Healthcare in Government Government Identity Summit. Debbie Bucci IT Architect, ONC Sept 17, 2014
|
|
|
- Herbert Hutchinson
- 8 years ago
- Views:
Transcription
1 Healthcare in Government Government Identity Summit Debbie Bucci IT Architect, ONC Sept 17, 2014
2 AGENDA General Overview Standards work Identity ONC, NSTIC, IDESG overview Provider perspective Privacy on FHIR overview Patient Perspective PCOR - Researcher Perspective
3 ONC Formed in 2004 by President Bush The Office of the National Coordinator for Health Information Technology (ONC) is the lead agency charged with formulating the federal government s health IT strategy and coordinating federal health IT policies, standards, programs, and investments. Current Federal Health IT Strategic Plan Improve care, improve population health, and reduce healthcare costs through Meaningful Use of Health IT Achieve Adoption, Secure Information Exchange, and the Effective Use of Health IT Inspire Confidence and Trust in Health IT Empower Individuals with Health IT to Improve their Health and the Health Care System Achieve Rapid Learning and Technological Advancement 3
4 Meaningful Use and Certification of Health Information Technology American Recovery & Reinvestment Act (HITECH component) of 2009: Established ONC in law. Created Medicare and Medicaid EHR Incentive Programs, meaningful use (MU). MU: Incentivized EHR adoption and prioritized electronic health information exchange and quality measurement. Uses carrot and stick approach - incentives that decrease over time, then penalties for non-compliance that grow over time. Many, but not all, health care providers are eligible for incentives - health care professionals, hospitals, and critical access/rural hospitals. Law requires providers to demonstrate meaningful use of certified EHR technology using ONC-certified EHR technology. Certification: Secretary has authority to adopt standards and certification criteria for health IT. ONC does this via rulemaking with input from two FACAs (HIT Policy Committee and HIT Standards Committee). HITECH charges the National Coordinator with establishing voluntary health IT certification programs. ONC administers the ONC HIT Certification Program. Office of the National Coordinator for Health Information Technology 4
5 ONC and Health IT at Critical Inflection Point Health IT adoption largely successful Public and private sector demanding and expecting data interoperability so it is available when needed Tech market more ready than in past Opportunities to support more informed consumer choices and digital data to support efforts like precision medicine 9/25/2014 Office of the National Coordinator for Health Information Technology 5
6 Interoperability Roadmap
7 Timeline and Milestones
8 ONC Engagement Enable stakeholders to come up with simple, shared solutions to common information exchange challenges Teams convened to solve problems Coordinat e Federal Partners Solutions & Usability R&D Curate a portfolio of standards, services, and policies that accelerate information exchange Collaborate with federal agencies to coordinate federal health IT priorities as manager of Federal Health Architecture Support Innovation through Innovation/Challenge Grants, and interfacing with International Standards community 8
9 Federal Health Architecture: Overview Established as an OMB E-Gov line of business (LoB) in 2004 Purpose: to ensure that Federal agencies seamlessly and securely exchange health data with other agencies, other government entities, and with other public and private organizations Participants: Managing Partner: ONC Funding Partners: HHS Office of the Chief Information Officer (representing HHS agencies) Department of Veterans Affairs Department of Defense Social Security Administration Oversight: Office of Management and Budget (OMB)
10 FHA Governance Structure FHA Governing Board Strategic Direction and Oversight Chaired by National Coordinator FHA Managing Board FHA Advisory Board Planning and Management Architecture & Modeling Workgroup Data Exchange & Interoperability Workgroup Collaborative crossagency work on specific areas of FHA focus Communication & Coordination Workgroup 10
11 FHA Strategic Plan Vision A Federal health information technology environment that is interoperable with the private sector and supports the President s health information technology plan enabling better care, increased efficiency, and improved population health 11
12 Core Technical Standards and Functions Vocabulary & Code Sets Content Structure How should well-defined values be coded so that they are universally understood? How should the message be formatted so that it is computable? Semantic Interoperability Transport Security Services How does the message move from A to B? How do we ensure that messages are secure and private? How do health information exchange participants find each other? Syntactic Interoperability 12
13 S&I Framework Community Participation FACAS HIT Standards Committee HIT Policy Committee Tiger Team ENABLING COMMUNITY Technology Vendors System Integrators Government Agencies Industry Associations Other Experts SDOs HL7 OASIS Other SDOs ONC PROGRAMS & GRANTEES State HIE Program & CoPs REC Program & CoPs Beacon Program 13
14 Standards Implementation & Testing Environment Pre-Certification & Interoperability Testing 14
15 ONC NSTIC Collaboration Points Authentication and Authorization challenges Multiple patient and provider portals Health IT Data Holder Trust Issues Mobile Health Access to cloud-based Health information (PHR, PGHD, Clinical Decision Support Systems) Inform Patient Privacy and Security concerns Patient Matching Consent Data Segmentation Data Provenance 15
16 NSTIC Public Hearing: March 12, 2014 GOAL: Provide the Privacy and Security Workgroup with insights on the current status and readiness of the NSTIC for consideration in determining and recommending standards for the healthcare industry. Panels Current NSTIC Ecosystem and Identity Standards NSTIC Pilots Healthcare perspectives on NSTIC Follow on from previous NSTIC related recommendations from the HITPC & HITSC Recommendations on provider authentication Sept 26, 2012 Recommendation on patient authentication May 3 rd 2013 Recommendations on RESTful Exchange Standards August 30,
17 NSTIC Health care related Pilot Resilient Network Systems (healthcare) E-referrals between San Diego Beacon and Oregon Gorge DAON Strong credential access to AARP Health Record (Health Vault) ID.me TroopID Veteran credential used for both commercial(specials/discounts) and government purpose (FCCX) Commonwealth Of Pennsylvania State HIE Michigan State HIE setting up their own trust framework Cross Sector Digital Identity Initiative (CSDII). INOVA (EPIC mychart) and MyVA State HIE 17
18 Alignment with ONC Interoperability Roadmap Core Technical Standards and Functions Methods to accurately match individuals, providers and their information across data sources Methods for authorizing users to access data from the data sources Methods for authenticating users when they want to access data from data sources Privacy and Security Protections Expand the options for ensuring, at an appropriate level of certainty, that those who access health information electronically are who they represent themselves to be. Assess and improve policies and standards that help ensure health information is only accessed by authorized people and is used in reasonable and transparent ways. Work with the private sector to address emerging cyber threats.
19 IDESG Health Care Committee Health Care Committee Charter1 Rationale: The goal of the Health Care Committee is to provide the coordination, leadership, and technical support necessary to ensure widespread adoption of the Identity Ecosystem Framework across the entire Health Care community Scope: The Health Care Committee shall address the identity technology, policy and relationship (liability) requirements of the health care community and promote cross sector discussion of risk, liability, and regulation. Specific activities will include, but not be limited to: Conducting an inventory of relevant identity and information technology initiatives, frameworks, and communities. Communicating with identified health care stakeholders to promote participation in the Identity Ecosystem Steering Group (IDESG) and adoption of the Identity Ecosystem. Developing use cases and industry specific requirements for IDESG consideration and review. Reviewing and assessing existing regulations, and making recommendations on how they may impact the IDESG and the Identity Ecosystem. Lead by Dr. Tom Sullivan & Dr. Adrian Gropper /25/2014 Office of the National Coordinator for Health Information Technology 19
20 GIS Panel, Tampa, FL The Provider Perspective Thomas E. Sullivan, MD Chair, IDESG Healthcare Committee September 17, 2014
21 Physician & Clinical IT interaction Many years of experience with electronic billing and Practice Management Systems Recent Experience with erx and even less experience with Electronic Health Records (other than a very few pioneers and a small number of large Academic Medical Centers). Healthcare Codes and Transactions 1991 HIPAA 1996; MIPPA 2008; Meaningful Use 2011; Omnibus Rule 2013
22 Timeline continued erx EPCS DEA IFR New York State I-STOP Modifications to Meaningful Use timelines2014 Symantec and Experian unified Credential Service Provider (NSL)
23 Physician Surveys on EHR Impact Mixed data from Rand-AMA extensive study 2013 Considerable dissatisfaction with EHR Usability and Interoperability. Widespread loss of productivity No desire to return to paper Federal carrot and stick approach is too far, too fast Ability to offload documentation and searching tasks to office staff is critical to success. This occasionally leads to sharing logins and passwords inappropriately that compromises true identity and accountability.
24 Provider Supply, Demand and Employment Trends Many physicians have abandoned independent practice and joined larger groups and large corporations an accelerating trend Massachusetts -- over 15 years from 59% to 75% employed by large provider/hospital corporations, e.g. Partners Healthcare in an atypical anti-trust case Corporate attorneys will define policies surrounding IDP/Credentialling/extent of sharing PHI to avoid professional liability
25
26 ONC /VA Privacy on FHIR Pilot: Vision We are on the cusp of a sea change in interoperability, population management, and clinical decision support. CCD led to CCDA which leads to FHIR for content summary exchange. The Direct protocol will evolve to a RESTful interface using OAuth/OpenID for trust fabric creation. However, we're not going to make the move to FHIR and REST unless pilots (followed by agile development of implementation guides) are funded to enable incremental progress. FHIR is too new and REST has too many industry skeptics. The pilots will create a tipping point which mitigates risk and enables progress. Dr. John Halamka
27 ONC /VA Privacy on FHIR Pilot: Overiew of Project 1. What is it? On-Demand bi-directional exchange of Health Information with Selected Apps What, When and How You Want it 2. Why do it? Test technical feasibility of using FHIR and associated privacy and security protocols to provide Patients with meaningful access, management and use of their own information. 3. Deliverables? Incremental pilot milestone demonstrations, OpenID Connect, OAUTH 2.0 and UMA, Open Source Reference Model for implementers 4. Who will do it? Collaborative of Stakeholders dedicated to demonstrating the benefits of HIT cloud capabilities for consumers and providers including: ONC, VA, DoD, Vendors, Patient Privacy Rights, OpenID Foundation, MIT-Kerberos Consortium, HL7 Standards Development Organization
28 ONC /VA Privacy on FHIR Pilot: What is FHIR? Fast Healthcare Interoperability Resources (FHIR) FHIR defines a set of "Resources" that represent granular clinical concepts managed in isolation, or aggregated into complex documents. FHIR is designed for the web: Simple XML or JSON structures, http-based RESTful protocol, Each resource has a predictable URL. FHIR Security and Privacy follows HL7 Security Labeling, Data Segmentation, and Consent Directive standards FHIR is under development and has not yet reached full standard status
29 ONC /VA Privacy on FHIR Pilot: Applying Profiles Patient controls Who gets What User Managed Access (UMA) OpenID Connect / OAuth 2.0 PoF Architecture leverages cloud Privacy and Security Services that Patients use daily as Online Consumers
30 GIS Panel, Tampa, FL Patent Perspective on Identity Dialog with Dr. Adrian Gropper Patient Privacy Rights, CTO IDESG Co-Chair September 17, 2014
31 Privacy on FHIR (PoF)
32 Interoperability Data Out (strict content and authorization standards) Authorization (OAuth) FHIR Authentication (individual accountability, OpenID Connect) Patient ID ("known to the practice", pseudonymity, "pt. right of access") Data In (FIP - minimization, client prefers granularity) Accounting for Disclosures (FIP - notice) Patient-centered, policy-driven Automation (UMA)
33 VA - ONC Pilot Interoperability using web authorization standards Patient centered Symmetry for patients, doctors, institutions
34 Centralized Management
35 Data Segmentation 42 CFR Part 2
36 Apps and IoT Who certifies or audits the app?
37 Patient ID is Optional Out-of-scope Separate from information exchange Relationship Locator Services - queried by? Fair Information Practice
38
39 The learning healthcare system Personal Health Record Electronic Health Record Health Information Exchange Natl & Intl Health Analytics Quality Measures Public Health Clinical Research Interoperability standards and services Certification of HIT to accelerate interoperability Privacy and Security Protections Patient Supportive Practice business, clinical, and regulatory Population environments Public Rules of Engagement and Governance Clinical Decision Support Public Health Policy Clinical Guidelines 39
40 Patient Centered Outcome Research (PCOR ) Comparative Clinical Effectiveness Research (CER) to evaluate the following for individuals (patients) : health care interventions protocols for treatment, care management, and delivery, procedures, medical devices, diagnostic tools, pharma- ceutical (including drugs and biologicals), integrative health practices, and any other strategies or items being used in the treatment, management, and diagnosis of, or prevention of illness or injury Management of CER research by an non-profit known as Patient Centered Outcomes Research (PCORI) The purpose of the Institute is to assist patients, clinicians, purchasers, and policy-makers in making in- formed health decisions by advancing the quality and relevance of evidence concerning the manner in which diseases, disorders, and other health conditions can effectively and appropriately be pre- vented, diagnosed, treated, monitored, and managed through research and evidence synthesis that considers variations in patient subpopulations, and the dissemination of research findings with respect to the relative health outcomes, clinical effectiveness, and ap- propriateness of the medical treatments, services, and items described in subsection (a)(2)(b) PCORI researchers may request use of data clinical databases (including EHRs) and registries from Federal, State or private entities in accordance with laws and regulations governing the release of data.
41 How the Money Is Distributed PCORI 80% GOV 20% 80% for the Patient Centered Outcome Research Initiative (PCORI) to fund research AHRQ 16% to AHRQ for dissemination of research 16% 4% HHS 4% to HHS for data infrastructure $170M
42 PCORI Research Activities Collect Data Knowledge Dissemination Collect Data Identification of Providers and Sites to Participate in Research Collection of system level data Link Data Follow Patients
43 PCORI Research Activities Collect Data Knowledge Dissemination Link Data Standardized Collection of Standardized Clinical and Claims Data Real-time Use of Clinical Data for Research Link Data Follow Patients
44 PCORI Research Activities Collect Data Knowledge Dissemination Follow Patients Information Capture Across the Continuum of Care Use of Provider and Health Organization (or Research Network) Data for Research Link Data Follow Patients
45 PCORI Research Activities Collect Data Knowledge Dissemination Knowledge Dissemination Provide Individual Participant Results of PCOR to Individuals and Providers Provide Aggregate PCOR Results to Providers and Systems Incorporate PCOR Results into Clinical Decision Support Tools Link Data Follow Patients
46 PCOR Notional Architecture Patient Controlled Health Record Direct Patient-Study Data Exchange Dissemination of Learning Payer Admin Data Clinical Data 4 Query Clinical Data Learning Process (e.g., Clinical Trials) Payer Claims Databases Clinical Data Repository 9 Data Extraction Approved Repository Access Approved Database Access 46
47 Questions/Discussion ONC website: S&I Framework Wiki: