Officials from the Office of the National Coordinator for Health Information Technology held their final listening session Thursday to engage stakeholders on a new framework for exchanging electronic health records.
Genevieve Morris, principal deputy national coordinator for health IT, said at ONC’s annual meeting that the draft version of the Trusted Exchange Framework and Common Agreement is expected to debut in December, providing a path to share electronic health records across networks.
“We want to make sure we understand your concerns and your challenges and that we’re [meeting] them appropriately,” Morris said.
The office held to other listening sessions earlier in the year and has been fielding public comments on how the framework should account for myriad health care sector concerns.
ONC is charged with developing the TEFCA as part of Section 4003 of the 21st Century Cures Act, which became law in December 2016 and aims, in part, to streamline the interoperability and information sharing of electronic health records.
The law calls for ONC and the National Institute of Standards and Technology to collaborate on a set of policies to establish a trusted and voluntary framework capable of sharing health information across networks while still protecting proprietary information.
“When you talk to health care organizations, there’s just this massive amount of agreements that go on right now, these one-off agreements that they have to do with everyone they want to exchange with,” Morris said. “And that just adds a cost and time component to our system that it really can’t afford. So the Trusted Exchange Framework and Common Agreement is meant to really overcome the barriers of having all of those multiple agreements.”
Officials said ONC plans to release the draft framework this month, followed by a 45-day public comment period and the debut of the final TEFCA in late 2018. But so far, stakeholders have addressed concerns around ensuring standardization and cooperation across networks.
“Folks asked us to focus on some of the critical areas of inconsistency across the networks,” Morris said. “I think the easy example I normally get is things like identity-proofing and authentication requirements, high areas of variation on what folks require. So those are really easy areas that I think we can be helpful on setting some policies around.”
Officials declined to provide specifics on which policies were included in the TEFCA, but they did say that they are working to craft standards that marry flexibility for the adoption of new technologies like blockchain with strong security and privacy models.
“We’re very mindful of new technology. The standards don’t preclude that,” said Don Rucker, national coordinator for health IT. “I think there is a broader issue that as we look at privacy and security, ultimately hackers and people with bad intent are going to look at targets of opportunity globally.
“We want to adopt the best security and privacy authentication standards that are out there. They will evolve, that’s just the nature of the beast,” he said.