- Public comment on the 2015 Interoperability Standards Advisory open draft ended on May 1, but not before the Healthcare Information and Management Systems Society (HIMSS) submitted feedback calling attention to the absence of security standards among other observations.
The Office of the National Coordinator for Health Information Technology (ONC) published the open draft at the beginning of 2015 with the purpose of improving health IT standards development and implementation to advance healthcare interoperability and health data exchange.
"It is ONC’s intent to broadly coordinate with health IT industry stakeholders throughout 2015 to improve the 2015 Advisory’s depth and breadth in order to publish a more complete 2016 Advisory," the federal agency states.
According to HIMSS, an acceptable 2015 Advisory and more complete 2016 Advisory will not be achievable without the inclusion of health IT security standards, which is one of five ideas the organization included in its letter to National Coordinator Karen DeSalvo, MD, MPH, MSc.
"There are many security standards for controls such as authentication, audit log, risk assessment, etc., that are in widespread use as best practice," the group acknowledges.
In its public comments, HIMSS lists seven candidate security standards for inclusion in the 2015 Advisory:
- OAuth 2.0 Authorization Framework
- Transport Layer Security (TLS) Protocol
- Secure Hypertext Transfer Protocol (HTTPS)
- Secure Hash Standards (SHS)
- Advanced Encryption Standard (AES)
- RSA public-key cryptography standards (e.g., IETF, PKIX)
- Digital Signature Standards
Beyond the inclusion of these health IT security standards, HIMSS is also calling on ONC to include columns on health IT standard and implementation adoption, emerging health IT standards, and value sets for guidance purposes, as well as a list of specific versions of HL7 v2 messages "to promote harmonization between organizations and enhance interoperability."
Along similar lines, the organization seeks the alignment of best available standards to "enable our nation to more rapidly make advances to achieve interoperability by building upon this consensus-based foundation of standards" and encouragement of emerging standards such application programming interfaces (APIs) and Fast Healthcare Interoperability Resources (FHIR) to support this effort.
While HIMSS supports ONC's annual approach to update best available health IT standards and implementation specifications, the organization emphasizes the need for cohesion:
Through the use of electronic health records (EHRs), clinical documentation not only serves to record individual patient experiences but, if the data are collected and reported in a standardized fashion, they can also be aggregated to discern best practices in clinical care which will ultimately lead to improved care and outcomes.
These comments echo those of the Premier healthcare alliance in calling attention to the downstream impact that health data collection and sharing by clinicians have on secondary and tertiary uses of this medical information.
"The ability to share data will inform meaningful analysis of those data for all users who perform clinical care, quality audits, clinical research and other healthcare related operations," the HIMSS letter states.
Read the full comments by HIMSS here.