EHR Vendors Comment on NwHIN Governance Model

The federal government needs to take a step back as it seeks to establish a governance model for the emerging nationwide health information network, according to the HIMSS Electronic Health Record Association.

The 41-vendor group recently sent a comment letter to the Office of the National Coordinator in response to a request for information published in May. The RFI sought comment in five categories, including a set of conditions for trusted exchange of data, or “rules of the road.”

Vendors believe the RFI put too much emphasis on proposing individual conditions for trusted exchange, called CTEs. “We suggest, rather, that the initial focus should be on the governance model itself--how to establish and sunset CTEs, validation and enforcement, etc.--rather than the initial set of CTEs and their maintenance, which are more appropriately the output of a government framework, not the framework itself.”

Other EHR Vendor Association recommendations include:

* Establishing a public-private governing entity to address processes needed to establish CTEs, conduct pilot programs and adjust the programs for practical deployment. “Although we have great respect for their work, we do not believe that the Federal Advisory Committees and ONC regulatory processes are the most appropriate approach to NwHIN governance and therefore propose creation of a public /private governing entity.”

* Creating a more flexible approach to CTEs as the approach in the RFI is rigid and not reflective of the types of interoperability that need to be supported.

* Developing a more clear definition of a “network validated entity.” The request for information “does not appear to include the parties among whom the NVE is facilitating information exchange.”

* Addressing broader use cases beyond the stated plan to issue the first set of regulations only for directed exchange between a known sender and known receiver. A parallel approach that includes directed and query exchange should be used.

* Eliminating privacy and security criteria for some CTEs that go beyond HIPAA requirements. “It is not clear that these additional requirements are actually needed.”

The complete comment letter is available here.

For reprint and licensing requests for this article, click here.