Federal advisory panel approves privacy and security recommendations
In a meeting held Friday, the HIT Policy Committee approved recommendations by the Privacy and Security Tiger Team that would establish health information exchange credentials and help to protect personal health information.
The 15-member panel of experts comprising the Tiger Team was formed in early June by the Office of the National Coordinator for Health Information Technology (ONC), and was assigned the task of addressing urgent privacy and security issues. Members of the Tiger Team include HIT Policy Committee members, HIT Standards Committee members, as well as members of the National Committee on Vital and Health Statistics.
The HIT Policy Committee unanimously approved the Tiger Team's recommendations to establish digital exchange credentials that include verifying a provider's identity and allowing providers to delegate the verification process to authorized credentialing service providers.
The panel also approved recommendations that would provide physicians, hospitals and the public with some reassurance that credentialing is being delegated to a trustworthy organization.
According to the recommendations, ONC would have a role in establishing and enforcing clear requirements and policies about the credentialing process, which must include a requirement to validate the identity of the organization or individual requesting a credential.
State governments can, at their option, also provide additional rules for these authorized credentialing service providers, according to the recommendations.
The team also advised that clear policies are needed to limit retention of personal health information (PHI) and restrict its use and re-use. Intermediaries who collect and retain audit trails of messages that include unencrypted PHI should also be subject to policy constraints, the group said.
According to Paul Egerman, co-chair of the Tiger Team, the group will hold a consumer choice technology hearing on June 29 to address issues that include consumer consent, sensitive data and interstate exchange. The team will report on the hearing to the HIT Policy Committee on July 21 and deliver a final report on August 19.
National Coordinator for Health Information Technology David Blumenthal was pleased the HIT Policy Committee approved the Tiger Team's privacy recommendations but said, "this is somewhat child's play compared to what is going to come down. "
He said the HIT Policy Committee will probably struggle with consensus on privacy issues, "because people feel so passionately about them. "
"ONC will have to make some decisions," he told the Tiger Team members. "I don't know if you will feel comfortable giving us advice. Keep in mind the time urgency we face."
Blumenthal and other ONC leaders are concerned about how little time states have to build provider and public trust in health information exchange. "There is a history of individual states getting to an agreement on these issues," Blumenthal said. "It usually takes some time; more than we have. We would like you to stay with us, but we'll do what we have to do, in any case."
In March, the Department of Health and Human Services awarded $162 million for state-federal health information exchange cooperative agreements. The funding was awarded to 16 states – or their designated entities, such as state health departments.
The money is part of $2 billion allotted under the American Recovery and Reinvestment Act to advance healthcare IT adoption, and follows the Feb. 12 release of $385 million to 40 states or their designated entities for health information exchange.