You have the choice to get your health information anywhere and any way you want –according to the Office of Civil Rights with some limitations. Today, more and more uses of health information are being presented to consumers as innovators recognize our demand for health related applications. Unfortunately, there is a dilemma. Over the past ten years a lot of things have changed – more and more providers are using technology to improve how they deliver care and, once that care is delivered, how they share information with other caregivers that see the patient. Sadly, other things are still pretty much as they were in the 19th Century, including how patients get access to information about themselves held by their provider.
The release of the National Association for Trusted Exchange’s (NATE) Blue Button for Consumers (NBB4C) Trust Bundle is aimed at simplifying interoperability between the healthcare delivery system and the consumer, enabling you to decide how to use your health information.
NATE is an association focused on enabling trusted exchange among organizations and individuals with differing regulatory environments and exchange preferences. With beginnings back in 2012, NATE emerged from a pilot project supported by the Office of the National Coordinator for Health Information Technology (ONC). NATE was incorporated as a not-for-profit organization on May 1, 2012 in the District of Columbia. NATE has been operating Trust Bundles in production since November 2012 and recently took over administration of the Blue Button Consumer Trust Bundles. Working with a broad set of stakeholders through multiple task forces, crowdsourcing and a call for public comment, NATE announced the first release of NATE’s Blue Button for Consumers (NBB4C) Trust Bundle February 4th at the ONC’s Annual meeting.
Trust Bundles are a mechanism for establishing scalable trust among organizations and to enable the secure sharing of data among those who elect to rely on them. Each Trust Bundle includes a way to uniquely identify organizations that have demonstrated that they meet or exceed a common set of policies and practices. Commonly referred to as eligibility criteria, each applicant to a Trust Bundle must demonstrate they meet or exceed these eligibility criteria in order to be included in the bundle. The eligibility criteria of the NBB4C were established following a multi-phase process that included public comment and diverse stakeholder input. Trust Bundles provide a standard, electronic means to communicate which organizations that have completed the onboarding process remain in good standing and to remove those organizations that no longer meet the criteria established for the bundle over time.
Who says? The wisdom of crowds
Being included in our trust bundle doesn’t guarantee that the considerations that may be important to you as an individual consumer have been verified to the degree that is warranted according to your preferences, but it makes it easier for consumers and other stakeholders to begin to determine which offerings are a good place to start. NATE can’t promise to be everything to everybody but we can continue to do what we have done thus far to improve based on consensus.
How did we decide what criteria to include? Over the past two years (see presentation on NATE’s website) we have worked with many individuals and organizations to establish eligibility criteria appropriate for CFAs. In year one, we conducted a broad discovery pilot to learn what was possible. In the second year, we pared down what we would cover in the first production release of our bundle to the most fundamental necessity – getting the data from your providers to you. We developed a draft set of recommendations based on what we and many others had learned in the emerging consumer health information exchange space over the prior year and asked broadly for public comment.
Working through the fall of last year, our staff and a task group made up of thought leaders in this space did a lot of hard work trying to balance what was a ‘must have’ for today and what would need to wait until tomorrow, what was practical as a starting point, and what was a showstopper that would kill consumer engagement if introduced. The NATE Board of Directors has now approved the recommended trust framework for release into production.
What is the problem that we are trying to solve?
Many reasons have been provided for not sharing health data with patients. Before the NBB4C, it has been difficult for providers to exchange with all of the different choices among consumer facing applications (CFAs) that a panel of patients could select from in a scalable way. In the past, a provider organization would have to reach out to every different CFA – which includes any application that is patient-controlled and involves information about your health, including what has traditionally been described as personal health records (PHRs) or patient portals as well as more narrowly focused consumer controlled apps and tools – chosen by one of their patients, track down information about that apps policies and practices and take the steps necessary to enable secure exchange with the CFA. Reducing the burden on providers to be able to share with onboarded CFAs is part of what NATE aims to achieve by giving them a one-stop shop to discover which CFAs have onboarded to the NBB4C.
There have also been those who argue that a provider organization – who must comply with HIPAA and a myriad of other state and federal laws in order to share health information about you with another provider – must also ensure that when they send data to an application of your choice that this CFA must also meet or exceed the same plethora of regulations. Part of NATE’s goal with this bundle is to help dispel this myth as this is simply not true. We hold HIPAA-covered entities to a different set of regulatory requirements because they are sharing data about you with someone else – and you should have a say in that. When a provider or any other covered entity is sharing data with you there is no authorization or specially protected data considerations to be made. That provider is simply required to confirm that the address they are using to send you your data is correct and that it results in the application of your choice being able to consume it (which is what NBB4C facilitates).
On the other side of the street, once the provider has pushed your data to the application of your choice, there is also a gap. All stakeholders, be they providers, consumers, employers, payers or the government want to ensure that the public gets treated fairly and that your privacy is preserved. So does NATE.
Over the past two years NATE has learned a lot about some of the most important things to consider when differentiating between those CFAs that fall somewhere between the spectrum of using an unsecure regular email (perhaps the most convenient but certainly not secure) to get your health information, many of the consumer facing applications available today (less convenient but to varying degrees more secure) and choosing not to get your data electronically at all (the most secure but the least convenient. There is no way to ensure that any CFA that you might pick can guarantee your health information won’t be inappropriately disclosed (and why we respect your right to be left alone – if you choose to opt out of getting access to your data).
NATE’s work in establishing the NBB4C helps to identify those CFAs that meet or exceed the criteria that we consider to be the most important characteristics of a trustworthy steward of consumer health information. NBB4C helps relying parties (like your doctor) identify CFAs that have significantly differentiated their offering from the unsecure regular email side of the spectrum on matters that our process found to be the most important to protecting consumers, while still enabling patients to benefit from the value of having access to their health information. Being in the NATE Trust Bundle doesn’t warrant that nothing will ever happen to your data but we think we have incorporated a lot of what many people would ask when picking a CFA as a part of the eligibility criteria for the NBB4C.
Who cares?
We hope that you do. We hope that it makes the process of picking a CFA (or other health application that relies on clinical content created by your provider and other covered entities) easier. Ultimately, you need to know that simply because a CFA is in the NBB4C doesn’t mean that you’re data is in a risk free sanctuary or that, given your personal risk tolerances, any one of the apps in our bundle satisfies your comfort level for security or privacy. Ultimately you have to decide. We encourage everyone to examine all of the information that is available about different options before electing to adopt any tool to manage your health information.
We also hope that in time what we are introducing makes it easier for providers all across the country to share health information with you, leveraging the investment in health IT that has been made over the last ten years to enable providers to exchange with one another. In the absence of the NBB4C, it is time-consuming for providers to enable their systems to share health information with consumer applications. We hope that, at least in part, we make it easier for them to share health information with those of you who have chosen one of the CFAs that have been onboarded to the NBB4C.
There are so many benefits to be realized when you are in command of your health information and can use it to better manage your own care and the care of your loved ones. In the current release of the NBB4C, we have focused on the narrow path of simply making it easier for your providers to share your health information with you.
The next phase
Everyone recognizes that there is much more that could be done and that there is plenty of untapped opportunity yet to be harnessed. Even with the broad adoption of the NBB4C there will still be more work to be done to get the most out of having access to your data. But we feel the benefits of starting now considerably outweigh the risks of waiting to see if something better is just around the bend.
If expanding on this objective and broadening the capabilities that tools like the NBB4C can provide is of interest to you, I encourage you to consider becoming a member of NATE. Help us continue to move patient engagement forward today in the real world. It’s your data. It’s your health. And it may very well be the life of someone that matters to you that is at stake. With the NBB4C, there is a path forward, but only with everyone’s participation can we begin to realize all of the promise that the future holds. For those of you that are also involved in CFAs or create health information that you would like to be able to share with your consumers please visit NATE’s web-site or contact me directly.
Categories: Uncategorized
Aaron,
Well formulated. Balancing security/privacy concerns and practical access by consumers to their electronic records (a right clearly laid out by HIPAA – using any transport mechanism the consumer wants), is not trivial. Important that we have a tiered approach that doesn’t try to enforce a “one size fits all” approach for Provider-Consumers/CFAs and Provider/Payer-Provider/Payer exchange. The regulatory laws are different, the use cases are different, and the market best practices in other industries are different for consumer-centric vs. non-consumer-centric exchange.
Looking forward to a successful launch of NBB4C and strong partnership of NATE and DIrectTrust to ensure secure, effective end-to-end healthcare data portability for all use-cases, in alignment with HIPAA patient rights and consistent with the best interests of all stakeholders, including consumers.
Integration and support for NATE will be an important litmus test of whether vendors/providers/payers are “walking the walk” or just “talking the talk” when it comes to executing in alignment with the intent of Meaninfgul Use, HIPAA, etc. when it comes to consumers/patient access to their healthcare data.
Security/privacy can be a genuine concern or a smoke-screen to avoid reasonable consumer/patient access to their own data. Appears pretty clear to me what side NATE is on… now we need similar clarity from all.
Congratulations Aaron, and NATE, and the hundreds involved in developing the NBB4C trust bundle. This is potentially a turning point event. As we all know, the effort to achieve interoperability of patient records has not really taken off, despite billions of dollars having being spent. I attribute this to the attempt to impose interoperability by fiat from the top down. This resulted in a focus on getting buy-in from the most powerful influencers to a one-size-fits-all solution that — not-surprisingly — didn’t include the patient or their caregivers. If the question had instead been asked: which patients need interoperability and how would it best work for that patient’s health, it would have been immediately apparent that 1) those patients that could most benefit from electronic data sharing are the medically complex with multiple providers and caregivers; and 2) outcomes for those patients would be significantly improved – and costs lowered – by having the patient and their designated caregivers be a part of the electronic data-sharing network. Unfortunately, that didn’t happen during the first go-round and patients and consumers didn’t have a viable way to electronically participate. This is where the NBB4C Trust Bundle may be a transformative event, finally allowing patients and their caregivers to regularly participate as a performers of various activities on their provider-directed care plan.
This is a great organization and an important initiative. All patients should have an easy, transparent, and secure way to retrieve their health records. Thanks for all the hard work!