Tuesday, March 9, 2010
The HIT Standards Committee Comments on the IFR
On Friday, the HIT Standards Committee submitted its comments on the Interim Final Rule to ONC. Below is a summary of the documents we submitted, which will soon be posted on the publicly available comments site.
1. Recognizing that standards evolve and regulations are hard to change, we recommended that the IFR specify broad families of standards, stating the major version of each standard, accompanied by a detailed implementation guide that serves as a floor. For example HL7 Version 2 should be used for laboratory result reporting and the HL7 2.5.1 Implementation Guide is the recommended floor. HL7 2.5.1 will evolve, which is fine, since any new implementation guidance will still be in the HL7 Version 2 family, although it could be HL7 2.6, 2.7 etc. Such an approach futureproofs the regulation. Here are the families of standards we recommended
Patient Summary - HL7 Version 3 Clinical Document Architecture (of which CCD is one example) and the ASTM E2369 CCR
Medications - NCPDP Script
Administrative Transactions - X12 4010 and 5010
Quality Reporting - XML
Population Health including labs, biosurveillance and immunizations - HL7 Version 2
2. The implementation guides we recommended as floors are
Patient Summary - HITSP C32 2.5
Medications - NCPDP 8.1 and 10.6 (realizing that 10.6 is the emerging standard but 8.1 is the Medicare Part D requirement)
Administrative Transactions - CAQH Core 1 Operating rules applied to 4010 and to 5010 as that guidance becomes available
Quality Reporting - PQRI XML 2008 Registry
Public Health Labs
HL7 US Realm Interoperability Specification - Lab Result Message to EHR ORU^R01, HL7 Version 2.5.1, July 2007
HL7 2.5.1 Laboratory Result Reporting to Public Health (Release 1)
Public Health Surveillance
Public Health Information Network HL7 Version 2.5 Message structure specifications for national condition reporting, Final Version 1.0, August 18. 2007, CDC
Message Structure Specification v 1.0 Errate and Clarification 05/23/2008, CDC
Public Health Immunizations
Implementation Guide for Immunization Data Transactions using Version 2.3.1 of the HL7 Standard Protocol (published 6/2006), CDC
3. We also recommended several vocabulary starter sets and mappings to accelerate adoption of controlled terminologies (examples are the NLM SNOMED-CT Core problem set subset, RxNorm, and the LOINC most frequently ordered subset). We also recommended that cross maps be made generally available such as
SNOMED CT to ICD9/10 mapping
SNOMED CT to CPT4/HCPCS mapping
SNOMED CT to LOINC mapping
4. We recommended that Vital Signs be encoded in SNOMED or LOINC
5. We asked for clarification that the scope of required standards is limited to external exchanges between organizations.
1. We recommended that 2011 include a controlled vocabulary for medication allergies at the drug level as is needed for drug/allergy interaction checking and reporting. UNII (part of Stage II recommendations) is at the ingredient level, which is more than is needed for 2011 quality measure reporting.
2. We recommended that 2011 include a controlled vocabulary for Vital Signs - SNOMED and LOINC with LOINC preferred. Vital signs are needed in 2011 for hypertension control and body mass index reporting.
3. We recommended that 2011 include standardized Units of Measure - UCUM. Standardized units are required to calculate measures that use lab results, medication dosages, and vital signs.
4. We noted that CCR is a fine patient summary standard, but for other uses such as reporting the actors/actions/events in clinical workflow needed for quality measurement, CCD is preferred over CCR.
5. We noted that changing from paper-based attestation to PQRI XML to a CDA-based reporting standard - 3 changes in 3 years - would be burdensome. We recommended that instead professionals and hospitals follow existing CMS requirements at the time of reporting. For example, hospitals currently have well specified requirements and supporting processes for reporting to the CMS Hospital Compare website.
Privacy and Security
1. Recognizing that EHRs and EHR Modules may be used to achieve meaningful use, we recommended that an organization consider the security implications of using a collection of modules. Some modules may not involve data exchange and thus do not need certain security features such as encryption. Others may need to comply with the same data exchange protections as a complete EHR. Using the same terminology embraced by HIPAA, was suggested that security of EHR Modules should be "addressable" - analyzed and secured appropriately by the implementing organization.
2. The IFR preamble contains lists of example standards. We considered including these examples in the regulation itself but ultimately recommended that they not be specified, since security standards evolve rapidly. Instead we recommended that a list of acceptable technology standards be included in the certification process.
3. The IFR requires providers to implement online access to records for their patients. We felt that the definition of "online" was ambiguous. We recommended that as a floor, the provider should make an electronic copy available to the patient such as via a simple download.
4. There are two popular forms of encryption - Symmetric and Asymmetric (public key). We recommended that both be acceptable and that AES be required when using Symmetric key approaches.
5. I frequently blog about the need for standardized, simple approaches to data transmission. Tomorrow's blog will be about the exciting NHIN Direct effort to accelerate this work. The IFR provides very vague transmission standards guidance - REST and SOAP. There are really two choices - no guidance or very specific guidance. Vague guidance is not helpful. We recommended that the provision listing REST and SOAP without additional detail be removed.
6. We noted that Accounting of Disclosures is a 2015 Meaningful Use criterion yet ARRA requires accounting for disclosure in 2009 (or the date of acquisition) for entities which acquire EHRs after January 1, 2009. We recommend a joint meeting of the Policy and Standards Committee Workgroups on Privacy and Security to align the ARRA, Meaningful Use, and Standards timelines. We also recommended that the Office of Civil Rights consider the ASTM E2147 standard as a simple list of required data elements for audit and disclosure.
The comment period closes in one week and I look forward to the next revision of the Interim Final Rule as it evolves into regulation guiding all our interoperability efforts.
Posted by John Halamka at 3:00 AM