“What is the ONC?” is a good question for public health, because for the longest time, it seems that health information technology and public health were not connected in the United States (US). ONC stands for “Office of the National Coordinator” which meant “for health information technology (IT)” and so I was used to calling it ONCHIT. Now it is just called HealthIt.gov, and what it is has evolved over time as much as its name.
What is the ONC?
The ONC is the health information technology standards agency at the federal level in the US. You may be surprised to learn that the ONC has only been around since 2009. Before then, you could buy medical records systems that were totally insecure. You probably still can, but the ONC has made that pretty difficult through regulation and other approaches.
What does the ONC do?
The ONC was created as part of the HITECH Act of 2009, which was kind of an edit to the HIPAA act of 1996. The ONC was needed in an emergency capacity, mainly to set tech standards in healthcare so we didn’t have all these slapdash medical record companies putting together crap for software and calling it a database. But it ultimately went on to do more, such as certifying medical records software for “meaningful use”.
Before HITECH, medical records systems would often be set up so that it was not very easy to do reporting. You could look up individual records, but good luck if you wanted to try to do population health with the data. There were really no standards on how to use the software, so places would use it “their way”. Now, with meaningful use standards, medical record systems are forced to produce reports with health metrics on them about the population in the medical records system. Basically, ONC certifies these systems that are able to do that, and those are now the ones that are available.
The overall dream with ONC was health data exchange. I never believed in that dream, because the US healthcare system is too fragmented for something like that to occur at any reasonable cost. Nevertheless, ONC and the federal government have sunk a lot of funding into data exchange, and now we have huge data marts full of health data all over the US just waiting to be breached and overanalyzed.
My Take on the ONC
I was happy when they set up the ONC, because we needed the ONC much earlier than we got it. I needed it in 2004, when a place where I was working was conned into buying some trash that was supposed to be a medical records system. I could tell it was trash because the company didn’t hide it very well, but the way they saw it, all they had to do was charm doctors into believing their impossible promises, and once that happened, the doctors would insist on buying it. This had happened before 2004 to me, but the 2004 experience was particularly painful. Millions of dollars were wasted on a failed implementation, and that money could have gone toward research or patient care.
That being said, since the ONC was set up in 2009, there have been problems. On one hand, it has caused regulation and certification, which is good. But this has driven up two important things: the cost of healthcare, and the amount of data collected in healthcare systems. These two things have caused enormous problems.
Let’s look at the first thing – regulation and certification driving up costs. Where informatics systems are implemented optimally in healthcare in the US – with meaningful use and all that – the care delivery feels very impersonal. Everyone is always doing data entry, including the patients. Everyone is overmeasured – even the people doing the measuring. So while everything appears to be running right, it is a very expensive system to maintain, and the population health outcomes are minimally better at best.
Now the second thing – having piles of data collected about everyone. This has led to constant data hacks and breaches, because these systems are ripe targets. They are a hacker’s dream. The ONC and HITECH have not put in place any sort of regulations the require a certain level of cybersecurity. A hospital can be fined for having employees recklessly share information illegally under HIPAA, but there’s no mechanism to fine it if has bad cybersecurity, because HITECH and ONC don’t obligate facilities to rise to any particular standard. If they did, our health data would be more secure, but costs would go up even more.
So when we ask, “What is the ONC?” we can be assured that it is making and trying to enforce regulations about healthcare technology. The question is whether these regulations are worth what they cost, and if ONC’s current role is really helping the US improve its use of health information technology.
Updated April 9, 2022. Mentoring banner added November 2, 2022. Revised banners July 11, 2023.
Read all the public health alphabet soup posts, and learn about the public health landscape!
Four Levels of Intervention for Public Health: How to Apply This Framework
Four levels of intervention is a framework we use in public health to think about [...]
Apr
Review of Boston University MPH Online Learning Modules for Teaching Graduate Level Public Health Online
If you are learning epidemiology or refreshing your memory of your formal study of it, [...]
Mar
US Public Health Alphabet Soup Explained: What is the AHRQ?
Want to know what AHRQ stands for, what it does, and how all that relates [...]
Jul
US Public Health Alphabet Soup Explained: What is the APHA?
Curious about the American Public Health Association (APHA) – what it does, and where it [...]
Jul
US Public Health Alphabet Soup Explained: What is the ASPPH?
Are you aware of the ASPPH as a public health organization, but you just don’t [...]
Jul
US Public Health Alphabet Soup Explained: What is the BPHC?
The United States (US) Bureau of Primary Healthcare (BPHC) is the federal agency that funds [...]
Jul
US Public Health Alphabet Soup Explained: What is the CDC?
The United States (US) Center for Disease Control and Prevention (CDC) was in the spotlight [...]
Jul
US Public Health Alphabet Soup Explained: What is the CEPH?
What is the CEPH, and how does it relate to the other organizations in US [...]
Aug
US Public Health Alphabet Soup Explained: What is the CMS?
You might wonder what CMS – the Centers for Medicare and Medicaid Services – actually [...]
Aug
US Public Health Alphabet Soup Explained: What is the DHHS?
My answer to, “What is the DHHS?” is, “A failed department”, but it is important [...]
Aug
US Public Health Alphabet Soup Explained: What is the FDA?
Can you name categories other than “food” and “drugs” that are regulated by the FDA [...]
Mar
US Public Health Alphabet Soup Explained: What is the HRSA?
“What is the HRSA?” can be answered two ways: with a short answer, and a [...]
Apr
US Public Health Alphabet Soup Explained: What is the IHS?
“What is the IHS?” is a reasonable question to ask, because there are a few [...]
Apr
US Public Health Alphabet Soup Explained: What is the MHS?
“What is the MHS?” is a question not always asked by public health data scientists, [...]
Apr
US Public Health Alphabet Soup Explained: What is the NACCHO?
You may already know that NACCHO is NOT cheese – but what is it? It’s [...]
Apr
US Public Health Alphabet Soup Explained: What is the NIH?
Wondering what we mean by the National Institutes of Health (NIH)? In my blog post, [...]
Mar
US Public Health Alphabet Soup Explained: What is the ONC?
“What is the ONC?” is what I used to ask before I realized it involves [...]
May
US Public Health Alphabet Soup Explained: What is the SAMHSA?
What does the SAMHSA actually do for mental health and substance abuse patients in the [...]
May
US Public Health Alphabet Soup Explained: What is the VA?
What is the VA – which stands for Veterans Affairs? This United States federal agency [...]
Apr
“What is the ONC?” is what I used to ask before I realized it involves health technology. Although ONC just means “Office of the National Coordinator”, this agency is now known as HealthIT.gov, as I explain in my blog post.
