Tuesday, July 13, 2010

An Analysis of the Final Standards Rule

At 10am today, the final Standards Rule was released as described on my previous blog. Here are additional details for stakeholders who want a technical analysis.

ONC received many comments on the balance between specificity (which can make certification and implementation easier) and generality (which can enable more rapid innovation). The Final Standards Rule achieves an optimal balance by providing very specific implementation guidance for mature standards and leaving flexibility for those still in evolution or without significant industry deployment

Content Standards
Patient Summary Record
Standard - HL7 Clinical Document Architecture (CDA) Release 2, Continuity of Care Document (CCD)
Implementation specifications - The Healthcare Information Technology Standards Panel (HITSP) Summary Documents Using HL7 CCD Component HITSP/C32

OR

Standard - ASTM E2369 Standard Specification for Continuity of Care Record and Adjunct to ASTM E2369

Electronic Prescribing
Standard - The National Council for the Prescription Drug
Programs (NCPDP) Prescriber/Pharmacist Interface SCRIPT standard, Implementation Guide Version 8, Release 1 (Version 8.1) October 2005

OR

Standard - NCPDP SCRIPT Standard, Implementation Guide, Version 10.6

Electronic Submission of Lab Results to Public Agencies
Standard - HL7 2.5.1
Implementation specifications - HL7 Version 2.5.1 Implementation Guide: Electronic Laboratory Reporting to Public Health, Release 1

Electronic submission to public health agencies for surveillance or reporting
Standard - HL7 2.3.1

OR

Standard - HL7 2.5.1
Implementation specifications - Public Health Information Network HL7 Version 2.5 Message Structure Specification for National Condition Reporting Final Version 1.0 and Errata and Clarifications National Notification Message Structural Specification

Electronic submission to immunization registries
Standard - HL7 2.3.1
Implementation specifications - Implementation Guide for Immunization Data Transactions using Version 2.3.1 of the Health Level Seven (HL7) Standard Protocol Implementation Guide Version 2.2

OR

Standard - HL7 2.5.1
Implementation specifications - HL7 2.5.1 Implementation Guide for Immunization Messaging Release 1.0

Quality Reporting
Standard - The CMS Physician Quality Reporting Initiative (PQRI) 2009 Registry XML Specification
Implementation specifications - Physician Quality Reporting Initiative Measure Specifications Manual for Claims and Registry

Vocabulary Standards
Problem List
Standard - The code set specified at 45 CFR 162.1002(a)(1) for the indicated conditions (i.e. ICD9-CM)

OR

Standard - International Health Terminology Standards Development Organization (IHTSDO) Systematized Nomenclature of Medicine Clinical Terms (SNOMED CT®) July 2009 version

Procedures
Standard - The code set specified at 45 CFR 162.1002(a)(2). (2) Standard. The code set specified at 45 CFR 162.1002(a)(5) (i.e. CPT-4)

Laboratory test results
Standard - Logical Observation Identifiers Names and Codes (LOINC®) version 2.27

Medications
Any source vocabulary that is included in RxNorm, a standardized nomenclature for clinical drugs produced by the United States National Library of Medicine.

Immunizations
Standard - HL7 Standard Code Set CVX - Vaccines Administered, July 30, 2009 version

Race and Ethnicity
Standard - The Office of Management and Budget Standards for Maintaining, Collecting, and Presenting Federal Data on Race and Ethnicity, Statistical Policy Directory No. 15, October 30, 1997

Privacy and Security (includes transport standards)
Encryption and decryption of electronic health information
In general - Any encryption algorithm identified by the National Institute of Standards and Technology (NIST) as an approved security function in Annex A of the Federal Information Processing Standards (FIPS) Publication 140-2
For data exchange - Any encrypted and integrity protected link

Record actions related to electronic health information
The date, time, patient identification, and user identification must be recorded when electronic health information is created, modified, accessed, or deleted; and an indication of which action(s) occurred and by whom must also be recorded

Verification that electronic health information has not been altered in transit
Standard - A hashing algorithm with a security strength equal to or greater than SHA-1 (Secure Hash Algorithm (SHA-1) as specified by the National Institute of Standards and Technology (NIST) in FIPS PUB 180-3 (October, 2008)) must be used to verify that electronic health information has not been altered.

Record treatment, payment, and health care operations disclosures
The date, time, patient identification, user identification, and a description of the disclosure must be recorded for disclosures for treatment, payment, and health care operations, as these terms are defined at 45 CFR 164.501

Of note, REST and SOAP were removed as specified transport standards, enabling flexibility for secure transmission as long as data are encrypted and integrity assured. This will enable innovation such as we've seen with the NHIN Direct Project and several State HIE Efforts.

I'm quite pleased with the balance achieved by ONC. The major recommendations of the Federal Advisory Committees have all been incorporated, enabling the industry to move forward with enhanced interoperability in a way that is technologically achievable today.

6 comments:

John Phelan said...

thanks, John. As always, your leadership and service to this country remains exemplary.

Peter W said...

Great work John. I wondered if it's wise to chose between ICD9 and SNOMED? Don't we need to support both, because they are for different use/perspectives?

John Halamka said...

To clarify, when the rule offers an "OR", it really is an "AND". Both ICD9 and SNOMED-CT can be used as needed for problem list description.

Mike said...

The CCD constrains the problem list to a subset of SNOMED-CT. How are you suppose to create a CCD when ICD-9’s are used for the problem list? Am I the only one who thinks this is a problem?

Teresa said...

Mike: Yep this is a problem. Anybody using ICD in the CCD?
You are not alone.....

Graham said...

The PQRI certification test http://xw2k.nist.gov/healthcare/docs/170.304.j_CalcSubmitClinQualityMeasures_v1.1.pdf requires the reporting of PQRI numbers, but for some there are only NQF numbers. What to do? And is it assumed that reporting is to be done only on Medicare patients? This is not stated either in the XML specifications or above test.