Friday, January 29, 2010

Safety on the Health Information Highway

Posted by Mark Brousseau

New HIE Accreditation could act as a safety signpost on the healthcare information highway. Lee Barrett, executive directory of the Electronic Healthcare Network Acceditation Commission (EHNAC) explains:

It’s almost impossible to imagine the engineers and architects behind the scenes of highway and road design and construction approaching their jobs without due concern for road-user safety. After all, building a transportation system and ensuring that its users are safe are intrinsically linked. So it is too with the Nationwide Health Information Network (NHIN). With the NHIN taking on more tangible form and function, the realities of enabling health information to be exchanged securely over the Internet take on new significance and dimension. More specifically, there are compelling concerns for the protection of patients whose records are disseminated throughout this electronic super-highway system.

The NHIN is built on a foundation of trust among all stakeholders in the system, so the major concerns relate to making sure that all stakeholders are equipped with the appropriate protocols in place, and that patient privacy, security and confidentiality are protected. There’s also the question of controlling stakeholder access to patient records and ensuring that the system is protected against breaches to the security of the Network. Without doubt, any breach of this system’s security would be nothing less than catastrophic, since a patient’s confidential records would become quickly available to a large population. Public trust is an intangible component of the NHIN, but it remains a fundamental priority for all stakeholders. If that trust is compromised, it’s difficult, if not impossible, to regain it.

The transmission of healthcare-related data among facilities, health information organizations (HIOs) and government standards, or Health Information Exchanges (HIEs), are integral components of the National Health Information Network. To meet national standards and requirements, HIE technology must enable reliable and secure transfer of data among diverse systems and also facilitate interoperability.

The fundamental definition of an HIE is that it exists to allow access to clinical data toward safer, timelier, more efficient and effective patient care. In effect, HIEs are the “on-ramps” to the NHIN, and like any transportations system, the safety of the entire system is a factor of the safety of these tributaries. With this in mind, HIE accreditation is essential to the success of the NHIN. In essence then, the safety of the HIE at the national level can only be ensured through an accreditation process.

The Electronic Healthcare Network Accreditation Commission (EHNAC), which established standard criteria for the accreditation of organizations that exchange healthcare data recognizes the broader significance of NHIN integrity and has developed a program that protects the integrity of HIEs. Designed for regional health information organizations (RHIOs), community health data/network partnerships and other groups that promote data sharing across multiple, independent stakeholders, EHNAC’s HIE accreditation program assesses the privacy policies, security measures, technical performance, business practices and organizational resources of participating entities.

In order to achieve ENHAC’s HIE accreditation, the HIE must have specific measures in place including:

... Policies for access to the exchange to ensure that those accessing the exchange are permitted users;
... Agreements to provide transparency, foster trust, and establish expectations among participants;
... Auditing and monitoring protocols to ensure that unauthorized access does not occur;
... User authentication to ensure that only the appropriate persons are accessing the exchange;
... Consumer consent policies to ensure consistent practices in obtaining consumer consent;
... Separate and distinguished databases that maintain specific information;
... Governance to oversee the activities of the HIE, and ensure that appropriate privacy and security standards are enforced;
... Private and confidential data maintenance, with appropriate measures to mitigate any potential violation or breach;
... Data is released following strict guidelines established to protect the privacy and security of the data in instances where the HIE engages in appropriate and purposeful secondary uses of data.

By having a national accreditation program for HIEs and HIO’s, stakeholders are held to high standards of accountability, efficiency, scalability and interoperability. Ultimately, this means greater assurance that patient security, privacy and confidentiality are protected and the integrity of the NHIN is preserved as the infrastructure of the electronic highway system is built.

No comments: