On August 4, the Department of Health and Human Services (HHS) released an Advanced Notice of Proposed Rule Making (ANPRM) on metadata standards to support a nationwide electronic health information exchange. Section 3001 of the Health Information Technology for Economic and Clinical Health (HITECH) Act provides for the Office of the National Coordinator for Health Information Technology to develop a nationwide health information technology infrastructure including standards for metadata. The HIT Policy Committee suggested steps earlier this year to achieve the vision of the infrastructure contemplated under HITECH. A first step is the establishment of a minimal set of standards for metadata that could be attached to a patient summary care record. The purpose of the ANPRM is to solicit broad public comment on the proposed metadata standards.
What is “metadata”? Metadata is commonly referred to as “data about data” or “data that provides more information or detail about a piece of data.” For example, metadata can tell you when a piece of data was created, accessed, modified and by whom. The ANPRM divides the metadata standards into three categories: 1) patient identity, or data elements about the patient; 2) provenance, or data elements about the source of the clinical data; and 3) privacy, or data elements about the types and sensitivity of the clinical data. The ANPRM sets forth proposed standards for each of these categories. Overall, HHS recommends that the HL7 CDA R2 requirements be adopted for all three categories in order to provide the widest coverage across the metadata elements. However, it does recognize that there are limitations to these standards in each category.
Proposed Metadata Standards
Impact to Healthcare Providers
The initial impact of the standards will be on electronic health record vendors to develop the technology allowing providers to comply with the proposed metadata standards. After development, providers will then need to upgrade their EHR to comply with the HITECH standards for metadata. Those providers who have a more customized EHR may find themselves having to standardize certain forms to meet the metadata standards. Providers will need to have internal privacy policies in place and aggressive policy revisions as new regulations are proposed, to accommodate the policy pointer element. Staff training and education on the existence and anticipated use of the metadata elements will also be needed. Collaboration between healthcare IT and privacy professionals is imperative for implementation of the privacy metadata elements. HHS expects that once the EHR technology is able to apply the metadata standards, healthcare providers will develop innovative ways to use the capability, such as appropriately filtering data prior to making any disclosure for additional privacy/security protection and processing information for quality improvement and quality measurement.