ONC Announces Secure API Server Showdown Challenge | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

ONC Announces Secure API Server Showdown Challenge

October 11, 2017
by Rajiv Leventhal
| Reprints

The Office of the National Coordinator for Health IT (ONC) has announced a new challenge that will invite interested stakeholders to build secure FHIR servers using current industry standards and best practices.

In a blog post announcement, ONC introduced the Secure API Server Showdown Challenge, which aims to identify unknown security vulnerabilities in the way open source FHIR servers are implemented, and will result in a hardened code base from which all stakeholders can benefit as they deploy FHIR servers in the future.

The post, from Steven Posnack, director, office of standards and technology, ONC, noted that the Health Level 7 (HL7) Fast Healthcare Interoperability Resources (FHIR) standard was released as a first draft standard for trial use in 2014 for implementation in health IT software. Posnack wrote that, “FHIR standard’s security page notes, however, that FHIR ‘is not a security protocol, nor does it define any security related functionality’ so it needs to be paired with appropriate security standards when it comes to deploying, for example, a production-grade FHIR server.”

To this point, Posnack said that many security standards already exist for web services and can be applied to FHIR. Specific to health IT, the Argonaut Project’s Data Query Implementation Guide, being deployed by many health IT developers, points to the SMART APP Authorization Guide for its security layer. “Implementing security in health IT is necessary and some of the specifications are not for the faint-hearted, but it’s important that the industry gets as much experience as possible when deploying secure, FHIR servers,” he wrote.

As such, ONC’s challenge will include two stages. In the first stage, participants will each develop and submit for judging a secured FHIR server. Three winning servers will be chosen to advance to the second stage, where they will face teams of security minded people vying to find security vulnerabilities, according to Posnack.

2018 Raleigh Health IT Summit

Renowned leaders in U.S. and North American healthcare gather throughout the year to present important information and share insights at the Healthcare Informatics Health IT Summits.

September 27 - 28, 2018 | Raleigh


/news-item/interoperability/onc-announces-secure-api-server-showdown-challenge
/article/interoperability/ehr-compatible-pharmacist-care-plan-standard-opens-door-cross-setting-data

EHR-Compatible Pharmacist Care Plan Standard Opens the Door to Cross-Setting Data Exchange

September 14, 2018
by Zabrina Gonzaga, R.N., Industry Voice
| Reprints
Pharmacists drive information sharing towards quality improvement

Pharmacists work in multiple environments—community, hospital, long term care, clinics, retail stores, etc.—and consult with other providers to coordinate a patient’s care.  They work with patients and caregivers to identify goals of medication therapy and interventions needed, and to evaluate patient outcomes.  Too often, pharmacy data is trapped in a silo and unavailable to other members of the care team, duplicated manually in disparate systems which increases clinical workloads without adding value.

To address these issues, Lantana Consulting Group and Community Care of North Carolina (CCNC) developed an electronic document standard for pharmacist care plans—the HL7 Pharmacist Care Plan (PhCP). The project was launched by a High Impact Pilot (HIP) grant to Lantana from the Office of the National Coordinator for Health Information Technology (ONC).

Before the PhCP, pharmacists shared information through paper care plans or by duplicative entry into external systems of information related to medication reconciliation and drug therapy problems. This documentation was not aligned with the in-house pharmacy management system (PMS). The integration of the PhCP with the pharmacy software systems allows this data to flow into a shared care plan, allowing pharmacists to use their local PMS to move beyond simple product reimbursement and compile information needed for quality assurance, care coordination, and scalable utilization review.

The PhCP standard addresses high risk patients with co-morbidities and chronic conditions who often take multiple medications that require careful monitoring. Care plans are initiated on patients identified as high risk with complex medication regimes identified in a comprehensive medication review. The PhCP is as a standardized, interoperable document that allows pharmacist to capture shared decisions related to patient priorities, health concerns, goals, interventions, and outcomes. The care plan may also contain information related to individual health and social risks, planned interventions, expected outcomes, and referrals to other providers. Since the PhCP is integrated into the PMS or adopted by a software vendor (e.g. care management, chronic management, or web-based documentation system), pharmacist can pull this information into the PhCP without redundant data entry.

Webinar

Safety & Unintended Consequences of Interoperability: Establishing High Reliability Principles & Techniques

Interoperability may seem like just a technology challenge, but in actuality it is a people, process, and technology challenge. Healthcare systems increasingly look to create high-reliability...

The PhCP allows pharmacists for the first time to share information with support teams and paves the way for them to support value-based payment. The project goals align with the Center for Medicare & Medicaid Services’ (CMS’) value-based programs, which are part of the Meaningful Measure Framework of improved care team collaboration, better health for individuals and populations, and lower costs.

Scott Brewster, Pharm.D., at Brookside Pharmacy in East Tennessee, described the PhCP as a tool that helps them enhance patient care delivery. “From creating coordinated efforts for smoking cessation and medication utilization in heart failure patients, to follow up on recognized drug therapy problems, the eCare plan gives pharmacists a translatable means to show their value and efforts both in patient-centered dispensing and education that can reduce the total cost of care.” (The eCare plan reference by Scott Brewster is the local term used in their adoption of the PhCP).

The pilot phase of the project increased interest in exchanging PhCPs within CCNC’s pharmacy community and among pharmacy management system (PMS) vendors. The number of vendors seeking training on the standard rose from two to 22 during the pilot. Approximately 34,000 unique care plans have been shared with CCNC since the pilot launch.

This precedent-setting pilot design offered two pharmacy care plan specifications: one specification is based on the Care Plan standard in Clinical Document Architecture (CDA); the other standard is a CDA-on-FHIR (Fast Healthcare Interoperability Resources). The latter specification directly transforms information shared using the FHIR standard into CDA. FHIR is straight forward to implement than CDA, so this is an appealing option for facilities not already using CDA. The dual offerings—CDA and CDA-on-FHIR with lossless transforms—provide choice for implementing vendors while allowing consistent utility to CCNC.

What’s on the horizon for the pharmacy community and vendors? With the support of National Community Pharmacists Association (NCPA), the draft standards will go through the HL7 ballot process for eventual publication for widespread implementation and adoption by vendors. This project will make clinical information available to CCNC and provide a new tool for serving patients with long-term needs in the dual Medicare-Medicaid program and Medicaid-only program.  This is a story about a successful Center for Medicare and Medicaid Innovation (CMMI)funded project that started out as a state-wide pilot and is now rolling out nationwide as Community Pharmacy Enhanced Service Network (CPESN)USA. 

The PhCP is based on a CDA Care Plan standard that is part of ONC’s Certified EHR Technology requirements, so it can be readily implemented into EHRs. This makes the pharmacist’s plan an integral part of a patient’s record wherever they receive care. 

Adoption of the PhCP brings pharmacies into the national health information technology (HIT) framework and electronically integrates pharmacists into the care planning team, a necessary precursor to a new payment model and health care reform. In addition, receiving consistently structured and coded pharmacy care plans can augment data analysis by going beyond product reimbursement to making data available for, utilization review, quality assurance and care coordination.

Troy Trygstad, vice president for Pharmacy Provided Partnerships at CCNC, described the strategic choice now available to pharmacists and PMS vendors. “Fundamentally, pharmacy will need to become a services model to survive. Absent that transformation, it will become a kiosk next door to the candy aisle. The reasons vendors are buying into the PhCP standard for the first time ever is that their clients are demanding it for the first time ever."

The move to value-based payment will continue to drive the need for pharmacists, as part of care teams, to provide enhanced care including personal therapy goals and outcomes. Sharing a medication-related plan of care with other care team members is critical to the successful coordination of care for complex patients.

Zabrina Gonzaga, R.N., is principal nurse informaticist and director of health informatics at Lantana Consulting Group and led the design and development of the PhCP standard. 

Email:  zabrina.gonzaga@lantanagroup.com

Twitter: @lantana_group

 


More From Healthcare Informatics

/news-item/interoperability/health-it-now-pushes-information-blocking-regulation-says-administration

Health IT Now Pushes for Information Blocking Regulation, Says Administration “Must Uphold its End of the Bargain”

September 13, 2018
by Rajiv Leventhal, Managing Editor
| Reprints

The executive director of Health IT Now, a coalition of healthcare and technology companies, is again criticizing the Trump administration for not yet publishing any regulation on information blocking, as required by the 21st Century Cures Act legislation.

In an op-ed published recently in STAT, Health IT Now’s Joel White wrote, “More than 600 days after the enactment of the Cures Act, not a single regulation has been issued on information blocking.” White added in frustration, “Health IT Now has met with countless officials in the Trump administration who share our commitment to combat information blocking. But those sentiments must be met with meaningful action.”

The onus to publish the regulation falls on the Office of the National Coordinator for Health IT (ONC), the health IT branch of the federal government that is tasked with carrying out specific duties that are required under the 21st Century Cures Act, which was signed into law in December 2016. Some of the core health IT components of the Cures legislation include encouraging interoperability of electronic health records (EHRs) and patient access to health data, discouraging information blocking, reducing physician documentation burden, as well as creating a reporting system on EHR usability.

The information blocking part of the law has gotten significant attention since many stakeholders believe that true interoperability will not be achieved if vendors and providers act to impede the flow of health data for proprietary reasons.

But ONC has delayed regulation around information blocking a few times already, though during an Aug. 8 episode of the Pulse Check podcast from Politico, National Coordinator for Health IT Donald Rucker, M.D., said that the rule is "deep in the federal clearance process." And even more recently, a bipartisan amendment to the U.S. Senate's Department of Defense and Labor, Health and Human Services, and Education Appropriations Act for Fiscal Year 2019 includes a requirement for the Trump administration to provide Congress with an update, by September 30.

White, in the STAT piece, noted a June Health Affairs column in which Rucker suggested that implementation of the law’s information blocking provisions would occur “over the next few years.” White wrote that this is “a vague timeline that shows little urgency for combating this pressing threat to consumer safety and stumbling block to interoperability.”

Health IT Now is not alone in its belief that the rule should have been published by now, nor is it the first time the group is bringing it up. Last month

Related Insights For: Interoperability

/whitepaper/are-you-data-blocker-how-fit-onc-s-new-interoperability-framework-and-regulation

Are You a Data Blocker? How to Fit into ONC’s New Interoperability Framework and Regulation

Please register to download


By the end of this year, ONC’s implementation and interpretation of data blocking will also be published and available for comment, as was the case with the TEFCA proposed rule. The TEFCA final rule is also anticipated by the end of 2018.

HOWEVER…there’s still time to prepare for TEFCA and the data blocking regulation, and final rules for both in the coming months will set concrete timelines, and for TEFCA it will be interesting to see how ONC reacts to stakeholder comments, internal and external.

See more on Interoperability