchange capabilities, and strengthen our efforts toward comprehensive interoperability across the nation.

A natural evolution in NHIN capabilities to support a variety of health information exchange needs is being reinforced by trends that are leading us toward widespread multi-point interoperability. The current movement toward consolidation in health care, coupled with health reform’s encouragement of bundled payments for coordinated care, will mean more providers need it.  Quality improvement, public health, research, and a learning health care system all require it.  Ultimately, simple exchange will be part of a package of broader functions that allows any provider, and ultimately consumers, to exchange information over the Internet, enabled by NHIN standards, services, and policies.

Your continued input will help guide us toward and maintain a direction that is in harmony with the rapid innovations in health IT today.  The NHIN Direct Project will conduct an open, transparent, and collaborative process throughout its development by using a community wiki, blogs, and open source implementation already available on the project’s website (http://nhindirect.org/ ).  I encourage you to participate through the website, via public participation at the implementation group meetings, and by deploying and testing the resulting standards and specifications.  For those of you who are participants in the current exchange group, I urge you to take every opportunity to share your experiences.  Lessons learned from the NHIN Direct Project and the exchange group will inform the evolution of the NHIN as new uses and users come forward, and as continued innovation occurs to meet the growing needs of our community.

As we head into the next stage in the development of nationwide health information exchange, we should all take a moment to reflect on how far we have come and evaluate our plans for the future.  ONC is committed to providing resources and guidance to stakeholders at all levels of exchange through HITECH programs, such as the Health IT Regional Extension Centers, the national Health IT Research Center, and the State Health Information Exchange Program.  As you assess your own needs for exchange, please take advantage of the many Federal resources available to you on the ONC website and the online resources of the programs mentioned above, as well as through the “NHIN University” education program hosted by our public-private partner, the National eHealth Collaborative .

We have done a great deal of work in the short period of time since the passage of the HITECH Act.  We at ONC appreciate your willingness to stay engaged and involved in every step of our journey, and we look forward to our continuing collaboration to improve the health and well-being of our nation.

Sincerely,
David Blumenthal, M.D., M.P.P.
National Coordinator for Health Information Technology
U.S. Department of Health & Human Services

The Office of the National Coordinator for Health Information Technology (ONC) encourages you to share this information as we work together to enhance the quality, safety and value of care and the health of all Americans through the use of electronic health records and health information technology.

HIE Trust Framework: Essential Components for Trust;
NHIN Workgroup of HIT Policy Committee
Presentation with slides were made at Health IT Policy Committee on April 21, 2010 by David Lansky, Chair of NHIN Workgroup and Farzad Mostashari of ONC. The slides have been converted to html for your viewing.
PDF Version

Discussion Topics
–Recommendations for a national-level  HIE Trust Framework
–HIE trust framework is applied to a directed push model
          –Implications of third parties supporting aspects of the HIE trust framework

NHIN Workgroup Recommendation (Feb. 2010)
Role of Government
–Establish and maintain a framework of trust, including ensuring adequate privacy and security protections to enable electronic health information exchange.
–Create structures/incentives to enable information exchange where trust or necessary standards / services do not exist.
–Limit intervention where information exchange with providers currently exists – to the extent possible.
–Create incentives to improve interoperability, privacy and security of information exchange.
–Support real-world testing and validation of the services and specifications to verify scalability on a nationwide basis.

HIE Trust Framework: Findings
–There is a need for a national-level trust framework to promote the electronic exchange of health information:
          –Provides a tool for understanding how trust may be implemented across a broad range of uses and scenarios
          –Addresses need for adequate privacy and security protections
          –Articulates the common elements required for exchange partners to have confidence in health information exchange (HIE)
                   •Recognizes that implementation of the framework will vary depending upon  various factors (e.g., exchange partners, information, purpose, etc.)
          –Supports interoperability from a policy perspective –Considers lessons learned from existing HIE activities

HIE Trust Framework: Recommendation
–Adopt an overarching trust framework at the national level to enable health information exchange that includes these essential elements:
          –Agreed Upon Business, Policy and Legal Requirements / Expectations
          –Transparent Oversight –Accountability and Enforcement
          –Identity and Authentication –Minimum Technical Requirements
–All five components needed to support trust, but individually may not be sufficient.

HIE Trust Framework: 
Essential Components for Trust
•Agreed Upon Business, Policy and Legal Requirements: All participants will abide by an agreed upon a set of rules, including compliance with applicable law, and act in a way that protects the privacy and security of the information.  
•Transparent Oversight: Oversight of the exchange activities to assure compliance. Oversight should be as transparent as possible.
•Accountability and Enforcement: Each participant must accept responsibility for its exchange activities and answer for adverse consequences.
•Validation of Exchange Partners & Identities:  All participants need to be confident they are exchanging information with whom they intend and that this is verified as part of the information exchange activities.
•Technical Requirements: All participants agree to comply with some minimum technical requirements necessary for the exchange to occur reliably and securely. 

1. Agreed Upon Business, Policy and Legal Requirements
Agreed upon and mutually understood set of expectations, obligations, policies and rules around how partners will use, protect and disclose health information in general and their exchange-related activities specifically (not necessarily top-down regulation). 
–Built upon existing applicable law, including HIPAA and  federal and state law.
–Requires participants to act in a way that protects privacy and security of the information.
–Varies depending upon context – e.g., type of exchange, parties involved (including relationship of partners), purposes for which data are exchanged (including secondary and future use), etc. 

Value as a Factor for Reinforcing Trust
Compliance with the trust framework is necessary in order to realize value of exchange 
          –Value of exchange creates incentive to participate in information sharing; –Obligation  to abide by and continue complying with trust requirements in order to continue realizing that value;
          –Knowing that one’s exchange partners see value in the exchange provides some assurance that they will continue to comply;
         –Other elements address specific aspects to promote trust.

2. Transparency and Oversight
“Oversight” is intended to mean management, maintenance, supervision, and monitoring of the trust relationship and exchange activities.

There should be as much transparency as possible in:
     –The oversight mechanisms employed to protect the information; and
     –The oversight process and results, including findings and consequences.  (Some oversight, e.g., governmental oversight, may not be entirely transparent.)

–The nature of oversight and the mechanisms used will depend upon exchange model, the parties involved, and the needs the exchange partners identify.
–Oversight will operate at multiple levels (e.g., parties to the exchange, individual subject of the information, third parties, government, etc.)
–Oversight should make that even with the trust framework and mechanisms in place, that there is no guarantee of privacy and security.

3. Enforcement and Accountability
Each exchange partner is accountable for its exchange activities and must be prepared to answer at multiple levels. For example:
         –Individual subjects of the exchanged information;
         –Other participants in the exchange; 
          –Third parties providing enabling functions; –Certifiers / accrediting bodies; –Governmental entities. 

–Methods for confirming, detecting and enforcing compliance may vary (e.g., self-certification, self-attestation, trust enabling organization, etc.)
–Specific mechanisms and business rules may vary based upon context.
–May include enforcement of penalties for failing to uphold commitments to conduct activities as a trusted exchange partner and, if appropriate, redress for those harmed by such failure. 

Common desire to avoid these consequences gives each exchange partner some comfort that all other exchange partners will uphold their commitments.

4. Identity and Authentication
–Exchange partners will not exchange information with just anyone. Each has to be confident they are exchanging information with whom they intend to exchange information and that the other partner is trustworthy.
–Each exchange partner therefore validates (and maintains an audit log of) the identity of those with whom it exchanges information.
==Validation of parties to the exchange can occur in a number of ways (e.g., using identity proofing and digital credentials to validate authorized members of a network).

5. Minimum Technical Requirements
In all exchanges, partners have to adhere to technical standards to support the privacy and security requirements of the trust framework.
–Technical requirements for the exchange could include measures designed to ensure that data received have been unaltered during transit.
–Non-compliance with technical requirements for secure transport will prevent an exchange from occurring, but may not always be visible. 

Trust Enabling Functions Applied to Directed Push of Information Scenario
Agreed upon business, policy and legal requirements
–Based upon applicable law and expectation that privacy and security of the information will be protected
–Additional policies relating to use of data by enabling organizations (e.g., metadata or data content)
–Informal social contract if EHR-to-EHR without use of a third party;
–Formal agreements may be required if there is a third party involved in supporting aspects of trust framework, such as:
     •Between a healthcare provider organization and a third party that performs or supports part of the trust framework for that provider (e.g., secure routing, identity services) or provider directory services.
     •Between a healthcare provider organization and a third party that offers other HIE services, such as secure messaging, translation, data aggregation, etc.;
     •Between healthcare provider organization and its end users.

Trust Enabling Functions – Applied to Directed Push of Information
Transparency and Oversight
–Patient and exchange partners oversee and monitor to ensure exchange occurs.  –Governmental oversight of compliance with laws (e.g., HIPAA). 
–There is a governmental role regarding the performance of identity assurance and routing functions.
–That oversight must include transparency to foster accountability of the enabling functions.
–A third party that provides trust enabling functions may also play a role in oversight.

Enforcement and Accountability
–Exchange partners are accountable to each other, patient and governmental agencies.
–Third parties that support  trust enabling functions should also be accountable.
–One consequence for failing to uphold commitments to comply with the minimum requirements and code of conduct is termination of the exchange relationship between the parties.
–Other consequences could include legal implications (e.g., if breach of formal contract), liability, redress for harm, etc.)

Identity and Authentication
–Identities of exchange partners and/or users validated by provider organization or third party identity service provider; other participants rely upon this.

Minimum Technical Requirements
–Meaningful use certification criteria (e.g., secure transport, etc.)
–The ability to look up and locate a provider’s electronic address
–The ability to securely route information to the provider’s electronic address, which could occur:
     •EHR to EHR or Lab to HER
     •EHR to PHR
     •EHR to EHR using a third party’s routing services;
     •EHR to EHR using third party services (e.g. registry services, provider directories, identity services, etc.);
     •EHR to EHR using other HIE services (e.g., HIOs, PHRs, eprescribing networks, secure messaging, EHR-specific networks, etc.)