Tuesday, June 17, 2014

The June HIT Standards Committee

The June HIT Standards Committee focused on an update and evaluation of the standards and interoperability framework initiatives, consistent with the overall theme of ONC’s recent reorganization and strategic plan to focus on fewer goals with a greater depth.   Steve Posnack, who now leads the ONC Office of Standards and Technology, introduced the topic.   Mera Choi and John Feikema provided an overall update.    Evelyn Gallego, Jonathan Coleman, and Marc Hadley described their projects.

It was truly an amazing discussion.    The energy in the room was palpable.

Common themes included
*Embrace FHIR, JSON, REST and OAuth
*Avoid a different standard for every use case - research, clinical care, and population health should use the same standards if the standards are suitable for purpose
*Limit scope as needed to get real transactions in production
*Use emerging technologies whenever possible - use "early automobiles" not faster horses or fancier buggy whips
*Keep it simple (as simple as possible but no simpler)
*Support modularity and an innovative ecosystem of third party apps with Application Programming Interfaces (read/write) in EHRs
*Data provenance (who generated the data) and data integrity/quality are important
*Integration of transactions into sender and receiver workflow must be considered
*Market forces are even more powerful incentives than certification/regulation
*A trust fabric with appropriate security to respect patient privacy preferences is foundational

With these themes in mind, every member of the committee was asked to name the most important standards and interoperability framework priority.

Everyone agreed that data provenance/integrity and support for query-based exchange via APIs were the topics we should work on.

The entire committee came to a conclusion, representing independent opinions from a multi-stakeholder perspective, that aligned perfectly with ONC’s 10 year vision.   Per the recent ONC whitepaper, the goals of the next 3 years should be

*provider and patient ability to send, receive, query, and use data
*data provenance/quality and patient matching
*privacy and trust

At our next meeting we’ll drill deeper into a refinement of the standards and interoperability framework by asking what we are missing in the existing initiatives that is foundational to the ONC 10 year vision.   Although Meaningful Use is important, we need to think about standards beyond the confines of the next stage of Meaningful Use.

After the framework discussion, Dixie Baker and Lisa Gallagher provided an update on the Privacy and Security Workgroup’s evaluation of the 2015 Certification Notice of Proposed Rulemaking.   They recommended edits to 5 areas, which were approved by consensus:

Two-Factor Authentication - ONC should use a risk based framework aligned with DEA controlled substance e-prescribing without generally requiring two-factor authentication capability.

Accounting of Disclosures - given that the concept of a "Complete EHR" has been replaced with a series of selectable criteria, there no longer needs to be a statement that accounting of disclosures is optional.

Audit clarification within the context of ASTM E2147 -  The PSWG believes it is feasible to certify EHR compliance with the  ASTM E2147 audit log standard, and does not recommend ONC specify other actions in an updated standard for the 2017 Edition, or that ONC consider any additional standards.

Server authentication - A mechanism should exist for computer to computer data transfers as part of a trust fabric.

Automatic time-outs -  A timeout should restrict access to protected health information and ONC does not need to be prescriptive about how this happens.

A great meeting!


1 comment:

Medical Quack said...

If you want to take a look at a query based API, here's one for you and it's not bad and the CEO/designer is a full on engineer who was the product manager from BEA from years ago which was sold to Oracle and became the WebLogic Server as it was formerly known as Aqualogic and prior to that many years at Borland, there's a name from the past:)

It also gives a nice common user interface at both ends and actually someone at the DOD wanted to take a serious look at that could be a viable solution for theirs with the VA. There's a connection here too for the patient.

This is the 2nd time I have written about it and you can get the API and it's written in open source and uses a Clarity Server in the cloud and all the security is already built in with Semantics and it works on mobile units, Iphones and Ipads.

http://ducknetweb.blogspot.com/2014/06/zoeticx-patient-clarity-server-hie-for.html

I only got to know them due to the fact that after my first blog they contacted me saying I was the only one who understood what was going on as others had written about it as well:) Again, sustainable as there's no data warehousing going on here. It can sit on top of any EHR/EMR and legacy is no problem at all either. Just thought I would pass this along.

I believe the Epic and Allscripts API have been written for it already but he can't do one for everybody:) Interface is great.