Health IT Policy and Standards Committees Hear Updates on Model Privacy Notice, Interoperability Standards Advisory, Privacy and Security, and Health IT Playbook

On Tuesday, January 10, 2017, the Health IT Policy Committee and Standards Committee, Federal Advisory Committees to the Office of the National Coordinator for Health IT (ONC), convened for an in-person joint meeting. The meeting topics included updates from the ONC Office of Policy, a 2017 Interoperability Standards Advisory (ISA) review and draft recommendations from the ISA Task Force, updates from the Office of the Chief Privacy Officer and Office of Standards and Technology, and consumer task force update and Health IT Playbook feedback.

Elise Sweeny Anthony, ONC, provided an update from the Office of Policy. Anthony highlighted the 2016 Model Privacy Notice, (MPN) a voluntary, openly available resource designed to help health technology developers who collect digital health data clearly convey information about their privacy and security policies to their users. The 2016 MPN was updated from the 2011 version which was developed in collaboration with the Federal Trade Commission (FTC) and focused on Personal Health Records (PHRs), which were the emerging technology at the time. Recognizing a need for an updated, broader MPN, ONC with the help of the Office of Civil Rights (OCR), FTC, and various stakeholders, developed new MPN content.

Steve Posnack, ONC, reviewed the 2017 Interoperability Standards Advisory and emphasized that the new online ISA represents a significant, positive shift. The new online platform not only allows for an interactive engagement with the ISA but also provides a community-wide, centrally accessible resource to standards and implementation specifications. Future changes may include making ISA even more interactive and continued growth in interoperability needs among others. Richard Elmore and Kim Nolan, co-chairs of the ISA Task Force, reviewed ISA Task Force draft recommendations.  Posnack also provided an update from the Office of the Standards and Technology.

Lucia Savage, ONC, provided an update from the Office of the Chief Privacy Officer. On the security front, Savage highlighted a final report from the President’s Commission on Enhancing National Cybersecurity that was released on December 1, 2016. The report contains 16 recommendations intended as a foundational document for the new Administration. Highlights include mention that the economic sector matters less as the internet of things causes technical convergence and an inability to segment risk by economic sector and that many organizations and individuals fail to do the basics of cybersecurity. Additionally, a document from NIST entitled NISTIR 8062 An Introduction to Privacy Engineering and Risk Management in Federal Systems was also discussed.

In regards to privacy, Savage highlighted MPN. In addition to her focus on developing new MPN content, Savage discussed the launch of the Privacy Policy Snapshot Challenge. The challenge provides an award to the creators of the best MPN generator that produces a customizable MPN for health technology developers.  The submission deadline for the Challenge is April 10, 2017.

Lastly, Savage provided information on the National Governors Association (NGA) Roadmap for States. The Roadmap was developed to help states evaluate and implement changes to achieve better health, better care and lower costs by increasing the flow of clinical information between providers while protecting patient privacy as a step toward nationwide interoperability.

Updates from the Consumer Task Force were provided by co-chairs Donna Cryer and Patricia Sengstack. The Task Force convenes on an as needed basis and provides insight on ONC/HHS projects/initiatives with a consumer focus to ensure the person remains at the center, engaging the experience and feedback of both patients and providers. The current focus of the Consumer Task Force is providing feedback on the Health IT Playbook. Overall, committee members praised the playbook as a centralized resource that covers a wide range of topics in one location. A sample of the recommendations include broadening the audience to HIT implementers, organizational leadership, technology developers, administrators and others; organizing and streamlining the content to make is easier to digest; improving the readability and usability of the Playbook; making Playbook updates in a timely manner; and disseminating the Playbook through different channels such as HIMSS, associations that support health centers, vendors, and others.

The next collaboration of the Joint Committees will take place via conference call on February 7, 2017.

An audio recording of the January 10, 2017 meeting can be found on the ONC website.