August 18, 2009

Health Information Exchange

I attended a conference recently where health information exchange (HIE) was discussed. One of the presenters asserted that the technological aspects of HIEs are easy problems to solve compared to developing governance that can be agreed upon by all stakeholders. I will discuss these two HIE issues in this session.
Health information exchange is one of the three legs of the stool of essentials necessary for exchange of clinical information among providers who use electronic medical records (EMRs.) The other two legs are EMR adoption by providers and hospitals and utilization of standards. HIEs are a major component of the infrastructure that will enable information exchange in the future. Recall that exchange of information is one of the key requirements of the evolving definition of Meaningful Use under the American Recovery and Reinvestment Act. Many HIE projects have been developed over the last 10-15 years. One of the lessons learned is that the successful development and implementation of HIEs is difficult to achieve. There have been many failures. A standardized approach has not been adopted and communication of lessons learned has been challenging.
A time consuming and difficult step in creation of HIEs has been the development of a governance structure. This requires a collaboration of multiple stakeholders. These participants often have conflicting agendas. It is not unusual for the development of a governance structure to take one to three years. Regional alignment of stakeholders and sharing of common organizational missions may expedite the process.
The governance model results in preparation of a business plan, rules for adoption of a robust privacy and security policy( including consumer information sharing consent policies), data sharing agreements, and selection of technologies to be utilized as well as vendor selection.
Technical issues are not trivial. Security and privacy considerations include developing the means of authorization, authentication, data encryption, and consent management. Many HIEs will need to provide master patient indices, master provider indices, de-identification services, data repositories, data registries, and database management services such as data warehousing.
I think there is a good argument for utilizing a different approach from the traditional HIE. A web-based business could offer all the technical features through careful selection and integration of the products of several current vendors. The governance conundrum could be handled by development of thoughtful policies and procedures for the business. A key element would be carefully crafted data use and sharing agreements (DURSA). Security and privacy provisions must meet or exceed HIPAA requirements. Then the package could be sold as a subscription service-similar to cable TV or cellular phone service. The painful development of governance structures could be circumscribed. The whole process of developing functioning HIEs should be accelerated significantly. Now is the golden period for private enterprise to step in and develop new HIE models. Sharing of information no longer will be optional for providers, labs, x-ray facilities, hospitals and others under provisions of ARRA.