Loonsk: More organizations should join health network

Dr. John Loonsk, chief medical officer at CGI Federal, served as director for interoperability and standards within the Office of the
National Coordinator for Health Information Technology at the Department of Health and Human Services from 2005 to earlier this year.  While there, he played a key role in the early development of the Nationwide Health Information Network strategy.

Loonsk recently talked to Federal Computer Week about the NHIN and what it needs to succeed.

FCW: How do you see the relationship between IT advances and policy? That is, does the technology tend to dictate policy, or does policy shape the direction of technological development? And do you think the relationship as it is is healthy? If not, how should it change?

Loonsk: It is most healthy for technology and policy to work closely together and to not have either one completely drive the other. This relationship is especially important when an industry is in the early stages of becoming electronic and there is a lot of change. In practice, things seem to frequently swing more to either one side driving or the other. In the new administration, there seems to be a swing to the policy side in Health IT leadership.

There are at least a couple of issues when policy is driving technology. First, the specific decisions needed to manage the changes the technology brings may not be addressed (policy people do not like to be driven by the technology). Second, as policy tends to be driven by political agendas, be they bad or good, technical advancement may be suppressed or malformed by the constraints of these agendas that do not fit well with what technology can actually do well.

FCW: The Social Security Administration became the first federal agency to connect to NHIN Connect. The target is to add eight agencies in 2009. Is this moving quickly enough? 

Loonsk: As things now stand, the NHIN is not being advanced fast enough to avoid substantial national investment in technologies that still do not support the goals of interoperability and internet-worked health care.

To get broad NHIN public and private participation, there needs to be enough organizations connected or incentives for participation so that it is disadvantageous for other organizations to not be connected. This threshold has not yet been reached. Today, there are still more reasons for health care organizations to stay isolated or only connect in a one-to-one manner to a limited number of trading partners. By analogy, the Internet would never have taken off if it remained at a similar stage where, for example, you would have to establish a dedicated network with each Web site that you wanted to access.

FCW: Is the NHIN secure enough to protect sensitive patient medical information?  If not, how should it be changed?

Loonsk: The technical security of the NHIN specifications is quite good. As is true elsewhere, the most difficult security issues relate more to the human practices than the technology itself.

For the NHIN, the human factors are about the practices in participating organizations and are governed more through the stipulations of HIPAA / HITECH and the NHIN Data Use and Reciprocal Support Agreement (DURSA) than through the technologies involved. The DURSA, in particular, plays a critical role in establishing a “chain of trust” that would see that the practices in connected organizations are sensitive to the obligations those organizations have to others and to ensuring that abuses are addressed.