After months of working with stakeholders to develop conditions for trust exchange, the Office of the National Coordinator for Health Information Technology (ONC) has finally released its framework for governing for trusted health information exchange, the Governance Framework for Trusted Electronic Health Information Exchange. Writing on Health IT Buzz, the National Coordinator Farzad Mostashari, MD, ScM, characterizes governance framework as a “living document” that will evolve over time to fit the needs of the HIE community by providing guidance for governance models.
“The Governance Framework reflects what matters most to ONC when it comes to national health information exchange governance and the principles in which ONC believes,” writes the National Coordinator.” We’ve published this framework to provide a common foundation for all types of governance models. Entities that set health information exchange policy should look to the Governance Framework’s principles as a way to align their work with national priorities.”
The development of a governance framework is the direct result of the ONC’s decision to avoid further rulemaking and adopt an approach that is less restrictive, more agile, and better able to keep pace with developments in health IT.
The governance framework comprises four principles: organization, trust, business, and technical. Noteworthy for the protection of protected health information (PHI) is the second category of principles aimed at ensuring patient participation in HIE. “Trust is a prerequisite for electronic HIE and starts with patients. Without trust, the ultimate success of an electronic HIE initiative could be jeopardized,” state the authors of the governance framework.
In particular, the ONC has enumerated six components that should comprise an organization’s HIE policy and enable patients to:
• access a “Notice of Data Practices” that explains the purpose(s) for which personally identifiable information (PII) and de-identified data, consistent with applicable laws, would or could be electronically exchanged;
• receive a simple explanation of the privacy and security policies and practices in place to protect safeguard electronically exchange patient PII as well as who is permitted to access and use electronic HIE services;
• be provided with meaningful choice as to whether their PII can be electronically exchanged as consistent with applicable laws (i.e., patient consent);
• request data exchange limits based on data type or source (e.g., substance abuse treatment) as consistent with applicable laws;
• access and request corrections to their personally identifiable information electronically as consistent with applicable laws;
• be assured that their PII is consistently and accurately matched when electronically exchanged (i.e., patient matching).
As has been the ONC’s stance since last September, the agency will continue to work with stakeholders to revise as necessary.