When the U.S. Department of Health and Human Services (HHS) released its five-year strategic plan last week, the agency made one thing clear: it can’t accomplish its goals alone. The plan is described as a roadmap for federal health IT activities and a catalyst for industry growth.
It encourages health IT vendors to work with government agencies to help drive the adoption of data sharing that is interoperable, secure, and transparent…wording that definitely seems to have the best interest of the healthcare consumer in mind. All involved recognize the value in making patient data accessible to the right parties to improve health outcomes and better engage the patient in their own care.
The Why but Not the How
So we understand and recognize the why. Now the question is, how?
Our third annual focus group of healthcare CIOs, all members of CHIME, was conducted this week, and it’s clear the how is the big question. Many of the executives expressed concern over ONC regulations on data sharing and how they were going to be able to keep that data secure. Then, a day later, HHS released the plan, which likely added additional concern.
Addressing Data Privacy Concerns with Identity Authentication
There seemed to be confusion on who that data security burden fell to—third parties aggregating and storing the data for the patient or the providers themselves. Most CIOs felt the regulations obligated them to share the data with the third parties, even while they recognized that their identity authentication strategy did not cover verifying the patient’s identity before passing information to the third party requesting the data purportedly on behalf of the patient.
Instead, identity authentication by providers has focused on validating patients using their own patient portals. HHS acknowledged the industry blowback from the information blocking rule proposed last year, of which the CIOs clearly expressed concern over. What remains to be seen is how the health IT industry will respond to security and privacy concerns while still maintaining the integrity and interoperability of the data. It will surely be a hot topic at this year’s HIMSS.
What we at LexisNexis Risk Solutions have seen creates success for our customers is a layered identity authentication strategy, paired with data cleansing and linking, which gives organizations a solid foundation for both being able to exchange data and keep it and identities secure. What remains clear is the key to the success of the HHS plan is an ongoing collaboration between the growing health IT industry and the agency stakeholders, with additional coordination now being required with third-party data apps.