HIT Policy Committee
NHIN Workgroup Recommendations
David Lansky, Chair
Pacific Business Group on Health
Danny Weitzner, Co-Chair
Department of Commerce, NTIA
January 13, 2010
David Lansky, Pacific Business Group on Health
Danny Weitzner, Department of Commerce, NTIA
• Christine Bechtel, National Partnership for Women & Families
• A. John Blair, III, Taconic IPA
• Neil Calman, Institute for Family Health
• James Borland, Social Security Administration
• Carol Diamond, Markle Foundation
• Colin Evans, Dossia
• Tim Cromwell, Department of Veterans Affairs
• Jonah Frohlich, Deputy Secretary, Health IT, California
• Leslie Harris, Center for Democracy and Technology
• Arien Malec, Relay Health
• Marc Overhage, Regenstrief Institute
• Marc Probst, Intermountain Healthcare
• Wes Rishel, Gartner
• Micky Tripathi, Massachusetts eHealth Collaborative
Nationwide Health Information Network
• Workgroup’s Definition of the NHIN
A set of policies, standards and services that enable the Internet
to be used for secure and meaningful exchange of health
information to improve health and health care.
• NHIN Work Group Charge
To create a set of recommendations for a policy and technical
framework for the NHIN in a way that is both open to all and
• Meaningful use criteria in the proposed CMS rule
require exchange of health information among
providers and with patients to improve quality, safety,
and efficiency of care, patient engagement,
coordination of care, and population health.
• Stage 1 criteria involve direct communication of patient
data among providers and with patients (e.g., doctor to
consultant, or lab to doctor, or doctor to pharmacy),
– the exchange is for treatment or payment purposes;
– the sender and receiver are known; but
– the sender may or may not have a prior relationship with the
• The NHIN should support achievement of Meaningful
Use in 2011 and beyond.
Meet the needs of today and tomorrow
This is part of an evolutionary path
There will be incremental growth
All journeys start with a few steps
- Access comprehensive patient
Stage 2 - Automated real-time
- Patient PHR access
- ePrescribing refills
- Electronic summary record
Stage I - Receive health alerts
- ePrescribing - Immunization information
- Lab results into EHRs
- Send clinical summary
to providers and patient
- Public health reporting
- Quality reporting (2012)
• A goal is to support widest possible participation by
providers at the individual and organizational level.
• Incremental approach is reasonable; change will be
• The approach for 2011 is intended to be foundational
and help progress toward longer-term aims in 2013,
2015 and beyond.
• Leverage the Internet and appropriate security
protocols as the transport mechanism.
• What can the government do today to enable the
broadest participation across a wide spectrum of
providers, large and small, by 2011.
• Desired attributes of government role:
– Recognizes (and learns from) existing patterns of exchange
– Minimized to accomplish the agreed upon purposes.
– Creates incentives to stimulate information exchange without
impeding existing exchange models.
– Fosters innovation to achieve new means for information
– Facilitates long-term expansion of information exchange under
a variety of scenarios.
• Key elements that need to be in place to facilitate and
encourage the broadest range of providers (individuals
and organizations) to be able to achieve meaningful
use in 2011:
– Secure Internet transport.
– Directories to allow parties to locate those to whom information
– Means to authenticate/validate identity of parties involved in
– Trust fabric that provides parties with sufficient confidence that
the exchange can be accomplished successfully.
• Extensive provider directories exist, but were created
for different business purposes which, in their present
form, may not be sufficient:
– Varying types of data maintained.
– Different data definitions.
– Certain data may not be currently collected (e.g. place of care).
– The quality and accuracy of the data.
• The quality of the data depends upon the value to the
subject of the data, as well as the use and incentives
• The private sector and those government programs
that rely on directories will still need to maintain and
operationally support directories.
Findings: Identity Proofing and Authentication
• Risk analysis must determine level of assurance
required, this may vary depending upon context.
• Assurance requires both identity proofing (carbon-
based life form) and authentication (same entity); both
are best done as close to the provider as possible.
• Implementation may be supported through various
technical means and by a multitude of entities.
• The Federal Government has defined standards and
services for identity proofing and authentication, as well
as mechanisms to procure reliable intermediaries to
Findings: Trust Fabric
• Information exchange depends on common trust
– Rules for interaction.
– Pre-existing personal and business relationships.
– Understanding and clear expectation of how data will be used.
– Assurance that the exchange takes place as expected
(including the identity of those exchanging data).
– Oversight and accountability for compliance.
• Implementation of the trust elements will differ based
on the nature of the parties to the exchange and the
information being exchanged.
• The absence of a mature policy and technical trust
framework is an impediment to information exchange.
1. Meaningful Use
2. Transport vs. Content
What is the Workgroup’s definition of the NHIN?
A set of policies, standards and services that
enable the Internet to be used for secure and
meaningful exchange of health information to
improve health and health care.
Recommendation #1 – Meaningful Use
• The policies, standards, and services of the NHIN
should enable the broadest range of providers to
exchange information to achieve meaningful use and
enable consumers to be able to access their health
information (as well as states and other organizations
that support those providers).
• The Federal government should focus on the minimum
standards, policies and services needed for
foundational exchange components to further
meaningful use in the near-term.
Recommendation #2 – Transport vs. Content
• The initial focus should be on private and secure
transport over the Internet, with increased focus on
data content over time.
• The NHIN policies, standards and services should be
structured so that simple intermediaries can provide
required services for private and secure routing of
Recommendation #3 – Directories
• The federal government already maintains provider
directories to meet existing federal obligations and
should work with stakeholders to improve upon and
leverage these directories for the NHIN.
• The federal government has a unique role in assuring
that authoritative provider directories are available to
accelerate the exchange of information to successfully
support and increase efficiency of meaningful use.
• The federal government should define a core set of
policies for the inter-operation of trusted directories.
Recommendation #4 - Authentication
• Build upon existing federal standards, policies and
practices for authentication and identity proofing.
• Determine the level of confidence appropriate for
different exchange scenarios.
• Permit innovation and local autonomy in the method of
• If intermediaries are involved in the exchange, make
sure that certification (independent verification) of those
intermediaries is done for authentication and identity
• Include oversight mechanisms and redress.
One Possible NHIN Strawcase
HHS Authorized HSP
HHS Authorized HSP
HS t i d NH
HHS Artifie i d HSP
HHS ertifierszed HSP
Certifiers Authority Authority
NHIN CA issues certificate to HSP if it an Authorized HSP
“NHIN Node” Directory
Certifier validates that the HSP conforms to standards (HSPs, other nodes)
for HSP operations (identity proofing, authentication,
• Health Information Exchange Service Providers (HSPs)
NOTE: Different HSPs
identity proof, authenticate, and represent providers in
information exchange. HSP HSP and other “NHIN
HSPs manage secure delivery of nodes” (e.g., PHRs) can
• HSPs can be HIOs, EHR vendors, transactions companies,
health info packages (e.g., care support different levels
health systems, IPAs, govt agencies, etc.
summaries) via the Internet to and types of health
• HSPs maintain local directories of providers they serve +
and from providers via other info exchange (simple
their health info exchange addresses
HSPs and to and from other to more sophisticated)
“NHIN nodes” (e.g., PHRs)
Provider’s certified EHR generates
health info package in compliance with
applicable vocabulary, document, and
message standards (e.g., care summary)
“Provider A” “Provider B”
Next Steps: Trust
• There is a wide range of possible roles for government
from no action / laissez-faire to detailed regulation or
the passage of new laws.
• Trust implications require further consideration by the
Workgroup, in conjunction with recommendations for
governance of the NHIN.
Dr. John Halamka’s Blog – Life as a
Healthcare CIO: Bookmarked Version
of the NPRM and IFR: