- Efforts to increase data sharing among HHS agencies are hampered by the lack of a transparent and standardized protocol, a new report from the department's Office of the Chief Technology Officer finds.
- While isolated successes in interagency data sharing have occurred, an enterprise-wide data-sharing framework is needed to efficiently scale.
- The report identifies an array of legal, technical and cultural challenges to enterprise-wide data sharing, along with next steps to advance HHS goals.
HHS and ONC have championed the need for interoperability in healthcare. At HIMSS18, CMS Administrator Seema Verma warned that the days of information blocking are over and hospitals must update their EHRs 2015 certification and open APIs to ensure data sharing.
This report shows how difficult that can be task can be — not just for disparate healthcare organizations, but also for agencies within the department. A team led by HHS Chief Data Officer Mona Siddiqui talked with officials and staff at 11 HHS agencies about the challenges and opportunities they face in exchanging data. The agencies included CMS, FDA, NIH, the Centers for Disease Control and Prevention and the Agency for Health Care Quality.
Chief among those challenges is the absence of standardized processes for agencies to request data from sister agencies and accountability for their responses. A number of agencies had a group in charge of data governance at the agency level and no systemic means of tracking requests and outcomes. One person said data-sharing requests at their agency are traced through an email inbox, and if the person overseeing the mailbox can't respond, the request is forward to other staff.
"The lack of standardization at the departmental level for data governance and sharing, the lack of accountability for timely response to requests, and the fact that data are largely kept in silos, often results in HHS agencies having no means to access interagency data in an efficient way," according to the report.
Another challenge is that some agency programs still don't share data in multiple machine-readable formats, creating extra work for data analysts when data is exchanged. Agencies also worry about misuse or misinterpretation of data once it is shared. "Misuse of data is an issue," one agency worker said. "We monitor this on a monthly basis." While all agencies track who has access to sensitive data, the methods are inconsistent and can be complicated, the report says.
Meanwhile, efforts to draw up interagency data sharing agreements have been hindered by a host of federal and state privacy laws and regulations, including HIPAA and the Confidential Information Protection and Statistical Efficiency Act, the report adds. It notes, for example, disagreement among agencies over how to interpret "research" and "public health" in the HIPAA statute.
Other obstacles include risk management strategies that are intended to mitigate mishandling of personal information, but can inhibit data sharing, and resource constraints. According to the report, at least seven agencies said they lack sufficient staff to meet current demand for data sharing.
HHS is taking steps to address these challenges. Identifying use cases and harmonizing data governance into a central function are early priorities, as is developing a strong IT infrastructure to facilitate workflow, data analysis and data acquisition. The report recommends HHS use existing interagency and data use agreements where possible, but also consider regulatory reforms.
HHS is also working to build workforce capacity and has begun data science training programs for department and agencies staffs.
"Efforts are underway to construct an enterprise-wide data sharing framework, through validation and collaboration with agencies and using an agile development approach," the report says. "Ultimately, success will require a long-term investment, continued collaboration, and the iterative demonstration of value from data to drive the culture change essential to transforming HHS."