NaviNet Admin on March 27, 2013

2013 NaviNet Expert Interview Series: Thomas Smolinsky, CISSP, Senior Director, Technical Operations, NaviNet

We recently sat down with Thomas Smolinsky, Senior Director, Technical Operations, at NaviNet following the company’s announcement that it had received full accreditation from the Electronic Healthcare Network Accreditation Commission (EHNAC). This recognition is part of EHNAC’s Healthcare Network Accreditation Program (HNAP), which evaluates the security and quality of health data processing and transactions provided by various healthcare entities like NaviNet, including Electronic Health Networks (EHNs) and e-Prescribers. EHNAC’s HNAP accreditation recognizes excellence and documents compliance with industry-established standards and HIPAA regulations.

What exactly does EHNAC accreditation mean to a healthcare IT vendor?
The EHNAC accreditation is a very important certification in our industry. With the rapid changes happening within the compliance arena in healthcare, it is crucial that NaviNet and other healthcare network ecosystem vendors ensure that our constant efforts to meet or exceed the regulatory standards remain on target in terms of privacy, security, and confidentiality. EHNAC is a wonderful resource and periodic measurement to align our Quality System strategies and priorities with the industry standards and expectations.

What types of threats can affect health data processing and transactions?
Essentially, civil rights and rights to privacy are threatened by increasing risk. This dilemma is a broadening topic of discussion from a general perspective. The rapid and aggressive thrust of healthcare IT and its data into the electronic age is outpacing the security, ethics, and current-day thought models. This push is making the emerging issues much less about technology and much more about the emerging risks and implications of private data and the ability to correlate to and from other more public data sources to derive information. We in the healthcare industry must remain mindful and diligent as the Freedom of Information Act and right to privacy continue to collide.

Why is EHNAC accreditation certification important to NaviNet’s customers?
The NaviNet Network connects nearly 70 percent of clinician offices, 350,000 clinical and administrative users, and 2,000 hospital facilities in the United States with dozens of the nation’s largest health insurers. The NaviNet network processes in excess of 800,000 transactions per day. Its triggered clinical intelligence captures and analyzes certain data flowing through the network, applies business rules to interpret the activity, and sends interpretation to the accountable provider, the health plan, or other interested parties in HIPAA-compliant manner.

Transforming healthcare will require secure real-time exchange of clinical and financial information across the continuum of care from patients and caregivers to primary care doctors, underwriters, and population health managers. EHNAC accreditation validates NaviNet’s commitment to provide healthcare data communications integrity in strict compliance with industry best practices that surpass regulatory requirements. As NaviNet expands its products and services to meet the new demands of the dramatic forces reshaping the fundamental business models of payers and providers, the NaviNet platform will include a series of applications—the traditional payer-provider applications, being reinvented for accountable care—plus new capabilities focused on newly available clinical informatics insights. All of these expanded capabilities will require industry-leading regulatory standards adherence and thought leadership around the crucial topics of security, privacy, and data quality.

Is the general public aware of the implications of big data collection and analysis?
It seems to me that the general public has been desensitized to issues of data exploitation. It is overwhelming to ponder the areas in which our private information is stored and handled. The healthcare industry is progressing quickly toward the automation strategies that will improve quality of care and decrease cost, but we must do so with a careful eye on the confidentiality and integrity of the private data as we continue to evolve.

It has not yet become obvious to the general populous that the traditional boundaries and security perimeters for private data are changing rapidly from a traditionally centralized model to a distributed model with the introduction of healthcare information exchange (HIE) and the many accountable care models that the industry is adopting. As a result, IT organizations are no longer in complete control of the computing and data assets but are still considered accountable for the confidentiality, integrity, and overall compliance. Therefore, it is critically important for us to pay close attention to the inherent risk of these fundamental changes and strive to understand the risks so that we can apply sound compensating controls and mitigation strategies during the transition and going forward.

What are some resources a company can use to stay informed on this vital topic?
The resources that I look to most often are the EHNAC website and the HIPAA Survival Guide. EMR & HIPAA and InformationWeek often have good information, articles, blogs, and links to related material. In addition, the International Information Systems Security Certification Consortium (ISC)2 organization, which offers focused certifications (such as CISSP, CAP, SSCP, and CSSLP) and information in the area of information security that carries credibility internationally across regulated industries, is an excellent resource.

What do you think about the Electronic Healthcare Network Accreditation Commission (EHNAC), standards, and HIPAA regulations? Continue the discussion by commenting on our blog, and connecting with us on Twitter, Facebook, and LinkedIn.

Subscribe to Blog

NaviNet, part of NantHealth, is America’s largest interactive healthcare network. Our flagship multi-payer provider website is built on deep payer integration and the innovative use of technology to deliver real bottom-line value for both payers and providers.