Sixty-three healthcare providers across the U.S. are urging stronger oversight and transparency in national health data exchange frameworks, warning that current safeguards are inadequate to protect patient privacy.
In a Jan. 22 letter to Mariann Yeager, CEO of The Sequoia Project, the organizations called for changes to the Trusted Exchange Framework and Common Agreement, or TEFCA, and Carequality, two major interoperability frameworks used to exchange patient health information.
The providers cited a “clear pattern” of organizations improperly accessing medical records and said stronger controls are needed to preserve trust in nationwide data exchange. They recommended centralized review of organizations seeking access to patient data, ongoing monitoring for suspicious activity and greater transparency into how health information is exchanged.
Among their recommendations: assigning staff within each framework to vet prospective participants before they are allowed to exchange records. The providers said the current reliance on self-attested business descriptions is inadequate and urged reviewers to verify applicants’ business purposes, national provider identifiers and any past criminal activity.
They also called for TEFCA participants to attest to their exchange purposes and business descriptions directly to the Department of Health and Human Services, noting that false representations to a federal agency could carry legal consequences under federal law.
In addition to upfront screening, the providers said TEFCA and Carequality should implement ongoing monitoring to identify potential fraud. Their suggestions include automated tools to detect anomalous exchange patterns, reporting hotlines and routine credential verification.
The organizations also pressed for greater visibility into network activity. They recommended publishing a public directory of all participants exchanging sensitive medical data, along with their exchange purposes, and releasing metrics showing how many records each participant accesses or contributes. They also urged intermediaries to publicly disclose their data retention policies.
To address privacy and security issues when they arise, the providers proposed expedited and transparent dispute resolution processes. They recommended that the federal government manage the process for TEFCA to ensure accountability and that the outcomes of all disputes be made publicly available. They also called for a digital health fraud task force made up of federal agencies and state attorneys general to investigate issues such as falsified documentation, identity impersonation and high-volume data harvesting.
The letter was signed by leaders from 63 health systems and provider organizations, including Altamonte Springs, Fla.-based AdventHealth; Charlotte, N.C.-based Advocate Health; Los Angeles-based Cedars-Sinai; New York City-based NYU Langone Health; Palo Alto, Calif.-based Stanford Health Care; and St. Louis-based SSM Health.
The signatories said they support nationwide interoperability and expressed interest in working with The Sequoia Project and other stakeholders to ensure data exchange frameworks remain secure environments for sharing sensitive patient information.
The Sequoia Project is a nonprofit organization that focuses on advancing health information exchange across the U.S. It plays a key role in developing and overseeing interoperability frameworks that enable different health IT systems and networks to securely share patient information.
A copy of the letter was shared with Becker’s.
The letter comes shortly after Epic, OCHIN, Reid Health (Richmond, Ind.), Trinity Health (Livonia, Mich.) and UMass Memorial Health (Worcester, Mass.) filed a lawsuit Jan. 13 accusing Health Gorilla and a network of companies and individuals of fraudulently accessing and monetizing sensitive patient medical records through national health information exchange frameworks.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.