ONC Releases Governance Framework for Trusted HIE

After backtracking on developing "Rules of the Road" for trusted electronic health information exchange (HIE) last year, ONC has released its promised Governance Framework for HIE after months of collaboration with stakeholders. Crafted through public listening sessions, hearings, partnerships and the NHIE Governance Forum, the Governance Framework,

Reflects what matters most to ONC when it comes to national health information exchange governance and the principles in which ONC believes,

stated Dr. Mostashari last Friday in his Health IT Buzz Blog. Short and sweet, the Governance Framework provides guidelines for the governance of HIE.

The Governance Framework sets forth four sets of principles for HIE which are specifically geared towards HIOs and other entities that set HIE policy such as state agencies and partnerships:

  • Organizational principles, focusing on transparency and openness, inclusiveness, oversight and enforcement;
  • Trust principles, focusing on meaningful choice to participate in HIE and to limit types of data exchange, transparency in privacy and security practices, and the accuracy of information;
  • Business principles, providing open access and standards to promote collaboration; and
  • Technical principles, ensuring technology can accomodate exchange through the use of standards and implementation specifications, testing and collaboration with voluntary consensus standards organizations. 

Of particular interest is the recommendation that HIOs provide a "Notice of Data Practices" entirely separate from the Notice of Privacy Practices each participating organization in an HIO would provide to its patients describing HIE activities. The Notice would describe not only uses and disclosures of identifiable information, but de-identified information as well

Furthermore, organizational principles would include,

[P]romot[ing] inclusive participation and adequate stakeholder representation (especially among patients and patient advocates) in the development of policies and practices.

Another recommendation would prompt HIOs to maintain and publish statistics on their exchange capacity, including number of users and patients, type of standards implemented and transaction volume, as well as to disseminate "up-to-date" information on compliance with statutes and regulations, best practices and even potential security vulnerabilities.

Is the Governance Framework helpful to HIOs? Maybe. It does NOT

Prescribe specific solutions but lays out milestones and outcomes that ONC expects for and from HIE governance entities as they enable electronic HIE.

It is a far cry from guidance for the every day problems HIOs are faced with as expressed by numerous stakeholders to ONC, such as sharing data across state lines, sustainability, variations in standards between providers and HIOs, and differences in policies governing who may access patient data (i.e., clinicians only vs. administrative and other personnel).

It does, however, provide at least a "common founation" for HIOs to build their organizational structure and policies upon. And it's better than a set of regulations and rules for HIE and HIOs that no one is ready for.  

To read the full Governance Framework and for additional information on ONC's HIE activities, visit ONC's HIE Governance website.