Setting up the Health Information Exchange architecture

Since President Bush declared his desire for an electronic medical record for every American within 10 years and establishing the Office of the Coordinator of Health Information Technology in 2004, the public and private sector has been hard at work. At this week’s Health Information Technology (HIT) Symposium at MIT in Cambridge, Mass., speakers explained the efforts to date.

One of the biggest projects has been creating a common framework for health information exchange, the Markle Foundation’s Connecting for Health workgroups focused on three areas:

1. Technology standards and adoption
2. Policy framework for successful implementation
3. Consumer access and participation

Using, sharing and protecting information are the key issues to address, said J. Marc Overhage, MD, Ph.D., FACP, FACMI, president and CEO of the Indiana Health Information Exchange. Authentification, patient identification, patient access, and how to handle breaches “are critical questions to think about at this early stage,” he said.
The common framework allows for data sharing via a network of networks, which is called the National Health Information Network. Regional groups linked to the NHIN are called sub-network organizations or SNOs. The other component is a record locator service (RLS), which is like a phone book listing, Overhage said. Only authorized participants can access the information. An RLS is an index containing patient demographic information and the location of a patient’s medical records. It does not contain clinical information. Obtaining the clinical record is a separate transaction not involving the RLS. Participating entities decide whether to put record locations into the RLS. The RLS is designed to take a query in the form of demographic details and return only the location of matching records. Each SNO can develop greater functionality.

Marcy Wilder, an attorney with Hogan & Hartson LLP, then explained policies developed for information sharing. A SNO brings together a number of providers and other health information sources which are linked by contract and an agreement to follow common policies and procedures.

The workgroup established baseline privacy protections and participants can follow more protective practices, Wilder said. The protections are based on HIPAA rules and regulations but some policies offer greater privacy protections. “HIPAA is a floor but not always sufficient in this environment,” she said. The workgroup intended for the privacy protections to be customized to reflect participants’ circumstances and state laws.

Patients must be given notice that the institution participates in an RLS and provide them the opportunity to remove their information from the index. Since HIPAA already requires providers to inform patients about their privacy rights, this common framework requirement is easy to add to their policies and procedures.

Uses and disclosures of health information was another main consideration. Networked heath information environments include higher volumes of easily collected and shared health data, thereby increasing privacy risks, Wilder said. Issues raised by the workgroup included proper purpose specification, collection, and use of health information. They decided that the focus should be on proper and improper uses of health information, not on who is allowed to participate in any particular SNO. Recommendations include uses of data for treatment, payment and operations, law enforcement, disaster relief, research, and public health. Recommendations also require monitoring of access to health information and an ability to determine and record who has access to health information and when. These provisions exceed those required by HIPAA.

Patient access to their own information was the third major topic addressed by the workgroup. The ability to effectively access personal health information could be significantly enhanced with the use of new technologies, Wilder said. She said that the workgroup decided that patients should be able to access the RLS because this will empower them to be more informed and active in their care. However, significant privacy and security concerns exist regarding giving patients direct access at this stage. The framework says that each SNO should have a formal process through which information in the RLS can be requested by a patient or on a patient’s behalf. Participants and SNOs shall consider and work towards providing patients direct, secure access to the information about them in the RLS.

Lastly, breaches of confidential information was addressed by the workgroup. Security experts assure us that breaches will occur in even the most secure environments, Wilder said. So, workgroup members discussed what policies a SNO should have regarding breaches of confidentiality of patient data and who should be notified of breaches and when. Is a breach a reason for a participant to withdraw from the SNO? Should special rules for indemnification apply in the case of a breach? There are many questions in this area and Wilder pointed out that there are more and more state laws in this area. “The laws are expanding and changing and we need to pay attention to the changes.” The recommendations made in this area strike a balance between levels of institutional and SNO responsibility for breaches and the goal of notifying patients in the event of a breach.