Today the HIT Policy Committee is considering the Privacy and Security Tiger Team recommendations on the Query Health policy sandbox.
By way of background, here are the minutes from last month's introductory discussion from the September HIT Policy Committee:
Richard Elmore of ONC presented on Query Health, recently launched initiative to develop standards and services for distributed population queries. Guidance from and linkage to the HITPC will be crucial to the success of this effort. Elmore presented the vision of Query Health as follows: ―Enable a learning health system to understand population measures of health, performance, disease, and quality, while respecting patient privacy, to improve patient and population health and reduce costs.
The nation is reaching a critical mass of deployed EHRs with greater standardization of information in support of HIE and quality measure reporting. There is an opportunity to improve community understanding of population health, performance, and quality through:
Enabling proactive patient care in the community
Delivering insights for local and regional quality improvement
Facilitating consistently applied performance measures and payment strategies for the community (hospital, practice, health exchange, state, payer, etc.) based on aggregated, de-identified data
Identifying treatments that are most effective for the community.
Elmore commented that the challenges include the high transaction and ―plumbing‖ costs associated with variation in clinical concept coding (even within organizations), the lack of query standards, and the lack of understanding best business practices. There is also a centralizing tendency that moves data further away from the source, increases personal health information exposure, and limits responsiveness to patient consent preference. Another challenge is that the work done to date, with a few exceptions, has been limited to larger health systems (with large IT and/or research budgets).
The goal is to improve the community understanding of patient population health to be able to ask a question, whether it is to a small physician’s office or a larger hospital, and obtain an aggregate result back. Questions could focus on disease outbreaks, prevention activities, research, quality measures, etc. With regard to scope and approach, Elmore explained that Query Health is being structured in a way that is similar to the Direct Project. It is a public-private partnership project focusing on the standards and services related to distributed population queries. The concept is to have an open, democratic, community-driven consensus-based process. There is a critical linkage with the HITPC and Privacy and Security Tiger Team to provide the guidance needed to drive this project.
Elmore reviewed a series of user stories to demonstrate how to adjust queries with simple, secure use cases to establish the standards and protocols for patient data that is going to be queried against, the query and case definition, and then getting the results back to the requestor of the information.
The organization has a voting group of committed members, the Query Health Implementation Group. There are three workgroups (Clinical Workgroup, Technical Workgroup, and Business Workgroup). In terms of timeline, Query Health is at the requirements and specification stage (the next steps are approaching consensus, and undergoing pilots). Query Health was designed with goals alignment with the S&U Framework, as an open government initiative that is engaging a wide variety of stakeholders. Query Health is also aligned with meaningful use and various standards, as well as with one of ONC’s major strategies, the digital infrastructure for a learning health system.
Elmore described the Summer Concert Series, a presentation by the practitioners that have working on distributor queries that highlights the importance of this project. Through this event, a number of challenges were identified, including best practices for data use/sharing, sustainability, auditability, etc.
It is hoped that the HITPC and Privacy and Security Tiger Team will provide Query Health with policy guidance and will monitor Query Health’s progress. It is anticipated that the first activity with which Query Health will be looking for such guidance is in the policy sandbox and to ensure that the project is safe, cautious, and conservative for the purposes of starting that initial pilot work. The initial set of policy sandbox ideas has been modeled after previous S&I Framework initiatives in consultation with ONC policy and privacy and S&I Framework leaders and their staff. The concept is that query requests and responses will be implemented in the pilot to use the least identifiable form of health data necessary in the aggregate within the following guidelines: (1) a disclosing entity should have its queries and results under their control (manual or automated); (2) the data being exchanged will be mock or test data, aggregated de-identified data sets or aggregated limited data sets, each with data use agreements; and (3) for other than regulated/permitted use purposes, cells with less than five observations in a cell shall be blurred by methods that reduce the accuracy of the information provided.
Larry Wolf asked how Query Health relates to other activities focused on quality measure initiatives. Elmore indicated that this issue has been raised during the Summer Concert Series as well as in Query Health’s Technical Workgroup. In the next few months, it is expected that decisions will be made as to which standards will be applied. Query Health will be leveraging other ongoing initiatives moving forward. Wolf suggested minimizing the diversity of requirements generated for systems to handle queries and result sets.
In response to a question about information exchange, Elmore commented that the assumption is that the information behind an organization’s firewall is identifiable. Only in an instance of a public health permitted use would identifiable data be outside the firewall.
Farzad Mostashari noted that Query Health’s strategy has significant architectural and certification implications in the near future. Getting in front of those and considering them early on will be critical. Clarity about the potential timeframe is needed, as it affects work in areas such as quality measurement. The business case for this effort also requires careful consideration.
Gayle Harrell noted that there is a tremendous upside to Query Health, but there is also a significant potential for abuse that may frighten the public. She asked about the role of the HITPC in terms of providing input as this project moves forward. Deven McGraw noted that Query Health will be discussed at the next Privacy and Security Tiger Team meeting. Elmore added that the HITPC and Privacy and Security Tiger Team will be relied on to provide significant input for guiding the future of Query Health. He noted that with the exception of public health, where it is already allowed by law today to send some identifiable information, Query Health will be dealing with aggregated information and will not be exposing individual’s information. The project itself will be trying to drive towards enabling a non-centrally planned use of technology that is under the control of those responsible for the data.
Arthur Davidson discussed the burden faced by organizations trying to participate in these important population-based efforts to analyze and move towards the learning healthcare system. He asked if there has been a discussion at the ONC level regarding the leadership role that either the ONC or the HITPC might play in harmonizing these various data models. Elmore noted that Query Health’s Technical Workgroup is examining these data models with the vision of some harmonization of standards.
It is expected that, from the point of view of keeping it simple for an initial pilot implementation, the pilot will probably create a focus around the clinical record, whether that be an EHR or more of an HIE.