Flexible Accreditation: The Politically Acceptable Key to Accountability — and Interoperability
Guest commentary from Lee Barrett, executive director of the Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit standards-development and accreditation organization.
Information technology has been mature enough to transform health care for years. The HITECH Act has now cemented the business case. The biggest remaining obstacle to achieving the benefits of interoperability -- everything from e-prescribing to truly accessible medical records -- is building trust and confidence among data-sharing partners.
The chief privacy and security threats are already familiar to most: constant breaches, internal snooping and even piratical extortion more creative than what we've seen from Somalia. Clearly, organizations must get their houses in order. But the actions or inactions of their data-sharing partners can also put them at risk with regulators and the marketplace. They need a dose of confidence in the abilities of their application vendors, service providers and peer organizations. Also along those lines, as health care management grows in complexity, organizations are looking for ways to gain assurance regarding technical performance, customer service levels and resource capacity for all business partners.
Health care organizations need a model for controlling risk and vetting data-sharing partners at three levels. The first is the application level. As software moves to the application service provider (ASP) model, by which applications are hosted off-site via Internet, verifying these systems becomes as important as demonstrating reliable technical performance and scalability. The second group is transaction-based service providers, such as claims clearinghouses, e-prescribing services or financial services firms. Beyond assurance that they are HIPAA-compliant and HITECH-ready, provider organizations spend much energy assessing prospective partners' customer support and business processes. Lastly, at the community level, there is a tremendous need for confidence among peers across technical, operational, administrative and all other areas. Regional health information organizations (RHIOs) have an accountability dilemma: No data sharing due to fears about data integrity and no confidence because few have a history of sharing data.
Given the urgent need, what are the industry's options for establishing this accountability? These are discussed in an excellent research paper, New York's Health IT Strategy: RHIO Governance & Accountability. Expanding on that discussion, these are the three main options:
- The laissez-faire or "hands off" approach requires contracts between and among organizations. It's buyer beware. It's also "buyer manage a large number of complex agreements with no practical enforcement mechanism." This model has potential for much litigation.
- The Soviet approach would use central planning and call for hands-on oversight and management by a representative entity (that is, a government agency). To put it mildly, this approach is typically unpopular in the U.S.
- The accreditation approach requires that industry stakeholders work together, through an independent organization using transparent process, to develop standards. This group then confers accreditation on willing organizations. Those who demonstrate excellence use the distinction to their advantage in the marketplace. Accreditation models can be devised that allow flexibility for the candidate in terms of specific tools and methods yet evaluate it against performance standards and criteria that are more results-oriented.
EHNAC -- which gathers consumer groups, payers, hospitals, physicians, security organizations, electronic health network vendors and others to develop standards criteria -- has successfully accredited one type of service provider for years: electronic health networks or, more specifically, claims clearinghouse services. More recently, we have expanded to cover e-prescribing and financial services providers. At the application level, we apply the accreditation approach to ASP-based electronic health records; our beta testing begins in the summer of 2009. At the community level, we're developing an accreditation framework for health information exchange that can be used by RHIOs. That beta program begins in the fall.
We're making great progress, but awareness about accreditation is going to be critical. Provider organizations need to know what accreditation means. They simply need to know to ask the question "are you accredited?" and understand the due diligence that accreditation represents.
As long as provider organizations don't find a satisfactory solution, progress toward interoperability will be delayed. In addition to missing out on productivity, efficiency and quality benefits, health care will continue to rely on paper. And as any quick Internet news search will reveal, paper-based medical records do not necessarily solve accountability problems.