Farzad Mostashari, National Coordinator, began the meeting by highlighting the importance of taking first steps on early health information exchange use cases. The notion of creating a standard envelope around data that identifies the patient and the sender of the data enables many transactions. Supporting privacy flags enables the recipient of the data to obtain necessary consents before viewing data and to store the data optimally to respect patient privacy preferences (such as special locked areas for mental health, substance abuse or HIV related data). Privacy flags may not be needed if the patient is the source of the data or the patient gives consent to disclose and consent to view directly to the provider at the point of care.
Stan Huff led the metadata discussion and reviewed the work that has been done to date on patient ID and provenance standards. For patient ID, we considered many options but selected a very simple XML construct based on a streamlined CDA R2 header. This XML has nothing healthcare specific such as OIDs in it. For provenance, we considered many options but selected a very simple XML construct based on a streamlined CDA R2 header and X.509 certificates for digital signature. The signature could be an institution, a department, or an individual, as needed by the use case. For Privacy we considered many options and recommended a CDA R2 Header with a simple vocabulary to indicate that sensitive data is present. The list of sensitive data types could include mental illness, substance abuse, sexually transmitted disease data, HIV data, domestic violence data etc. or it could be a simple indicator that sensitive data is present. Specifying such a vocabulary is future work.
A robust discussion followed about privacy flags. Here are important clarifications
1. During transmission, the envelope of metadata plus the payload of content is fully encrypted and so the metadata is not readable until it arrives inside the organization or to the person authorized to read it.
2. Much of the time, no privacy flags are needed because the patient will be the source of the data and will elect what to disclose to whom. Privacy flags would likely be needed when data is assembled from multiple sources and is received by a provider who needs to obtain special consent before viewing it or apply special protections before storing it.
3. A privacy flag would enable data to be automatically routed to specially protected areas of the EHR.
4. The CDA R2 header standards are used millions of times per day throughout the world but this subset of them and constrained specifications of how/when they are used should be tested before regulations require them for specific transactions.
5. The recommendation to use CDA R2 headers for metadata is the beginning of a formal ONC process to seek comment, feedback and stakeholder engagement regarding their use.
Based on all these clarifications, the HIT STandards Committee approved the use CDA R2 header for metadata as a formal recommendation to ONC as it begins the NPRM process.
Next, Dixie Baker and Walter Suarez presented Provider Directory recommendations. At last month's meeting, they suggested the use of LDAP/IHE HPD standards and received feedback that these standards were not the best fit for cross organizational/federated directory lookup. They reconsidered the possibilities and examined DNS as a means to find IP addresses and certificates, the concept of a Top-Level-Domain as a means to create a uniform, secure way to retrieve directory information about healthcare organizations (of note, ICAAN announced that such Top Level Domains will soon be very easy to create), and the use of microformats/microdata as a means of creating simple federated lookups for provider directory information that cannot be stored in DNS, such as street address and phone number. Web pages containing such data can be secured with Extended Validation certificates to provide identity verification of the entity publishing the information i.e. it really is Beth Israel Deaconess publishing the directory information about Beth Israel Deaconess. Summarizing their recommendations for provider directories:
1. DNS should be used for certificate retrieval per the Direct Specification plus web pages with microformats/microdata should be used for additional directory information. These web pages can be federated via standard search engine technology.
2. A Top level domain can be considered in the future, but there is no need to implement one now.
The HIT Standards Committee approved this recommendation as input to the S&I framework process.
Next, Doug Fridsma let a discussion of progress on "Summer Camp".
Marc Overhage presented the work on patient matching, noting that the work of the group is to specify those data elements that can be used to match patients, achieving a reasonable balance of sensitivity and specificity i.e. it's ok to occasionally not find a patient's record, but it is very bad to find the wrong record. The team is not specifying the matching algorithm such as exact match, probabilistic match, partial match (first six letters of last name), Soundex or other approaches. Their work to date suggests using patient name, gender, date of birth and numeric identifiers (such as driver's license number, payer member number, last 4 of SSN etc.). It does not preclude the possibility that new identifiers such as an opt in patient healthcare ID, a DIRECT address, or other identifier could be included in the future.
Dixe Baker presented an overview of the Nationwide Health Information Network power team effort which will create a set of building blocks encompassing all the requirements of the existing NwHIN Exchange standards and Direct standards. Their final report will be presented in September.
Steve Posnack presented the Standards and Certification Criteria codeset update that enables the latest version of SNOMED-CT, LOINC and CVX to be included in Certification testing.
George Hripcsak and Josh Seidman presented an overview of Meaningful Use Stage 2. In the next few weeks, ONC will determine what gaps need to be filled with new standards specifications.
Judy Murphy and Liz Johnson presented the Implementation Workgroup Update. They are completing data gathering and analysis of feedback on the certification process and ways in which it can be improved for stage 2.
A very productive meeting. I look forward to the July meeting and the work ahead on Meaningful Use Stage 2 standards.