Governance Framework for Trusted Electronic Health Information Exchange

The ONC has released the Governance Framework for Trusted Electronic Health Information Exchange. The Governance Framework reflects the principles in which ONC believes when it comes to the policy set for HIE governance. This framework is intended to provide a common foundation for all types of governance models. Entities that set HIE policy should look to the Governance Framework’s principles as a way to align their work with national priorities. The four key categories of principles discussed in the Governance Framework include:

1. Organizational Principles: Identify generally applicable approaches for good self-governance;
2. Trust Principles: Guide HIE governance entities on patient privacy, meaningful choice, and data management in HIE;
3. Business Principles: Focus on responsible financial and operational policies for governance entities, with emphasis on transparency and HIE with the patients best interests in mind;
4. Technical Principles: Express priorities for the use of standards in order to support the Trust and Business Principles as well as furthering the execution of interoperability.

The Governance Framework’s intended audience includes any entities that set HIE policy such as: State governments, public-private partnerships, health information exchange organizations (HIOs), and private companies, but is not meant to speak directly to “users” of the exchange services governed by such entities. As Steven Posnack, Director of the Federal Policy Division at ONC and health IT policy wonk extraordinaire  said at the NeHC HIE Governance Forum in announcing the framework, "These principles are the pillars of health information exchange governance." A very important part of the strategy, and one of these pillars, are the Trust Principles, which would require that an entity that sets HIE policy is responsible for creating an environment in which patients should:

1. Be able to publicly access, in lay person terms, a “Notice of Data Practices.” Such notice would explain the purpose(s) for which personally identifiable and de-identified data, consistent with applicable laws, would or could be electronically exchanged (e.g., treatment, payment, research, quality improvement, public health reporting, population health management).
2. Receive a simple explanation of the privacy and security policies and practices that are in place to protect their personally identifiable information when it is electronically exchanged and who is permitted to access and use electronic HIE services.
3. Consistent with applicable laws, be provided with meaningful choice as to whether their personally identifiable information can be electronically exchanged.
4. Consistent with applicable laws, be able to request data exchange limits based on data type or source (e.g., substance abuse treatment).
5. Consistent with applicable laws, be able to electronically access and request corrections to their personally identifiable information.
6. Be assured that their personally identifiable information is consistently and accurately matched when electronically exchanged.

National Coordinator Farzad Mostashari said in a blog post outlining the framework, "The Governance Framework reflects what matters most to ONC when it comes to national health information exchange governance and the principles in which ONC believes. We’ve published this framework to provide a common foundation for all types of governance models. Entities that set health information exchange policy should look to the Governance Framework’s principles as a way to align their work with national priorities." I encourage everyone interested in health data exchange to carefully read the Governance Framework: http://www.healthit.gov/sites/default/files/GovernanceFrameworkTrustedEHIE_Final.pdf