Federal Government Releases Updated DURSA for NHIN Participants

by | Dec 7, 2011 | HIE & HIN

Federal Government Releases Updated DURSA for NHIN Participants

An Amended and Restated DURSA dated May 3, 2011 was released November 30, 2011.  The DURSA is an acronym for the “Data Use and Reciprocal Support Agreement.”  It is a comprehensive agreement to govern the exchange of health data through the Nationwide Health Information Network Exchange (NHIN).  It is a multi-party single agreement that establishes the rules of engagement and obligations to which all Participants agree and that all Participants sign as a condition of joining the NHIN community. A clean copy of the updated DURSA can be downloaded from the NHIN’s Participant “Onboarding” Website, or by clicking here. The Office of National Coordinator (ONC) has also posted a Redline version comparing the most recent May 2011 version of the DURSA against its predecessor (scroll all the way down to the “DURSA” subcategory). 

According to a PowerPoint posted by the ONC that summarizes all the changes to the November 2009 version of the DURSA, here are some of the more significant ones that NHIN Participants can expect:

  • The term “Nationwide Health Information Network” is defined more broadly, and ONC is phasing out its use altogether.
  • The composition of the Coordinating Committee is being downsized/reduced significantly. ONC indicated that the current composition is not scalable given the rapid growth in the number and type of Participants.
  • The definition of “Permitted Purposes” has been revised to support varied types of transactions and not preclude legitimate reasons to transact Message Content including treatment, payment, limited healthcare operations with respect to the patient that is the subject of the data being exchanged, public health activities, meaningful use and disclosures based on an authorization from the individual.
  • Each Participant is required to (i) validate information about its Users prior to issuing the User credentials; (ii) use the credentials to verify the identity of its Users before enabling the User to transact Message Content; and (iii) provide truthful assertions.  The November 2009 version did not specifically require Participants to “identity proof” their Users or explicitly require a Participant to submit truthful information in the assertions and statements that accompany a Message.  At the time, the DURSA developers assumed that these issues would be addressed in the Specifications, but they were not.
  • Combines duties of a responder and requestor into duties of a Submitter, and adds that Messages must comply with Applicable Law, the DURSA, Operating P&P, applicable Performance and Service Specifications. Submitter must represent that all assertions or statements related to the submitted Message are true and accurate. Also, it is the responsibility of the Submitter – the one disclosing the data – to make sure that it has met all legal requirements before disclosing the data, including, but not limited to, obtaining any consent or authorization that is required by law applicable to the responding Participant.
  • Removed 24 notice requirement to Coordinating Committee before suspending a Participant.  Recognized that process is onerous.  Participant can now be voluntarily suspend from 5-10 days.

The government noted that the process has proven itself inefficient and has impeded the ability to amend [Operating Policies and Procedures, and technical specifications]……

  • The November 2009 version required 2/3 of non-governmental and 2/3 of governmental Participants to approve all changes to the Operating policies and procedures.  The government acknowledged that this process has proven itself inefficient and has impeded the Coordinating Committee’s ability to revise the Operating Policies and Procedures.  In the May 2011 version, the process for revising and adopting new Operating Policies & Procedures has been revised.  Prior to approving new Operating P&Ps, Coordinating Committee will solicit comments from the Participants.  There will be a 30 day objection period once the Coordinating Committee approves new or amended Operating P&P.  New or amended Operating P&Ps go into effect unless 1/3 of the Participants object.  If 1/3 object, then 2/3 of non-governmental and 2/3 of governmental Participants must approve before the new or amended OP&Ps become effective.
  • In the Nov 2009 version, approval of new or amended Performance and Service Specifications required the Coordinating Committee to make a determination of “materiality,” which then dictates the Technical Committee’s process of approving the Spec change.  The government noted that the process has proven itself inefficient and has impeded the ability to amend the Performance and Service Specifications and adopt new Performance and Service Specifications.  With the new May 2011 version of the DURSA, new and amended Performance and Service Specifications will be approved in the same way that new and amended Operating P&Ps are approved.

Share this:

If you are not a subscriber to our backend Legal HIE compliance library, download our Table of Contents here to check out all of the tools, checklists, whitepapers, sample policies we make available to our members to help their organizations comply with Information Blocking, HIPAA, 42 CFR Part 2, Data Breaches and more. Ready to subscribe now? Click here to review our subscription options.

Archives