Breaking Through the Data Dams

BREAKING THROUGH

THE DATA DAMS

By Lee Barrett, Marsali Hancock
Lesley Berkeyheiser, CCSFP
and Elinela Perez, LL.M, CIPP/E.

About TNAP

Introduction

Goal 1: Empower Individuals

Goal 2: Enable Providers and Communities

Goal 3: Public and Population Health

Goal 4: Open and Accessible APIs

About the Authors

CONTENTS

ABOUT TNAP

The Trusted Network Accreditation Program (TNAP), founded

by EHNAC, SAFE BioPharma Association, WEDI, eHealth Initiative

and the EP3 Foundation, leverages existing industry-wide identity

verification, authentication, privacy and security frameworks and

best practices already in use across the healthcare ecosystem. The

program provides third party review with accreditation for Trusted

Exchange participants, and a person-centered governance model

for security, privacy, regulatory compliance and rights

management, including compliance with new privacy regulatory

requirements.

The initiative directly aligns with the development of the 21st

Century Cures Act including the Trusted Exchange Framework

and Common Agreement (TEFCA) and, promotes

interoperability, assuring the security and privacy of trusted

networks, and the use of enabling technologies in the healthcare

ecosystem. Confirmed participants include HINs, HIES, ACOS,

Data Registers, Lab, Providers, Payers, Vendors, and Suppliers.

EP3Foundation.org/tnap

INTRODUCTION

This document is modeled after the Office of the National

Coordinator’s Draft Trusted Exchange Framework to empower

patients and provide a baseline of healthcare interoperability

along with acknowledgment of the data dams or areas of

challenge (blocking the desired flow of information) so needed to

move high volumes of sensitive data in a secure manner.

Each of the areas set forth below provides a summary of today’s

current environment, a real-life example, and the corresponding

data dams/blockages to the free flow of sensitive data. Lastly, this

document includes how the TNAP provides core features that

address each of these challenge areas.

EP3Foundation.org/tnap

Summary

In today’s healthcare world, some industry sectors

(like life insurance and research) have the ability to

consolidate longitudinal healthcare data about a

specific patient. However, that information is

typically not made available to the patient.

Real Life Scenario

A middle-aged woman with comprehensive private

insurance needs longitudinal data to observe trends

and make data-informed choices to improve her

health and well being. To do so, she must find,

access, and aggregate all of her health information.

This includes health records from her primary-care

doctor, specialists like ophthalmologist,

dermatologist, gynecologist, mental health

providers (who include psychiatrist and

psychologist), dentists and endodontist, podiatrist,

and physical therapist. It also includes her gym

records where she works weekly with her trainer and

nutritionist, logging detailed health records that

include weight, BMI, blood pressure, heart rate, daily

supplements, diet, and sleep patterns in an

application.

Top Data Dams

Despite of the fact that our patient is technically

savvy and tracks wellness information, she is limited

by her providers' proprietary or legacy technology.

Her insurance company gave her the Health

Records, but they only include claims information

from in-network providers. Her primary-care

physician, endodontist, podiatrist, and other

specialists belong to different hospitals and

healthcare systems. Her psychiatrist, psychologist,

and ophthalmologist have their own private

practice. When she asked for records from her

longtime dentist, only paper copies were made

available for which she had to pay. Some of her

clinics offered apps to communicate directly with

her. However, she has no ability to consolidate her

information even as a baseline for her own personal

use. When she chooses to pursue genetic testing,

this information cannot be amassed into the others

based on its sensitivity, even though it is all hers!

EMPOWER INDIVIDUALS

GOAL 1

● Improve patient ability to coordinate their own care

● Not limited to what it is stored in electronic health records

● Access data from different resources (including technologies that individuals use every day)

● Enable Individuals to access and aggregate longitudinal data

The Trusted Network Accreditation Program Resolution

The Trusted Network Accreditation Program provides a “measurement” or standard setting the

“Privacy and Security” bar related to the handling of healthcare data. Each participant or

“contributor” is required to follow identity, privacy, and security rules making information available

to patients in a method that supports all facets of healthcare delivery and receipt.

EP3Foundation.org/tnap

Summary

Many healthcare providers have become certified in

Meaningful Use in various stages improving some

types of data exchange. However, exported data

remains inconsistent in quality, format, and content.

Additionally, stringent federal and state laws make

sharing certain kinds of information impossible

unless one can verify, in near real-time, the identity,

roles, and permissions of the providers, patients, and

all recipients of highly protected information.

Real Life Scenario

An 18-year-old patient was released from nine days

of inpatient, psychiatric crisis care. Now, she must

coordinate services to address her eating disorder

and alcohol addiction within her parents’ health

insurance. This entails the daunting task of

identifying providers and programs taking new

patients. Sadly, no in-network providers were

available and the only residential substance use

program with an opening is out of state.

Unfortunately, she is unable to receive electronic

health information from her substance use and

mental health providers and share them with her

new private practice psychiatrist.

Her safety is at risk! She has no communication

vehicle to coordinate her other health care providers

able to write prescriptions, such as a dentist or

podiatrist. She and her doctors are unaware of

serious unintended drug interactions when

combined with her privacy-protected medication.

Top Data Dams

Some providers, mitigating stringent state and

federal privacy laws, seem confused about the

HIPAA Individual Right to Access. They provide

sensitive data only in paper form. But even if

providers want to share data, it is difficult to agree

on the identity of the patient and the process to

confirm matching, linking and confidentiality

requirements. Additionally, apps that allow patients

to populate their own information create data

quality problems. When and how can

patient-entered information be imported to

electronic health records? What are the

requirements to ensure quality data with

provenance for peer-reviewed studies, population

safety, and patient care? Significant data obstacles

are caused by the lack of rules about who to share

with, when and how to share including Levels of

Assurance for Identity and Authentication.

ENABLE PROVIDERS AND COMMUNITIES

GOAL 2

● Improve patient and provider safety

● Increase efficiency

● Gather and aggregate comprehensive data from many sources

● Provide a common method authenticating trusted health information networks participants

The Trusted Network Accreditation Program Resolution

The Trusted Network Accreditation Program requires participants to produce evidence that they

meet HIPAA Privacy and Security requirements including enhanced standards to verifying roles

and identity, patient linking, permissions, sharing and authentication.

EP3Foundation.org/tnap

Summary

Recent natural disasters demonstrated that

electronic health information exchange in

emergency situations might be impossible.

Real Life Scenario

Long-term care facilities in California wildfires were

unable to verify their patients' identity or access

their medical records immediately following

evacuation. Providing care, without a verified patient

and provider identity creates liability risks. Mental

health medication, insulin, and even dialysis require

prescribing orders. Many facilities do not have

electronic health records, and not all patients have

hospital records. During Hurricane Maria, in Puerto

Rico, officials were unable to determine deaths or

health needs as a result of the disaster. Additionally,

data regarding immunizations are not credible.

Top Data Dams

Having a standardized method to record and

maintain the longitudinal patient information is a

necessity to allow for improved patient and provider

safety. Once again, we find that the need for set

patient matching, healthcare network contributor

credentialing (ability to be sure those who are

sharing/contributing or receiving data on the

network are who they say they are), is the core

problem.

PUBLIC AND POPULATION HEALTH

GOAL 3

● Provide real-time, quality data collection

● Deliver real-time actionable data

● Provide privacy-protected, secure access to comprehensive health information

The Trusted Network Accreditation Program Resolution

The Trusted Network Accreditation Program provides a “measurement” or standard setting the

“Privacy and Security” bar related to the handling of healthcare data. Each participant or

“contributor” is required to follow privacy and security rules, to provide evidence that they are who

they say they are, and to promote efficient and secure exchange of information to facilitate direct

patient care and quality data collection in support of public need.

EP3Foundation.org/tnap

Summary

In today’s healthcare world, those who build

healthcare systems that support gathering and

exchange do not allow for systems to seamlessly

connect to other systems. This includes electronic

health record systems, as well as device

manufacturers.

Real Life Scenario

Our healthy middle-aged patient wants to add

fitness information to her favorite provider portal.

However, today, only certain devices work with her

current provider portal thus requiring her to

purchase a different fitness tracker in order to

promote data tracking

Another situation is that discharge data from one

inpatient provider to a rehabilitation center is not

seamless since the providers belong to different

healthcare systems. Therefore, instead of having an

efficient secure electronic data interchange, the

records drop back to paper form and delay delivery

of the most appropriate provider care possible.

Top Data Dams

Because vendors and device manufacturers are not

currently required to follow standard systems life

cycle development processes including building

Application Programming Interfaces that are “open”

and usable by all, systems cannot seamlessly or

easily pass data from one to another. Often, if this is

desired, someone, usually the patient has to pay for

the custom programming to be reworked to meet

the goal.

OPEN AND ACCESSIBLE APIs

GOAL 4

● Enable open and accessible application programming interfaces (APIs)

● User-focused innovation to make health information more accessible

● Improve electronic health record usability

The Trusted Network Accreditation Program Resolution

The Trusted Network Accreditation Program requires standard privacy and security rules to be

followed including the best practice life cycle development. This means, whether working with an

electronic health network system or a medical device, data is moved in and out of that system in

the same method. This is similar to how financial data is moved around in today’s world.

Promoting the use of standards for this data sharing such as the FHIR (Fast Healthcare

Interoperability Resource Specification) standard is also contained within the TNAP program.

EP3Foundation.org/tnap

ABOUT THE AUTHORS

EP3 Foundation a 501(c)3 nonprofit, is a multi-sector

community of standards organizations, industry leaders,

researchers, and government agencies committed to

privacy-preserving data sharing. The EP3 Foundation networks

use new data paradigms to give you the power to access,

protect, and share data without revealing personal or sensitive

information.

The Electronic Healthcare Network Accreditation Commission

(EHNAC) is a voluntary, self-governing standards development

organization (SDO) established to develop standard criteria and

accredit organizations that electronically exchange healthcare

data. These entities include accountable care organizations, data

registries, electronic health networks, EPCS vendors,

e-prescribing solution providers, financial services firms, health

information exchanges, health information service providers,

management service organizations, medical billers, outsourced

service providers, payers, practice management system vendors

and third-party administrators. The Commission is an authorized

HITRUST CSF Assessor, making it the only organization with the

ability to provide both EHNAC accreditation and HITRUST CSF

certification.

EP3Foundation.org/TNAP

info@ep3foundation.org

EP3FOUNDATION.ORG