 |
Return to detail page at www.hitsp.org | HITSP/IS107 |
| Prev TOC Next |
| HOME |ABOUT |MEMBERSHIP |NEWS & ANNOUNCEMENTS |MEETINGS |FAQ |CONTACT US | | Powered by American National Standards Institute |
|
Return to detail page at www.hitsp.org | HITSP/IS107 |
| Prev TOC Next |
This section summarizes the ARRA requirements that can be addressed by EHR systems. It then lists and describes the set of HITSP Capabilities that define business services that support information exchanges that involve an EHR system information exchanges that are specified in one or more of the thirteen HITSP Interoperability Specifications (IS) accepted or recognized as of the enactment date. Following is a mapping between the EHR system Capabilities and the ARRA requirements that they address. Finally this Section describes security and privacy functions as outlined in ARRA and how they are addressed and integrated within infrastructure Service Collaborations.
The following table lists the HITSP Capabilities, their ID number, and a short description of each. A Capability specifies a business service (e.g., the HITSP Communicate Hospital Prescriptions Capability supports electronic prescribing for inpatient prescription orders). Each HITSP Capability is based on HITSP constructs (e.g., Transactions, Transactions Packages, and Components) and secure Infrastructure Service Collaborations. It is expected that further policy decisions may identify proper subsets of this overall specification for implementation e.g., for definition of Meaningful Use for 2011. It is the intention of this specification that each capability could be used as part or all of an independent subset and that definition of such a proper subset could identify additional constraints to be placed on the capability(s) included in the subset.
Note that capabilities may be combined by an Interoperability Specification to address more inclusive requirements for example, support for the formal process of medication reconciliation can be addressed when HITSP/CAP118 Communicate Hospital Prescription is associated with HITSP/CAP 119 Communicate Structured Document (medications and allergies).
In this IS, the capabilities are limited to those information exchanges that involve an EHR in one or more of the existing HITSP Interoperability Specifications (Table 5-1 in the Appendix portrays what ISs each Capability is derived from). The Design specifications for each Capability are provided in Section 3.0.
Table 2-1 HITSP Information Exchange Capabilities
|
Capability ID |
Capability Name |
Capability Description |
|
HITSP/CAP117 |
Communicate Ambulatory and Long Term Care Prescription |
This capability addresses interoperability requirements that support electronic prescribing in the ambulatory and long term care environment. The capability supports: 1. The transmittal of new or modified prescriptions 2. Transmittal of prescription refills and renewals 3. Communication of dispensing status 4. Access to formulary and benefit information |
|
HITSP/CAP118 |
Communicate Hospital Prescription |
This capability addresses interoperability requirements that support electronic prescribing for inpatient orders that can occur within an organization or between organizations. The capability supports the transmittal of a new or modified prescription from a Hospital to an internal or external pharmacy. It also includes the optionality to access formulary and benefit information. |
|
HITSP/CAP119 |
Communicate Structured Document |
This capability addresses interoperability requirements that support the communication of structured health data related to a patient in a context set by the source of the document who is attesting to its content. Several document content subsets, structured according to the HL7 CDA standard, are supported by this capability. The following are examples of the type of structured data that may be used: 1. Continuity of Care Document (CCD) 2. Emergency Department Encounter Summary 3. Discharge Summary (In-patient encounter and/or episodes of care) 4. Referral Summary Ambulatory (encounter and/or episodes of care) 5. Consultation Notes 6. History and Physical 7. Personal Health Device Monitoring Document 8. Healthcare Associated Infection (HAI) Report Document Document creators shall support a number of the HITSP specified coded terminologies as defined by specific content subsets specified in this capability. |
|
HITSP/CAP120 |
Communicate Unstructured Document |
This capability addresses interoperability requirements that support the communication of a set of unstructured health data related to a patient in a context set by the source of the document who is attesting to its content. Two types of specific unstructured content are supported, both with a structured CDA header: 1. PDF-A supporting long-term archival 2. UTF-8 text |
|
HITSP/CAP121 |
Communicate Clinical Referral Request |
This capability addresses interoperability requirements that support provider-to-provider (clinical) referral request interaction. It allows the bundling of the referral request document with other relevant clinical documents of interest by referencing such documents as shared by other capabilities such as: CAP119 Communicate Structured Document; CAP120 Communicate Unstructured Document; or CAP133 Communicate Immunization Summary. |
|
HITSP/CAP122 |
Retrieve Medical Knowledge |
This capability addresses the requirements to retrieve medical knowledge that is not patient-specific based on context parameters. The actual content delivered is not constrained by this capability; this capability focuses on providing the mechanism to ask for (query) and receive the medical knowledge. |
|
HITSP/CAP123 |
Retrieve Existing Data |
This capability supports queries for clinical data (e.g., common observations, vital signs, problems, medications, allergies, immunizations, diagnostic results, professional services, procedures and visit history). |
|
HITSP/CAP124 |
Establish Secure Web Access |
This capability is focused on providing a secured method to access information available from document repositories (e.g., Laboratory Report) in order to view them locally on a system. The chosen method for viewing the document content is through a web browser. |
|
HITSP/CAP125 |
Retrieve Genomic Decision Support |
This capability addresses interoperability requirements that support the communication of genetic and family history information and an assessment of genetic risk of disease for a patient. |
|
HITSP/CAP126 |
Communicate Lab Results Message |
This capability addresses interoperability requirements that support the sending of a set of laboratory test results. Ordering Providers of Care receive results as a laboratory results message. The communication of the order is out of scope for this capability. The content of these test results may be either or both: General Laboratory Test Results; Microbiology Test Results This capability may use content anonymization. |
|
HITSP/CAP127 |
Communicate Lab Results Document |
This capability addresses interoperability requirements that support the communication of a set of structured laboratory results related to a patient in a context set by the source of the document who is attesting to its content. Non-ordering Providers of Care access historical laboratory results as documents and "copy-to" Providers of Care may receive document availability notifications to retrieve such lab report documents. Lab Report content creators shall support HITSP specified coded terminologies as defined by specific content subsets specified in this Capability for: General Laboratory Test Results; Microbiology Test Results This capability may use content anonymization. |
|
HITSP/CAP128 |
Communicate Imaging Information |
This capability addresses interoperability requirements that support the communication of a set of imaging results (i.e., reports, image series from imaging studies) related to a patient in a context set. This is done by an Imaging System acting as the information source attesting to its content. This capability may use content anonymization. |
|
HITSP/CAP129 |
Communicate Quality Measure Data |
This capability addresses interoperability to support hospital and clinician collection and communication of patient encounter data to support the analysis needed to identify a clinician or hospitals results relative to an EHR-compatible, standards-based quality measure. Quality measures may include: 1. Patient-level clinical detail from which to compute quality measures. Patient level clinical data is compiled from both the local systems and from longitudinal data available through other sources such as a Health Information Exchange (HIE). 2. Patient-level quality data based upon clinical detail. The patient-level quality data reports are exported from EHRs or quality-monitoring applications at the point of care This capability may use content anonymization. Pseudonymization, if needed, is supported by the Capability 138 Retrieve Pseudonym. This capability may use Value Set Sharing. |
|
HITSP/CAP130 |
Communicate Quality Measure Specification |
This capability addresses interoperability requirements for an EHR-compatible, standards-based quality measure. In the measure specification, needed patient encounter data elements are identified so they can be extracted from local systems and from longitudinal data available through other sources such as a Health Information Exchange (HIE). The measure specification also includes various sets of exclusion/inclusion criteria to identify which patients to include in calculation of the measure. This capability may use Value Set Sharing. |
|
HITSP/CAP131 |
Update Immunization Registry |
This capability addresses interoperability requirements that enable electronic communication of immunization data among clinicians, with patients, and with immunization registries as unsolicited structured patient immunization data. This capability may use content anonymization. |
|
HITSP/CAP132 |
Retrieve Immunization Registry Information |
This capability addresses interoperability requirements that support the query and retrieval of structured immunization data related to a patients vaccination. The capability may use one of the following: 1. HL7V2 query with implicit Patient Identity resolution 2. HL7V2 query with explicitly Patient Identity resolution prior to query 3. HL7V3 Query for Existing Data The query for immunization documents from Capability 133 - Communicate Immunization Summary may also be used. |
|
HITSP/CAP133 |
Communicate Immunization Summary |
This capability addresses interoperability requirements to support the communication of structured health data related to a patients vaccination history. This immunization document contains a history of administered vaccines with details such as lot number, who administered it, as well as other information related to the patient's care such as medical history, medications, allergies, vital signs. |
|
HITSP/CAP135 |
Retrieve and Populate Form |
This capability addresses interoperability requirements to support the upload of specific captured data (e.g. public health surveillance reportable conditions, healthcare associated infection reporting) to Public Health Monitoring Systems and Quality Organizations Systems. The forms presentedmay be pre-populated by information provided bythe clinical or laboratory information systems to avoid manual re-entry. Anumber of supplemental information variablesmay be capturedfrom within the users clinical information system to improve the workflow and timeliness of required reporting. One or moretypes of form content may be supported: 1. Pre-populationforPublic Health Case Reports from Structured Documents using CDA 2. Pre-populationforQuality Datafrom Structured Documents using CDA 3. No pre-population content Systemsmay optionally support the means to retrieve request for clarifications. |
|
HITSP/CAP136 |
Communicate Emergency Alert |
This capability addresses interoperability requirements to support multicast of non-patient specific notification messages about emergencies events, alerts concerning incidence of communicable diseases, alerts concerning population needs for vaccines and other generic alerts sent to an identified channel. The intended recipients are populations such as all emergency departments in XXX county, within a geographic area, etc. Note that this capability is not used to communicate patient-specific or identifiable data. |
|
HITSP/CAP137 |
Communicate Encounter Information Message |
This capability addresses interoperability requirements to send specific clinical encounter data among multiple systems. The content may be either or both: 1. Encounter Data Message 2. Radiology Results Message It may be used in conjunction with other capabilities such as those related to the communication of laboratory data. This capability includes optional anonymization of content. |
|
HITSP/CAP138 |
This capability addresses interoperability requirements to support a particular type of anonymization that both removes the association with a data subject, and adds an association between a particular set of characteristics relating to the data subject and one or more pseudonyms. This enables a process of supplying an alternative identifier, which permits a patient to be referred to by a key that suppresses his/her actual identification information. The purpose of this capability is to offer a pseudonymization framework for situations that require the use of specific data without disclosing the specific identity of patients or providers. Pseudo-identifiers are intended to allow accessibility to clinical information, while safeguarding any information that may compromise the privacy of the individual patient or provider. However, unlike anonymization, the alternative identifier key can be used to re-identify the individuals whose data was used. |
|
|
HITSP/CAP139 |
Communicate Resource Utilization |
This capability specifies the message and content necessary to report utilization and status of health provider resources to systems supporting emergency management officials at local, state or national levels who have a need to know the availability of hospital and other healthcare resources. The resource utilization information may be provided routinely or in response to a request. |
|
HITSP/CAP140 |
Communicate Benefits and Eligibility |
This capability addresses interoperability requirements that support electronic inquiry and response from a patients eligibility for health insurance benefits. The information exchanged includes the following: 1. A patients identification (i.e., name, date of birth, and the health plans member identification number) 2. Communication of a members status of coverage and benefit information and financial liability 3. Access to information about types of services, benefits and coverage for various medical care and medicationsIt provides clinicians with information about each members health insurance coverage and benefits. |
|
HITSP/CAP141 |
Communicate Referral Authorization |
This capability addresses interoperability requirements that support electronic inquiry and response to authorizing a patient (health plan member) to be referred for service by another provider or to receive a type of service or medication under the patients health insurance benefits. The capability supports the transmittal of a patients name and insurance identification number with the request for the type of service. It also includes the following optional requirements: 1. Identification of the type of service or medication requested for benefit coverage (does not guarantee payment by insurance provider) 2. Communication of a referral notification number or authorization number from the Payer System to the Provider SystemIt provides clinicians and pharmacists with information about each patients medical insurance coverage and benefits. It may include information on referral or authorization permission. |
|
HITSP/CAP142 |
Retrieve Communications Recipient |
This capability addresses interoperability requirements that support access to a directory to identify one or more communication recipients in order to deliver alerts and bi-directional communications (e.g., public health agencies notifying a specific group of service providers about an event). The method and criteria by which individuals are added to a directory is a policy decision, which is out of scope for this construct. |
|
HITSP/CAP143 |
Manage Consumer Preference and Consents |
This capability addresses management of consumer preferences and consents as an acknowledgement of a privacy policy. This capability is used to capture a patient or consumer agreement to one or more privacy policies; where examples of a privacy policy may represent a consent, dissent, authorization for data use, authorization for organizational access, or authorization for a specific clinical trial. This capability also supports the recording of changes to prior privacy policies such as when a patient changes their level of participation or requests that data no-longer be made available because they have left the region. |
The American Recovery and Reinvestment Act (ARRA), notably in Title XIII (HITECH) Section 3000 Definitions (13) Qualified Electronic Health Record, Section 3002 Required Areas for Consideration; and Medicare and Medicaid Incentives defined in ARRA Title IV (Division B) Subtitle A and B have been identified as the source of specific HIT requirements. These ARRA requirements are described in varying degrees of granularity from high-level objectives to explicit HIT functionalities. In the interim since the announcement of this Act, there have been numerous discussions and presentations regarding this set of requirements in various flavors of aggregation in order to simplify the discussion and target the objectives of these requirements around some key priorities. In discussion with the Office of the National Coordinator for Health Information Technology (ONC), it was concluded that the most consistent set of objectives is grounded in the requirements identified in ARRA Section 3002(b)(2)(B)(i)-(viii). As a result, this HITSP EHR-Centric Interoperability Specification has established these requirements as the target to which the HITSP Capabilities are to be associated. The results of identifying which HITSP Capability addresses which ARRA requirement are shown in the Table 2-2 Map of Requirements to Capabilities.
In addition to this identified set of requirements, a recent meeting by the ONC HIT Policy Committee has identified a high-level set of Health Outcomes Priorities that are associated with achieving meaningful use of an EHR. In the interest of harmonization of this latest discussion with this HITSP EHR-centric document, these high-level Priorities have also been included in Table 2-2 for informational purposes.
Table 2-2 Map of Requirements to Capabilities [1]
|
ARRA 3002(b)(2)(B) |
Meaningful Use: Health Outcomes Priorities |
|||||||||||||
|
Capability # |
Capability Name |
(i) Protect Security & Privacy |
(ii) Exchange & Integrate Health Information |
(iii) Certified EHR by 2014 |
(iv) Disclosure Audit (per HIPAA for covered entities) |
(v) Improve Quality and Population Health |
(vi) PHI Rendered Unusable by Unauthorized Individual |
(vii) Patient Demographic Data |
(viii) Needs of Children and Vulnerable |
Quality Safety, Efficiency, Reduce Health Disparities |
Engage Patients & Families |
Coordination of Care |
Population and Public Health |
Security and Privacy |
|
CAP117 |
Communicate Ambulatory and Long Term Care Prescription |
X |
X |
X |
X |
X |
X |
X |
||||||
|
CAP118 |
Communicate Hospital Prescription |
X |
X |
X |
X |
X |
X |
X |
||||||
|
CAP119 |
Communicate Structured Document |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
|
CAP120 |
Communicate Unstructured Document |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
|
CAP121 |
Communicate Clinical Referral Request |
X |
X |
X |
X |
X |
X |
X |
X |
X |
||||
|
CAP122 |
Retrieve Medical Knowledge |
X |
X |
X |
X |
|||||||||
|
CAP123 |
Retrieve Existing Data |
X |
X |
X |
X |
X |
X |
X |
X |
X |
||||
|
CAP124 |
Establish Secure Web Access |
X |
X |
X |
X |
X |
X |
X |
X |
|||||
|
CAP125 |
Retrieve Genomic Decision Support |
X |
X |
X |
X |
X |
X |
X |
X |
X |
||||
|
CAP126 |
Communicate Lab Results Message |
X |
X |
X |
X |
X |
X |
X |
X |
X |
||||
|
CAP127 |
Communicate Lab Results Document |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
|||
|
CAP128 |
Communicate Imaging Information |
X |
X |
X |
X |
X |
X |
X |
X |
X |
||||
|
CAP129 |
Communicate Quality Measure Data |
X |
X |
X |
X |
X |
X |
X |
||||||
|
CAP130 |
Communicate Quality Measure Specification |
X |
X |
X |
||||||||||
|
CAP131 |
Update Immunization Registry |
X |
X |
X |
X |
X |
X |
X |
X |
|||||
|
CAP132 |
Retrieve Immunization Registry Information |
X |
X |
X |
X |
X |
X |
X |
X |
X |
||||
|
CAP133 |
Communicate Immunization Summary |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
||
|
CAP135 |
Retrieve and Populate Form |
X |
X |
X |
X |
X |
X |
X |
X |
X |
||||
|
CAP136 |
Communicate Emergency Alert |
X |
X |
X |
X |
|||||||||
|
CAP137 |
Communicate Encounter Information Message |
X |
X |
X |
X |
X |
X |
X |
||||||
|
CAP138 |
Retrieve Pseudonym |
X |
X |
X |
X |
X |
X |
X |
||||||
|
CAP139 |
Communicate Resource Utilization |
X |
X |
X |
X |
X |
X |
|||||||
|
CAP140 |
Communicate Benefits and Eligibility |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
||
|
CAP141 |
Communicate Referral Authorization |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
||
|
CAP142 |
Retrieve Communications Recipient |
X |
X |
X |
X |
X |
X |
|||||||
|
CAP143 |
Manage Consumer Preference and Consents |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
|||
The work of associating HITSP Capabilities to the ARRA requirements has resulted in every targeted objective having a number of Capabilities that have addressed them in some degree as depicted in Table 2-2. This HITSP work has also included an opportunity to conduct a gap analysis of the HITSP deliverables to the ARRA requirements in order to identify and document areas of these requirements where pending or future HITSP work would enhance the solution for a specific ARRA requirement. The results of this gap analysis is shown in the Table 2-3.
Table 2-3 ARRA Gap Analysis and Resolution Recommendations [2]
|
ARRA Requirement [3002(b)(2)(B)] |
ARRA Text |
Gap in constructs |
Recommended Resolution |
|
(i) Protect Security & Privacy |
3001(b) Purpose- The National Coordinator shall perform the duties under subsection (c) in a manner consistent with the development of a nationwide health information technology infrastructure that allows for the electronic use and exchange of information and that |
Once law is promulgated against this overall scoping section, this list will need to be revisited to identify additional gaps and validate existing gaps. |
Defer, pending publication of regulations. |
|
(i) Protect Security & Privacy |
Technologies that protect the privacy of health information and promote security in a qualified electronic health record, including for the segmentation and protection from disclosure of specific and sensitive individually identifiable health information with the goal of minimizing the reluctance of patients to seek care (or disclose information about a condition) because of privacy concerns, in accordance with applicable law, and for the use and disclosure of limited data sets of such information. |
Of the four data states specified in the NIST 800-66 document the following gaps exist: Data at Rest Data in Use Data Disposed Data in motion is covered by HITSP/T17 and HITSP/C44, but the other three data states are not currently addressed by HITSP. |
The HITSP SPI Tiger Team will forward to the SPI Technical Committee the gaps of data at rest, data in use, and data disposal for consideration in a revised Technical Committee 2009-2010 SOW. This includes identification and selection of appropriate standards and referring any residual gaps to standards development organizations for resolution. |
|
(i) Protect Security & Privacy |
3002(b)(2)(C)(viii) Methods to facilitate secure access by an individual to such individual's protected health information. |
Possible gap: Mobile devices are not specifically covered by existing constructs. This may be a gap. Some additional language may need to be added as to which types of devices are supported and to what degree. (E.g.: Inclusion of portable computing devices.) |
The HITSP SPI Tiger Team will determine if revisions to the constructs to add clarity and explicitly include portable computing devices can be an integral part of the next maintenance release. If not, the SPI TT will identify the gaps so they can revise the HITSP SPI TC 2009-2010 SOW. |
|
(ii) Exchange & Integrate Health Information [Meaningful Use Health Outcomes Priority / Coordination of Care] |
A nationwide health information technology infrastructure that allows for the electronic use and accurate exchange of health information. |
Standardized terminology for allergies to medication, drug intolerances and other allergies is needed as well as the elements or accompanying information (e.g. nature of reaction, severity or reaction, and source of info) In addition agreement is needed on distinctions among allergies, intolerances, side-effects, sensitivity responses, adverse effects and other similar reactions, tolerance, adverse events, side effects, sensitivity reaction |
ISO TS Adverse events pending Some SNOMED mapping for some adverse event/side effect terminologies under way Tolerance definitions not available (for quality typically medication allergen for exclusion) International Harmonization Committee (MedDRA) WHO terminology Recommend harmonization and development of coded terminology |
|
Standards are able to manage the death indicator, but there is a gap in the process to reliably collect and transmit this data element. Hospital outpatient clinics and Emergency Departments may use ADT A^03 to indicate death of outpatients. In the ambulatory setting there is usually no clear standard electronic record of death. The HL7 death indicator exists but is not currently part of workflow in the ambulatory setting |
This will be a matter of training. If there is a demographic resource (e.g. IHE PIX - could be an IHE PDQ message); If Vital Health Statistics resource is available; IHE QED might be used against this resource to access the reason(problem) for death. Vital Health Statistics could be instantiated as a Patient Demographic Supplier |
||
|
(ii) Exchange & Integrate Health Information [Meaningful Use Health Outcomes Priority / Coordination of Care] |
3001(b) (6) improves the coordination of care and information among hospitals, laboratories, physician offices, and other entities through an effective infrastructure for the secure and authorized exchange of health care information; |
Gaps may be identified when the definition of "meaningful use" is available. Revisit to validate when the definition of meaningful use is available |
Defer, pending publication definition for "meaningful use" |
|
(ii) Exchange & Integrate Health Information [Meaningful Use Health Outcomes Priority / Coordination of Care] |
3002(b)(2)(C)(vi) Technologies that facilitate the continuity of care among health settings. |
Long term care (LTC) is referenced only as it relates to the inpatient and ambulatory settings. This capability does not define the LTC environment fully with LTC workflow, participants, needs and activities. It is expected that once an LTC medication management scenario is defined, LTC requirements will be fully addressed. |
The extension of the Medication Management IS for LTC is currently part of the 2009 HITSP work. This will result in the Long Term Care setting requirements being discussed and documented in greater detail. |
|
A standard enabling law enforcement to securely hand over crash victim ID/ECON information to crash scene EMS providers in an automated and streamlined format |
The IHE PCC Technical Committee, in collaboration with various Emergency Responder SME organizations, including the National Association of State EMS Officials, International Association of Chiefs of Police, and International Association of Fire Chiefs, are responsible for resolving the ECON Gap as part of IHE's development of the 2009 'EMS Transfer of Care' Technical Framework Supplement |
||
|
There is a need for a CDA implementation guide for the exchange of assessment instruments that include functional status. |
HITSP has sent a request to SDOs for consideration. HL7 has embraced this requirement and incorporated this into its 2009 work. |
||
|
Nursing documentation, such as nurses notes are a gap in the current standards |
HITSP will send a request to SDOs to create an implementation guide to fill this gap, including: Nursing Summary Component Document that contains notes and observations from the nursing staff and to make sure that CDA will work for all nursing documentation |
||
|
(ii) Exchange & Integrate Health Information [Meaningful Use Health Outcomes Priority / Coordination of Care] |
13101; 3000 Def. (13) QUALIFIED ELECTRONIC HEALTH RECORD.The term qualified electronic health record means an electronic record of health related information on an individual that (B) has the capacity (ii) to support physician order entry; |
Orders are ill-defined for both lab and procedure ordered. Need a standard model so that each vendor can map to standardized mechanism to capture the procedure ordered data element. |
Recommend to LOINC, SNOMED CT, and CPT to develop AND harmonize a suitable coded value set to express order test name and code values |
|
Gap for electronic capture of consult ordered; there are many ways to determine this information, but no good standard identified. For instance Consult result with appropriate components (e.g. an eye exam with appropriate components retinopathy; provides a dx DX ICD can help, but may not be sufficient). Procedures may be an indication of consultation. Need to manage the status of all referrals and orders |
The consultation and communication process is too granular to be measurable Explore incorporation of communication transaction notification |
||
|
(iii) Certified EHR by 2014 |
3002(b)(2)(A) IN GENERAL- The HIT Policy Committee shall recommend the areas in which standards, implementation specifications, and certification criteria are needed for the electronic exchange and use of health information for purposes of adoption under section 3004 and shall recommend an order of priority for the development, harmonization, and recognition of such standards, specifications, and certification criteria among the areas so recommended. Such standards and implementation specifications shall include named standards, architectures, and software schemes for the authentication and security of individually identifiable health information and other information as needed to ensure the reproducible development of common solutions across disparate entities. |
Gaps may be identified when the definition of "meaningful use" is available. Revisit to validate when the definition of meaningful use is available |
Defer, pending publication definition for "meaningful use" |
|
(iii) Certified EHR by 2014 |
3002(b)(2)(C)(i) (i) The appropriate uses of a nationwide health information infrastructure, including for purposes of-- |
Gaps may be identified as we perform a detailed analysis on the Common Data Transport (CDT) Use Case and identify the requirements listed in CDT. |
The HITSP SPI Tiger Team will identify the gaps so they can revise the HITSP SPI TC 2009-2010 SOW accordingly. |
|
(iv) Disclosure Audit (per HIPAA for covered entities) |
Technologies that as a part of a qualified electronic health record allow for an accounting of disclosures made by a covered entity (as defined for purposes of regulations promulgated under section 264(c) of the Health Insurance Portability and Accountability Act of 1996) for purposes of treatment, payment, and health care operations (as such terms are defined for purposes of such regulations). |
There is a gap. HITSP/T15 can support accounting of disclosures but is just one component. |
If needed, HITSP can look to develop an "accounting of disclosures construct, recognizing that there may be a gap in underlying standards. HITSP would need guidance on the level of specificity within the disclosure log (e.g. limited to specific system behavior, or does the system have to capture all disclosures whether generated by the system itself or otherwise (e.g. verbal)). |
|
(iv) Disclosure Audit (per HIPAA for covered entities) |
13405(C) ACCOUNTING OF CERTAIN PROTECTED HEALTH INFORMATION DISCLOSURES REQUIRED IF COVERED ENTITY USES ELECTRONIC HEALTH RECORD |
There is a gap. HITSP/T15 can support accounting of disclosures but is just one piece of the puzzle. |
The HITSP SPI Tiger Team will identify the gaps so HITSP can seek guidance from ONC for what HITSP needs to deliver, and revise HITSP SPI TC 2009-2010 SOW accordingly. |
|
(v) Improve Quality and Population Health [Meaningful Use Health Outcomes Priority / Quality Safety , Efficiency, Reduce Health Disparities] |
3002(b)(2)(C)(x) Any other technology that the HIT Policy Committee finds to be among the technologies with the greatest potential to improve the quality and efficiency of health care. |
The following topics have not yet been covered by HITSP constructs and are not discussed elsewhere in this document: |
Item 1 is not clearly called-for in ARRA, so we need clarification from ONC as to whether a need for nonrepudiation of receipt may be forthcoming (e.g. in a value case). |
|
(v) Improve Quality and Population Health [Meaningful Use Health Outcomes Priority /Engage Patients and Families] |
3002(b)(2)(C)(ii) Self-service technologies that facilitate the use and exchange of patient information and reduce wait times. |
HITSP/C44 enables the use of public terminals for secure access of data. There may be other self-service technologies to facilitate the use of exchange of patient information and reduce wait times that HITSP has not yet considered. |
Seek guidance from ONC on the types of other self-service technologies that we may need to support. |
|
(vi) PHI Rendered Unusable by Unauthorized Individual |
Technologies that allow individually identifiable health information to be rendered unusable, unreadable, or indecipherable to unauthorized individuals when such information is transmitted in the nationwide health information network or physical transport. |
HITSP/T17 supports encryption of data during transmission. |
The HITSP SPI Tiger Team will identify the gaps of data at rest, data in use, and data disposal for consideration in a revised 2009-2010 SOW. This includes identification and selection of appropriate standards and referring any residual gaps to standards development organizations for resolution. |
|
(vi) PHI Rendered Unusable by Unauthorized Individual |
13402(h) Unsecured Protected Health Information. (A) IN GENERAL.--Subject to subparagraph (B), for purposes of this section, the term ``unsecured protected health information'' means protected health information that is not secured through the use of a technology or methodology specified by the Secretary in the guidance issued under paragraph (2). |
Gap in encryption of removable media and portable devices. Encryption of data on removable media and portable devices would provide support for "Safe Harbor" breach notification requirement. |
The HITSP SPI Tiger Team will identify the gaps of data at rest, data in use, and data disposal for consideration in a revised 2009-2010 SOW. This includes identification and selection of appropriate standards and referring any residual gaps to standards development organizations for resolution. |
|
(viii) Needs of Children and Vulnerable [Meaningful Use Health Outcomes Priority / Quality Safety , Efficiency, Reduce Health Disparities] |
Technologies that address the needs of children and other vulnerable populations. |
No way to receive a Risk Analysis report into an EHR. |
The HITSP Care Management and Health Records Domain TC will investigate current standards The resulting Risk Analysis report should use standard Interoperable Clinician/Nursing Terminology with the following local/Interoperable language agreed to by HITSP: This Interoperability Specification will use the CHI recommended SNOMED CT as a reference terminology to communicate interoperable information among and between systems, with the HITSP Interoperability Specification Pre-condition that the sending and using systems must use formal coded nursing terminologies such as the Clinical Care Classification (CCC) System and the Omaha System that are integrated in SNOMED CT |
The following matrix portrays what key security and privacy related functions are integrated within each Capability. Details regarding specific underlying constructs can be found in each Capability. Furthermore, the HITSP Security and Privacy Technical Note (HITSP/TN900) provides a detailed discussion of these constructs, including consideration and context for any security and privacy related policy decisions. Within each cell, a Y indicates an integrated function, an O represents an optionally integrated function, and a blank cell indicates the function is not supported/not necessary.
Table 2-4 Security and Privacy Functions Mapped to Capabilities
|
Security and Privacy Functions |
CAP 117 |
CAP 118 |
CAP 119 |
CAP 120 |
CAP 121 |
CAP 122 |
CAP 123 |
CAP 124 |
CAP 125 |
CAP 126 |
CAP 127 |
CAP 128 |
CAP 129 |
CAP 130 |
CAP 131 |
CAP 132 |
CAP 133 |
CAP 135 |
CAP 136 |
CAP 137 |
CAP 138 |
CAP 139 |
CAP 140 |
CAP 141 |
CAP 142 |
CAP 143 |
|
Manage Consent Directives |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
|
|
Access Control |
Y |
Y |
Y |
Y |
Y |
Y |
O |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
|
|
Secured Communication Channel |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
|
Security Audit |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
|
|
Entity Identity Assertion |
Y |
Y |
Y |
Y |
O |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
|
|
Document Integrity |
O |
O |
O |
O |
O |
O |
O |
O |
O |
O |
O |
O |
||||||||||||||
|
Non-Repudiation of Origin |
O |
|
O |
O |
Y |
O |
O |
|||||||||||||||||||
|
De-identification |
O |
O |
O |
O |
O |
O |
O |
O |
O |
O |
Y |
O |
Y |
O |
O |
O |
O |
A Service Collaboration is the composition of HITSP Transaction and or Transaction Package constructs into a reusable workflow, primarily at the infrastructure level. Service Collaborations do not contain content, i.e., Components. Service Collaborations are organized into an external view, i.e., outward facing interfaces, and an internal view that includes inward facing interfaces and HITSP Transactions and Transaction Packages. Security and privacy constructs are incorporated into the infrastructure Service Collaborations.
Table 2-5 Service Collaborations Definitions
|
SC # |
Service Collaboration Name |
Definition |
|
SC108 |
Access Control |
The HITSP Access Control Service Collaboration provides the mechanism for security authorizations which control the enforcement of security policies including: role-based access control, entity based access control, context based access control, and the execution of consent directives. |
|
SC109 |
Security Audit |
The HITSP Security Audit Service Collaboration describes the mechanism to record security relevant events in support of policy, regulation, or risk analysis. It also provides the mechanism to determine the record format to support analytical reports that are needed. |
|
SC110 |
Patient Identification Management |
The HITSP Patient Identification Management Service Collaboration provides the ability to lookup and/or cross-reference patient identities. |
|
SC111 |
Knowledge and Vocabulary |
The HITSP Knowledge and Vocabulary Service Collaboration provides the ability to retrieve medical knowledge and terminology. |
|
SC112 |
Healthcare Document Management |
The HITSP Healthcare Document Management Service Collaboration provides the ability to share healthcare documents using a set of topologies, such as Media, e-Mail, Point-to-Point, Shared within a Health Information Exchange, and Shared within a larger community (made up of potentially diverse Health Information Exchanges). |
|
SC113 |
Query for Existing Data |
TheHITSP Query for Existing Data Service collaboration provides the capability to query and retrieve data from another clinical system, and the capability to respond to same queries. It applies the necessary Security and Privacy constructs and supports all the queries found in HITSP/TP21. |
|
SC114 |
Administrative Transport to Health Plan |
The HITSP Administrative Transport to Health Plan Service Collaboration provides the transport mechanism for conducting administrative transactions with health plans. |
|
SC115 |
HL7 Messaging |
The HITSP HL7 Messaging Service Collaboration provides the capability to send and receive HL7 messages. This Service Collaboration applies the necessary Security and Privacy constructs. |
|
SC116 |
Emergency Message Distribution |
The HITSP Emergency Message Distribution Service Collaboration performs a multicast notification to specifically identified populations, such as emergency departments. |
|
Return to detail page at www.hitsp.org | HITSP/IS107 |
| Prev TOC Next |