News from NATE! – August 16, 2016

NATE logo
Welcome New NATE Members!

e-Health Partners logo Womba logo Trilogy logo landscape
HealthHere VA logo2 SmartPHR logo
Azuba logo MediPortal logo Learn More About
NATE Membership

ONC Considers Privacy & Security Without HIPAA

The Office of the National Coordinator for Health Information Technology (ONC) has issued a new report to Congress: Examining Oversight of the Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAAThis report—developed in coordination with the Office for Civil Rights (OCR) and the U.S. Federal Trade Commission (FTC)—discusses the lack of clear guidance around consumer access to, and privacy and security of, health information collected, shared, and used by entities that are not currently covered by HIPAA. This Report finds that large gaps in policies around access, security, and privacy continue, and finds that confusion persists among both consumers and innovators.

A Comment from the NATE CEO:

The executive summary of this report opens by stating that “[s]haring information electronically can offer real benefits, such as saving time, improving services, and increasing engagement.”  This is undoubtedly true.  However, this report also finds that “large gaps in policies around access, security, and privacy continue, and finds that confusion persists among both consumers and innovators.”  NATE’s mission is to reduce the barriers that consumers encounter in accessing their health information, so they can do what they want with it.  I suspect that a number of priority topics can be distilled from the discussion of this report and NATE looks forward to being part of that collaborative work.

As I read this report, one thing that really jumped out at me was the assertion made in the analysis section that reads “[p]erhaps the most important difference between HIPAA-covered entities and NCEs [non-covered entities] is that [under HIPAA] individuals enjoy a suite of rights with regard to [access to and control over] the protected health information held by a covered entity or business associate.”  Later in this section, the report further supports this assertion by stating that “[f]or key initiatives that leverage electronic health information, such as the President’s Precision Medicine Initiative, it is increasingly important that individuals be able to direct that health information about them be sent where they wish.  OCR recently clarified how strong this right is for individuals under HIPAA…” [emphasis added]

Although the report rightly points out that a patient has a right to access their data under HIPAA, actually acting on these rights is far from simple.  I think there is universal agreement that it is oftentimes too difficult for consumers to successfully submit the right paperwork (e.g. release of information [ROI] forms) to the right person at the covered entity.  I mean, if it is reported that about 50% of the time those requests are ignored or lost, there must be an awful lot of wrong doors when it comes to submitting an ROI.  Similarly, as more and more consumers become engaged in their care and start to use information technology to better manage their health, and the health of their loved ones, we can expect that the health information management professionals responsible for managing these processes will need better ways to receive (securely) these requests from consumers.  If they don’t, they risk being found out of compliance with HIPAA as the volume of consumer requests increase, and the number of requests that fall through the cracks, or otherwise exhaust the 30-day statutory time frame for a response, will surely begin to lead to civil monetary penalties.

I would love to hear recommendations from folks about innovative ways to build a solution that is a win-win for both the consumer and the medical records department.  We need something that is pragmatic and can be realized today.  In fact, NATE would invite your thoughts on ways that we as a community can address not only this, but also the other continuing gaps outlined in the report.  Please share your thoughts with us so we can find ways to move beyond discussing solutions and start implementing concrete improvements together.

What other ideas do you have that could address these policy gaps in simple, practical ways?  Please share your ideas with us by emailing  Some of the best ideas may find their way into a future collaborative project hosted by NATE!

Cn-k5dJXYAAxzYI (1)

Two of the four winners of the Consumer Health Data Aggregator Challenge are members of NATE!

Medyear logo croppedMedyear’s mobile app utilizes FHIR to merge a patient’s records from multiple sources into one clean interface. It borrows a social media-like newsfeed style to show real-time EHR updates and provides easy functionality to message and call clinicians.  

Healthcentrix logo croppedThe Prevvy Family Health Assistant app suite provides the capabilities to manage an entire family’s health and wellness, including targeted information exchange. The platform incorporates both FHIR and Direct messaging with EHRs certified to Meaningful Use Stage 2.



Move Health Data Forward Challenge

Enter the challenge to create an API solution that allows people to authorize the movement of their health data

The Move Health Data Forward Challenge encourages participants to create an application programming interface (API) solution that uses the implementation specifications created by the HEART Workgroup (Heart WG) to allow people to securely authorize the movement of their health data to destinations they choose.

The Challenge will have three phases and two finalists, each winning $75,000.

  • Phase 1 will award $5,000 for up 10 finalists, each based on the proposals they submit to the Challenge.
  • Phase 1 winners will move to Phase 2, which will award $20,000 for up to 5 finalists, each based on the prototype of their Solution.
  • Phase 2 winners will move to Phase 3, which will award $50,000 for up to two winners, each based on the participant’s ability to implement their Solution.

For further information on the Move Health Data Forward Challenge, please review the Federal Register Notice.

ONCi2 logo

NATE makes it easier for providers to share health information with their patients so that their patients can do what they want with it.NATE url2
Copyright © 2015 National Association for Trusted Exchange. All rights reserved.
Contact email:
You are receiving this message because you have an interest in health information exchange.