Friday, July 20, 2012

The July HIT Standards Committee Meeting

The July HIT Standards Committee focused on a discussion of maturity and adoptability criteria for standards, a review of recent testimony regarding best practices for electronic identity authentication of providers, an update from ONC on the certification program, and a continuing discussion of the future processes needed to support the S&I Framework.

Dixie Baker presented the Initial Report on Criteria to Assess Maturity of Standards and Specifications.

A robust discussion followed noting that interpretation of readiness is contextual.  Sometimes it is reasonable for standards to include optionality.  Sometimes it is beneficial to require pre-coordination between trading partners.  Sometimes it is reasonable to encourage adoption of emerging but not widely tested standards.   The excellent framework that Dixie presented will be tested with a sample standard - the  HL7 Infobutton implementation guide for knowledge retrieval.   At our next meeting, Dixie will report  on lessons learned from this evaluation and any refinements she would suggest to the maturity/adoptability criteria.

Dixie also presented an overview of a recent hearing on trusted identification for providers.  In a world filled with malware, screen scrapers and keystroke loggers, it is important to consider the vulnerability of username and password as authentication credentials.  The Standards Committee agreed on the importance of accurately identifying and protecting endpoints in healthcare information exchange, however they noted that healthcare workflows require more complexity than just authenticating individual users.   Sometimes organizational credentials (a practice) are needed since a message is routed to a place not a person.   Sometimes delegation is needed when routing a message to the staff supporting a clinician.   We also discussed the workflow impact of two factor authentication.   Strong authentication is part of a multi-layered defense protecting privacy. Significant work will be required to develop a family of solutions supporting the requirements of healthcare.

Next, Carol Bean provided an update on the Permanent Certification program.   The existing temporary Authorized Testing and Certification Bodies (ATCBs) will be replaced by permanent certification and testing organizations.   The certification organizations are accredited by ANSI and authorized by ONC.   The testing organizations are accredited by National Voluntary Laboratory Accreditation Program (NVLAP) , a division of NIST,  and authorized by ONC.   To date, 5 organizations have been accredited as certifiers, and 5 organizations have been accredited as testers.   ONC plans to authorize these organizations in August, so the temporary program can be sunsetted soon.

Jodi Daniel provided an overview of the national progress on health IT.   110,000 clinicians have attested to meaningful use.   Numerous initiatives including BlueButton, Decision Support (HealthE Decisions) and a Cancer patient engagement program have been launched.   The trajectory is good.

Finally, Doug Fridsma presented an update on the S&I Framework projects.

We discussed the success criteria for S&I efforts to date.   We agreed that projects should be aligned with policy goals.   We noted that a formal priority setting process is important to allocate limited resources among many competing projects.  HITSC hopes to advise that process, using such tools as the maturity and adoptability criteria for standards to assess the level of effort and cost needed to close standards gaps, enabling ONC to optimize the portfolio of S&I projects.

We'll continue to the S&I discussion at the next meeting.   As the end of ARRA funding nears there is an opportunity to reconsider how best ONC, HITSC, and S&I can work together to guide the work on standards for the United States.

No comments: