With the implementation of the Affordable Care Act pushing hospitals and health systems to provide services more efficiently, a significant number of hospitals, health systems and providers are sharing secure patient information through health information exchanges (“HIEs”), and accountable care organizations (“ACOs”). The advent of both the HIEs and the ACOs are additional opportunities for protected health information to be shared by hospitals, doctors and other providers.
HIEs allow for patient information, including lab tests, imaging tests, prescriptions and treatments, to be shared by the participants in the HIE. The development of these electronic HIEs allow for the secure exchange of health information among entities participating in the HIE. Generally, the rights and responsibilities of those entitled to share the information is governed by participation agreements. Many providers believe that sharing data will improve healthcare and promote not only quality of care, but efficient care, as well. Similarly, the development of ACOs by otherwise independent providers results in more patient information shared in electronic fashion. The advent of both HIEs and ACOs provide another medium for possible breaches of the privacy rule.
The privacy rule requires that covered entities verify the identity and authority of persons requesting Protected Health Information (“PHI”) if the individual requesting it is not known to the entity. The Rule, however, does not specify in great detail the verification that must be made and, thus, there is flexibility that can be applied with regard to HIEs and ACOs.
Generally, in a HIE, the participants agree, by contract or otherwise, to provide to the HIE a list of authorized persons so the HIE can appropriately authenticate users of the network. Documentation required for uses and disclosures may be provided in electronic form, and documentation requiring signatures may be provided as scanned images. It is important from an HIE perspective for the various participants to agree on a common set of privacy safeguards that are appropriate to the risk associated with exchanging PHI to and through the HIE. Similarly, with ACOs, the ACO should establish a common set of privacy safeguards that are appropriate to the privacy risks associated with multiple providers using PHI. These common standards would include a breach notification policy or procedure. To fully understand what must be done, one must have a basic understanding of what is considered a breach.
HIE expansion about supply and demand? Well, if you read this blog regularly, you’ll know that I spend a good bit of time perusing HealthIT.gov. Though it’s not flashy and overwhelming, the site is informative and actually provides a great deal of information, which says a lot since it’s a government property.
What HeatlhIT.gov does well is provide a nice primer of information about a variety of subjects from meaningful use, electronic health records and health information exchanges.
In addition, the site puts everything in plain and simple language for all the world to understand.
For example, take a look at the reasons why health information exchanges are important to the healthcare landscape:
The ability to exchange health information electronically is the foundation of efforts to improve healthcare quality and safety. HIE can provide:
The connecting point for an organized, standardized process of data exchange across statewide, regional and local initiatives
The means to reduce duplication of services (resulting in lower healthcare costs)
The means to reduce operational costs by automating many administrative tasks
Governance and management of the data exchange process
And for good measure, here are a few examples of how health information exchanges are benefiting the healthcare landscape. Some of these concepts are a bit obvious and overstated here, but still this provides a nice starting point in support for the soon to be possible movement.
Benefits of health information exchanges:
Provide a vehicle for improving quality and safety of patient care
Provides a basic level of interoperability among EHRs maintained by individual physicians and organizations
Stimulates consumer education and patients’ involvement in their own healthcare
Helps public health officials meet their commitment to the community
Creates a potential loop for feedback between health-related research and actual practice
Facilitates efficient deployment of emerging technology and healthcare services
Provides the backbone of technical infrastructure for leverage by national and state-level initiatives
I’m not alone in the belief that I feel HIEs’ most important role is one of creating interoperable opportunities to connect physicians and their patients to a web of other care givers and health community members.
It seems that the closer we get to HIEs and their overall acceptance in healthcare, doesn’t it seem like we take two steps back?
What are some of the hurdles keeping HIEs from reaching their full potential? Glad you asked.
Cost has to be the clear front runner. As I’ve previously stated, the questions remain – who’s going to pay for them? The government clearly wants a healthy HIE community because it is believed that they will lead to greater adoption of EHRs while vendors want part of the action so they can charge physicians to transfer data through the networks. Vendors can’t figure out a financial model for them and until they can get someone to pay for them, there may be little movement here.
Another hurdle of HIEs is that for those that exist, the data often exists in silos. Problem with siloed data is that the data doesn’t go anywhere. Sounds a lot like an EHR, but an EHR may be more user friendly and robust. Just saying.
Finally, lack of standards impede their advancement. More development for standards is required for the variety of HIEs to be able to communicate. Profiles, like the need for structured data in EHRs, will help advance the cause and promote their development.
Ultimately, HIE expansion will most likely come down to basic business 101: supply and demand. When the population demands it, we’ll see the supply increase and in so doing, we’ll see cost containment, industry wide standards and completely interoperable systems that will completely open up the health IT market place.
