In its comments to the ONC on the draft QHIN, SOP Participant and Sub-Participant Supplementary Requirements, the EHR Consortium proposed that workforce validation requirements be applied only to the workforce. Activity of the Qualified Health Information Network, with specific consideration given to participants and sub-participants who are not HIPAA-covered entities.
WHY IT IMPORTANT
The Office of the National Coordinator for Health Information Technology (ONC) is accepting comments on the proposed requirements for QHIN, participants and sub-participants under the Trust Exchange Framework and Agreements. General agreement developed by the project Sequoia participated.
In its January 13 letter, the EHRA pointed out that the needs and benefits of the additional requirements were unclear and suggested narrowing the scope to workforce authentication requirements and control standards. maths.
“The audit standards must be in line with those existing in the ONC Certification Program,” the association said.
“We note that Carequality has no such authentication requirements and has not identified a need to do so.”
In addition to noting the significant changes to end-user workflows that will be required, the providers association also said healthcare providers as authorized entities insurers can determine which authentication method is right for their workforce under HIPAA, based on their risk understanding.
If there is a need to require additional authentication, “we recommend that this be done consistently through legal processes to ensure [protected health information] meet the same standards and processes anywhere, within an organization, within the network, or outside the network.”
The EHRA said other comments on definitions and standards were in the spirit of specifying the parties to TEFCA and focused more specifically on QHIN and non-scoped entities.
The association said it was also concerned that the requirement for multi-factor or two-factor authentication for the entire workforce on QHIN, participants and sub-participants was “too broad to be feasible in a business environment”. current exchange.”
Aside from specific use cases such as controlled prescriptions, “Organizations are not required to implement the proposed methods and there is no reason to consider [TEFCA information] any information other than that which an insured entity currently manages and provides access to to users using existing controls.”
In the event that all participants need to manage PHI, standard operating procedures should be consistent with existing requirements for PHI management where the TEF is not part of the structure, the EHRA said.
TREND TO BIGGER WOMAN
The growing number of people signing up for planned QHINs, including electronic health record providers and emergency IT, opens up greater interoperability for healthcare.
In August, eHealth Exchange in its announcement of QHIN cooperation said it was eager to enhance interoperability under TEFCA.
“This will provide a seamless experience for upcoming organizations that intend to participate in this federally validated framework for sharing patient data,” the organization said.
ON PROFILE
“We recommend that you align your requirement for compliance with ASTM E2147-18 with ONC Certification Criteria §170.314(d)(2), referenced to § 170.210(e)(1), henceforth reference. to § 170.210(h) – ASTM E2147-18 (incorporated by reference in § 170.299),” EHRA said in its letter.
“We note that § 170.210(e)(1) specifies specific sections of the ASTM E2147-18 standard.”
Andrea Fox is the senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS.
