So in our RFI, we proposed, again, a voluntary structure where there would be a regulatory validation, accreditation, certification, rather involved process, for the potential conditions for trusted exchange, that covered those security and business practices and we also asked whether the time was right for implementing such a regulatory framework, for establishing, for evolving and for enforcing these conditions.
I want to thank everyone here. We had a lot discussions with the policy committee. Many of you, independently, submitted comments on and responded to our request for information. We got over 140 comments from the public and they were quite detailed and they really told a story.
First and foremost, we heard interestingly that, we had done this because we expected there would be a big demand for such a validation process. We were, it was interesting, what we heard was, actually. 'Listen guys, there is a lot happening, there is a lot of good information exchange that's occurring today, perhaps more than is widely appreciated.' And what we heard was, that these activities are quite diverse in their architecture and in their business models, and one concern that we heard across almost every response was that regulation at this time may actually slow the development of trusted exchange -- if it is implemented prematurely.
So, our goal is to increase information exchange not to hobble it or hinder it in any way, and it was something that we have to listen to carefully.
One of the things we heard was, and there is some recent news, and announcements that tie into this, for example, the NwHIN exchange, spinning off into a public-private partnership, in healthy ways, and potentially, those emerging governance activities could serve, instead of freezing everything in place while people wait for the regulations to come out and the NPRM, and the comments on the NPRM and then a final rule, maybe we could just move ahead with offering, and I'll get to how to accomplish the goals in a non-regulator way, but the suggestion was there is a lot that's already happening.
If you take the Direct project, there has been a lot of questions, Gail just referenced them, about how exactly might the certificates work and well that Direct community spun off an existing governance body called Direct Trust, and they're working through a lot of the issues, and we've been able to offer guidance to our state health information exchange grantees that Direct Trust has now taken onboard.
So, the concern was really, that as we're accelerating the implementation and expectations for standards-based exchange in Stage 2 that we could ill afford a pause while a regulatory process takes its course. And, as a result we've decided that now is not the time, probably, to pursue a regulatory approach that follows what we laid out in the RFI.
So, what can we do to help?
One thing we heard was that we should provide that framework of enduring principles, policy principles. to guide those emerging governance models. And we will do that. Indeed, the policy committee has already provided much of those policy principles that we can affirm as the foundation.
We heard that we should identify and shine a light on those good practices that support robust, secure information exchange. Some of the emerging governance models, to actively, more actively, engage with them, and, we will do that.
We heard we should build on exiting approaches, particularly on interoperability, to take real interoperability problems and use non-regulatory approaches, convening approaches, as well as our certification program, to address those real interoperability issues, and we will do that.
We heard we should build on existing regulatory frameworks around consumer protections and privacy and not duplicate regulations as they relate to, for example, intermediaries. So, we should do that.
And, I want to assure you that, as we continue to follow the approach that we've laid out here to try to take what steps we can, whether it's through working with the existing governance entities that are out there issuing the guidance and clarity around that, solving real interoperability problems, providing those models and best practices, we're going to learn and we're going to continue to monitor what's happening and if at some point it turns out that people are coming to us and saying, no, no, no, we really do want, we want this, right, if there are systemic issues, problems, market breakdowns, that are actual, proven, systemic problems, let me assure you our proclivity, our tendency, our instincts are towards action, and, you know, sometimes we have to have the better part of valor is knowing when not to act, however much it goes against our general feelings about, you know, we need to do something, but we need to do something, we're going to do something, and if it ever turns out that it makes sense to go back to a regulatory approach, whether it was outlined in the RFI or a modification of it, you're going to be the first to hear, because we're going to come back to the policy committee, we're going to review what we've learned, what are we seeing and we're going to take it up again.
So, there aren't going to be any surprises in this, as in anything else, and I just wanted to let you know that we want to let everybody know, really, in terms of what we're thinking based on the feedback that we got from that request for information.