Policymakers and software developers are all tackling the development of the National Health Information Network (NHIN) at various points, and finding common ground seems to be the biggest challenge.
While the NHIN concept has been around for several years, only this year have organizations begun attempts to transfer patient information through it to various federal agencies. The NHIN is not an entity itself; instead, the federal government describes it as “a collection of standards, protocols, legal agreements, specifications and services that enables the secure exchange of health information over the Internet.”
Even those standards and protocols are subject to change, however, as the Office of the National Coordinator for Health Information Technology (ONC) continues to fine-tune the agreement and infrastructure that govern the network. The Health IT Policy Committee’s NHIN workgroup is charged with developing the trust document — known as the Data Use and Reciprocal Support Agreement — that allows for information sharing, as well as privacy and security standards.
As privacy and security are scrutinized from that policy level, a 2-month-old parallel project known as NHIN Direct is focused on connecting providers, patients and other stakeholders on a smaller scale. During a recent meeting of the policy committee’s NHIN workgroup, it became clear that there still are myriad ideas about how to align its broad policy work with the more narrowly focused efforts of NHIN Direct. Indeed, last month Latanya Sweeney, a member of the policy committee and director of the Data Privacy Lab at Carnegie Mellon University, testified before Congress that neither the NHIN nor the NHIN Direct project would safeguard personal information sufficiently.
Such issues as authenticating the identities of patients and deciding who should be able to access information are a part of a set of basic assumptions that several workgroup members questioned. The group is organizing its thoughts and recommendations in a letter to the ONC.
Wes Rishel, a member of the NHIN workgroup and a vice president in Gartner’s health care provider research practice, developed the concept for NHIN Direct in hopes of allowing smaller physician practices to implement health IT more quickly. He said he is unperturbed by the level of discourse over the direction of a national network. Consensus building “doesn’t happen all at once.”
As the workgroup drills down into the broader policy ideas’ details, opinions about how to approach them are becoming more varied, Rishel said. With the more detailed approach the NHIN Direct project is taking to solving electronic messaging, patient identification and provider transfer of information, policymakers will have more questions.
“It’s a process of mutual discovery,” Rishel said. “I feel reasonably assured” that both NHIN Direct and the NHIN workgroup will find policy overlaps and language similarities in their frameworks.
One of the areas Rishel plans to work on is to have the federal agencies concerned with health IT privacy and security interact more, to ensure all the stakeholders are aligned, he said. In addition, NHIN Direct will continue to compare the issues identified through user stories with the NHIN issues that arise through the policy committee’s work.