The discussion between stakeholders of the MassHIWay, the Commonwealth of Massachusetts’s health information exchange (HIE), has reached as snag in determining who will assume authority for enabling conditions of trusts, according to Beth Israel Deaconess Medical Center (BIDMC) CIO John Halamka, MD. “2013 is the year we’ll address the policy and technology barriers that have historically slowed adoption of large scale HIE,” he writes in a recent post on Life as CIO.
Halamka has revealed the challenge of establishing a trust fabric for the state HIE. “Initially our state HIE, the MassHIWay, presumed it would be the certificate authority/registration authority for all state stakeholders, creating a trust fabric through a single set of processes and agreements,” writes Halamka. “As often occurs in life, theory and the practice differ.”
According to the BIDMC CIO, the conversation about establishing the trust fabric, which is necessary for the exchange of documents key to Stage 2 Meaningful Use, stems from the adoption and use of numerous EHR systems, each relying on a unique health information service provider (better known as a HISP). HISPs are vital for providing assurances about users, maintaining technical safeguards, and using standards that make the flow of information both efficient and secure.
At first blush, healthcare organizations and providers using EHR systems from eClinicalWorks, Cerner, Epic and Meditech (among others) tend to feel more comfortable using the HISP provided by their vendors rather than stepping out of their comfort zones and embracing a new HISP.
“How do we knit together all of the HISPs into a trust fabric that authenticates our users, authorizes access for appropriate clinicians, and minimizes privacy risks?” continues Halamka. “It’s clear that we must embrace technology and policies which enable HISP to HISP communications, not just a single HISP and certificate authority.”
The network of networks approach carries with it a number of concerns for those responsible to safeguarding patient information and minimizing risks associated with authorizing senders and recipients of information. “The reality of Meaningful Use Stage 2 certified software is that sometimes the connections will be with the EHR directly, sometimes through the EHR vendor’s cloud, and sometimes through third parties,” observes the healthcare CIO.
What remains for MassHIWay stakeholders is to determine policy and technology details, which will be hammered out by workgroups assigned to those tasks. For those working to resolve similar HIE concerns in other states, the experience in Massachusetts should provide some consolation at the very least that even the top healthcare organizations and providers struggle with coming to consensus.