On January 5, 2018, consistent with the 21st Century Cures Act’s focus on creating interoperability and correspondingly a Trusted Exchange, the Office of the National Coordinator for Health Information Technology (“ONC”) released its “Draft Trusted Exchange Framework” (“Draft Framework”). The Draft Framework is intended to streamline the exchange of Electronic Health Information (“EHI”) so that both health care providers and patients have better access to health information, thus improving communication and quality health care. EHI includes information beyond protected health information, such as health information from other consumer driven devices. ONC has asked for public comments; the comment period is open until February 18, 2018.
ONC’s Draft Framework develops a mechanism to connect Health Integrated Networks (“Qualified HINs”) across the country. The ONC intends to select a single Recognized Coordinating Entity (“RCE”) through a competitive bidding process, which will be open in the spring of 2018. The RCE’s responsibilities will be to develop the Common Agreement and operationalize the Trusted Exchange. The Draft Framework includes the Principles of a Trusted Exchange (Part A) and the minimum terms and conditions that will be required for a Trusted Exchange (Part B) (the contractual terms that operationalize the principles of Part A).
The Draft Framework sets a number of conditions on Qualified HINs, some of which may require more direct interaction with patients than currently exists, or may require the Qualified HIN to disclose information that might otherwise be considered proprietary to the Qualified HIN. The biggest takeaways from the Principles (Part A) are:
- Qualified HINs will be expected to use standards adopted or recognized by ONC’s Health IT Certification Program and Interoperability Standards Advisory (“ISA”) or industry standards readily available to all stakeholders;
- Participants of Qualified HINs that provide services and functionality to providers are expected to follow the 2015 Edition Health IT Certification Criteria, 2015 Edition Base Electronic Health Record (EHR) Definition, and ONC Health IT Certification Program Modification final rule (“2015 Edition final rule”), and associated guidance for the certification of health IT; and
- Qualified HINs and participants will be expected to implement processes that encourage more “person-centered” care;
- Qualified HINs will be required to operate openly and transparently by:
- Making terms and conditions for participation publicly available;
- Supporting permitted uses and disclosures of EHI. Qualified HINs that only support HIPAA Treatment purpose exchanges, may want to support additional permitted purposes;
- Making their privacy practices publicly available;
- Qualified HINs must cooperate with and not discriminate among the various stakeholders across the continuum of care by not implementing policies, procedures, technology or fees that will obstruct access and exchange of EHI between other Qualified HINs, participants, and end users;
- Qualified HINs must exchange EHI securely and in a manner that preserves data integrity by:
- Including appropriate information to ensure the correct matching of individuals to their EHI; and
- Ensuring providers and other organizations are confident that appropriate consents and authorizations have been captured;
- Qualified HINs must ensure that individuals have easy access to their information by:
- Ensuring full and consistent access to information; and
- Having policies in place to allow an individual to withdraw or revoke his or her participation in the Qualified HIN; and
- Qualified HINs will be expected to support the ability for participants to pull and push population level records—bulk transfer—in a single transaction rather than transmit one record at a time.
The Draft Framework is ONC’s most significant push toward interoperability among electronic health care systems and most likely will affect all stakeholders in the health IT industry and their participants at some point.
- General Counsel / Chief Privacy Officer