Health Affairs

Health Affairs, 24, no. 5 (2005): 1170-1179 doi: 10.1377/hlthaff.24.5.1170 © 2005 by Project HOPE	New Online   Getting Health Reform Done   After the State of the Union   Incremental Reform   E-Health in Developing World   Most-Read Articles in 2009

This Article Abstract Reprint (PDF) Submit a response to this article Alert me when this article is cited Alert me when Comments are posted Alert me if a correction is posted Services E-mail this article to a friend Similar articles in this journal Similar articles in Web of Science Similar articles in PubMed Alert me to new issues of the journal Add to My Personal Archive Download to Citation Manager Reprints & Permissions Citing Articles Citing Articles via HighWire Citing Articles via Web of Science (3) Citing Articles via Google Scholar Google Scholar Articles by Halamka, J. Articles by Diamond, C. Search for Related Content PubMed PubMed Citation Articles by Halamka, J. Articles by Diamond, C. Related Collections Health Reform Quality Of Care Research And Technology State/Local Issues Health Information Technology

Implementation

Exchanging Health Information: Local Distribution, National Coordination

John Halamka, J. Marc Overhage, Lygeia Ricciardi, Wes Rishel, Clay Shirky and Carol Diamond

Abstract

 
The fragmentation of our health care system, our need to accommodate the diversity of existing health information exchanges, the lack of consistent implementation of clinical information standards, and the need to protect patients’ privacy and maintain trust are all challenges to overcome in achieving broad-scale interoperable health information exchange. We propose several steps to coordinate information sharing among regional and other networks through universal adherence to a basic framework of policies and standards. The critical policy action is the identification of a "common framework" of standards and policies, maintained by a new Standards and Policy Entity that reflects both public- and private-sector participation.

Participants in the U.S. health care system face the need to exchange personal health information at three levels: among patients and providers within an enterprise, across a community, and across the country. Although adoption of electronic health records (EHRs) in the United States has been slow, organizations that have introduced them have often instituted local approaches to facilitate information exchange among components of their organizations—between the pharmacy and nursing unit or between the lab and physician’s office, for example.

Several communities have begun working on regional information exchanges, in which multiple, sometimes competing, organizations agree on systems for sharing patient information. Prominent examples include Santa Barbara, California; the Indianapolis region; and greater Boston, Massachusetts.³ Local leaders have convened the parties and developed home-grown technical solutions to the many challenges of data standardization and common privacy and security policies.

Yet there are no clear ways for health information exchange to expand easily beyond these initial projects, other than within coherent enterprises, such as the Veterans Health Administration (VHA) network. When a patient from New York enters an emergency room in San Diego, there is no possibility of quickly retrieving the relevant information about the patient’s history, recent lab tests, allergies, or medications.⁴ When people relocate to a new community, their entire medical history is typically lost. The fragmentation and lack of uniformity across the country also prevents the aggregation of public health, quality measurement, or research data in any efficient or standardized fashion.

Planning for a health information network that will accommodate patient care needs across a fragmented delivery system must begin with an acceptance of the structural and political realities of the moment. Energetic leaders are investing time and money in IT solutions at the provider and community levels, yet they now work without a framework that would allow these innovative systems to communicate with each other. We face the possibility that hundreds of well-intentioned—and even locally successful—information networks will never be able to exchange information with each other. This paper proposes an approach to creating a health information infrastructure that supports continuous, expanding, and uniform exchange of information throughout the United States.

Identifying The Challenges

Top Identifying The Challenges Addressing The Challenges The Common Framework For... The Need for A... The Urgency Of Action NOTES

 
Several difficult challenges exist to the creation of a uniform health information infrastructure on a national scale.

Consistent standards. Although a core set of data standards is generally recognized, and most vendors can implement these standards in their systems, they are not consistently implemented between every pair of institutions that wish to exchange data. In addition, most "real-world" problems, such as transferring a prescription electronically, require that several sets of standards be bundled together: some for the underlying demographic or clinical data, some for packaging the message, some for the transmission. These "profiles" of standards have not been identified, documented, or commonly adopted.

Privacy and security. Information exchange rests upon trust—each network user trusts that every other user will handle sensitive information in a predictable way. Other than the minimal requirements of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, there are no uniform agreements about security or privacy of health information across a network.

Consumers and patients are fearful of uses of their personal health information by anyone other than their doctor. The public is legitimately concerned: Institutions may repair mistakes in financial transactions through economic adjustments, but privacy breaches involving health information can be both extremely hurtful and nearly impossible to undo. Without widespread trust in health information exchange, patients might not tolerate increased electronic information sharing among providers, payers, researchers, or others.

Pluralism. A national approach to interoperability must be pluralistic. Inter-operable networks such as the Kaiser Permanente system and the VHA exist on a national scale. There are also substantial local and enterprise IT networks, such as those operating within the Partners HealthCare System (Boston), or the Indiana Network for Patient Care. Any approach to interoperability to support information exchange among these existing systems must accommodate all of these local systems and allow newcomers of every level of sophistication to participate.

Addressing The Challenges

Top Identifying The Challenges Addressing The Challenges The Common Framework For... The Need for A... The Urgency Of Action NOTES

 
Connecting for Health, a large, multistakeholder collaborative, has developed an approach to widescale health information exchange that addresses these challenges.⁵ The Connecting for Health approach reflects the participation of the principal interest groups in U.S. health care and represents an unusual consensus of views on a practical implementation path. We believe that general adoption of a formal set of technical components, standardized methodologies, and explicit policies for use and governance can permit rapid attainment of an interoperable health information environment that supports modern health care practice. We call this bundle of standards and policies the Connecting for Health Common Framework for information exchange.

Broadly, health information exchange is likely to consist of many networks that are capable of communicating and exchanging information with each other. Some networks will be geographically defined (so-called regional health information organizations, or RHIOs); others will be defined by affinity groups of various kinds—networks of cancer research centers, collaborating businesses, or distributed enterprises. Internally, these networks may take a variety of approaches to governance, data standards, data management, financing, and privacy policies. But to achieve national interoperability, every geographic or affinity-based network must adopt the standards and policies that the Common Framework comprises.

A decentralized and federated model for health information exchange will help protect the privacy and security of information while allowing accurate and timely access to information, as long as all participants adhere to a minimum set of uniform standards and policies. Personal health information will remain where it is today: in the hands of doctors, hospitals, and others who provide care to patients. All of those who generate health information for patients are its stewards. Patients must ultimately be able to control the access to and use of their personal health information in partnership with their providers. Over time, more and more of these data will be stored and transmitted using uniform standards.

This model recognizes the profound fragmentation of the U.S. health care system. Many types of institutions are part of the current system, from giant hospital systems to individual practices, with all manner of specialists, clinics, and agencies in between. The Common Framework will facilitate the transfer of selected information from one endpoint system to another, as is required for providing care and supporting informed patient participation. It also supports and facilitates authorized aggregation for public health, quality management, and other functions. The decentralized approach obviates the need for storing identifiable data in a central database but takes advantage of existing aggregates of data where available or necessary.

Accuracy in identifying both a patient and his or her records with little tolerance for error is an essential element of the Common Framework.⁶ Each network that participates in information exchange must maintain an index of patient records that tells authorized requesters where a patient’s information is stored without disclosing what those files contain. To assure interoperability between regions and other networks, these indices must follow common standards for coding patients’ demographic information. In the absence of a unique identification number, patient matching will occur using algorithms (as are now used by most large database indices), and every network index will need to accommodate the same formats for receiving and replying to demographic queries.

The system as a whole, and each component of it, must be reliable—able to assure a uniform, minimum level of system service quality in addition to backup mechanisms, so that stakeholders can count on the availability of the overall system. It must provide for near-real-time information access, not only for routine clinician and patient needs but also for particularly time-sensitive specialties such as emergency medicine and the monitoring of disease outbreaks, bioterrorism, or contamination of the food supply.

The Common Framework For Information Exchange

Top Identifying The Challenges Addressing The Challenges The Common Framework For... The Need for A... The Urgency Of Action NOTES

 
This approach—premised on privacy and patient control and built on decentralization, federation, and reliability—can only work if all participants conform to a Common Framework, which consists of the essential technical and policy requirements to enable the interoperation of standard interfaces and transactions at the local, regional, and national levels. The technical standards address secure transport over the Internet and other networks, and they provide the essential components required for the infrastructure, including secure connectivity, reliable authentication, and a suite of defined interchange formats for health care data. The policy standards address the privacy, use, and access policies for the exchange of health information. The Common Framework also provides a uniform methodology for the identification of users. The suite of interoperability standards will expand and be enhanced over time.

The Common Framework is the basis of all of the desired uses or applications—from e-prescribing to public health surveillance—that require specific, uniform interoperable standards to support information exchange. Use cases and accompanying information standards will be specified for each of the applications of the network and will be supported by detailed implementation guides. The participants in regional and other networks will determine which profiles are appropriate to address the requirements established by their stakeholders.

This approach to interoperability is premised on a model of patient authorization and control. Patients must be able to choose whether or not to participate in sharing personally identifiable information; exercise their rights under HIPAA; control who has access to their records (whether in whole or in part); see who has accessed their information; review, contribute to, and amend their records (without unreasonable fees); receive paper or electronic copies of their information; and reliably and securely share all or portions of their records among institutions. Once patient consent has been granted for access to a certain type of information, however, patients should be able to access it freely.

Flexibility. This approach is flexible in several ways. First, it is heterogeneous with regard to the types of technology and the functions of the various networks and other entities that use it, as long as all of them adhere to the Common Framework. This enables users of varying levels of technical and functional sophistication to use it for a variety of processes, and it acknowledges the heterogeneity of existing systems. Second, it is flexible in that it facilitates communication among endpoint systems at varying levels of sophistication in the structured and coded representation of data and supports the evolution of systems in this regard. For example, while some might use the system to locate records and request them by telephone, others may draw on it to support the full electronic exchange of highly structured data for sophisticated data analysis and decision support. This flexibility is necessary because health information will continue to be a mix of unstructured, structured, and coded data. The Common Framework provides standards and procedures that allow two systems that support highly coded data to exchange them without loss of data, while also allowing a system that supports little coding to send and receive information from similar and more highly structured systems.⁷ Lastly, this network design can evolve over time to address the changing needs of users and to increase in scale as the numbers of users and their transactions grow; it supports a reasonable level of variation and innovation in response to local needs.

Incremental changes. We recognize that any attempt to change the U.S. health care system faces major constraints. Although the challenges facing this system would warrant a full-scale "moonshot" approach, the system’s complexity, diversity, and distributed nature suggest that an approach that builds on and integrates existing networks is more likely to succeed. Furthermore, the standards, validation mechanisms, and governance structures cannot spring into existence at once. The interoperable health information system should be coordinated and built on a plan that recognizes the need for a learning curve. The lessons learned from developing harbinger regional or other networks can prove and improve approaches, leading to accelerated replication and success based on early experience.

Regionalized approach. This approach is not based upon a national central repository of patient information or a mandated national patient identifier. Instead, it is a pathway that facilitates, with appropriate authorization, private and secure information identification and access among regional and other networks. Health information resides with the providers that generate it or with patients themselves. Health care applications or endpoint systems (such as EHRs) conform to the Common Framework and are important extensions of it, but not strictly part of it.

Lowering of barriers. This model of interoperability also minimizes any additional financial or technical barriers (other than the requirement to comply with the Common Framework) to information sharing for patient care. Any appropriate and authorized organization or person can participate in the network without sizable economic barriers and can participate at almost any level of technical sophistication. The underlying infrastructure is not a proprietary network that is owned and operated by particular stakeholder groups.⁸

Other benefits. In addition to being practical, this incremental and decentralized approach to electronic connectivity provides other benefits. For instance, it greatly reduces the risk of data misuse, since the information is not in a single database. Judgments about who should have access to patients’ information remain under the control of patients and the clinicians and institutions that are directly responsible for their care. Once data are centralized, we have to rely solely on policy to protect the data; a decentralized approach allows the data holders to exercise control as well.

To meet the needs of clinical research, public health, and quality measurement, the Common Framework also supports aggregation of data for patients from across the health care environment. By standardizing the interfaces and creating common policies, communities will be capable of aggregating data for population-based uses, subject to appropriate deidentification or legal requirements. In addition, researchers have developed methods that will allow anonymous aggregation of data across systems that support common interfaces.⁹

We do not envision that coordination will require the replacement of existing software systems. Most existing EHR systems are capable of conforming to the technical standards and others can be connected through "middleware" technologies, which wrap standard-based interfaces around systems. Newly deployed hardware and software will likewise be able to interoperate with legacy systems if they conform to the Common Framework.

The Need for A Standards And Policy Entity

Top Identifying The Challenges Addressing The Challenges The Common Framework For... The Need for A... The Urgency Of Action NOTES

 
The Common Framework, and the trust and interoperability it enables, will come about only if an entity with sufficient authority and influence is responsible for its specification and perpetuation, creating the confidence that is critical to adoption. As we envision it, the Standards and Policy Entity (SPE) would be a public-private collaborative body that would identify and specify the detailed implementation rules, including business rules, for the policies and standards that make up the Common Framework. In collaboration with existing standards-development organizations (SDOs), and drawing on their work, rather than creating new standards, it would identify and recommend only the information policies and technical standards essential for establishing privacy, security, and interoperability, and would also be responsible for their interpretation and dissemination. Although the foundational elements of the Common Framework can be specified early on, the identification of guidelines for the full portfolio of health information needs will take many years to develop, and guidelines must continue to evolve along with technology. The SPE would therefore need to establish priorities among competing demands for its attention.

In addition to performing the functions described, the SPE would support provider and institutional adherence to its guidelines in ways that the history of network development shows to be important. For example, once an integrated suite of standards was chosen and associated policies developed, the SPE would have to promulgate detailed implementation guides for specific situations (for example, how to send a prescription from a doctor to a pharmacy electronically) to help users "connect the dots" between the status quo and the desired outcomes.

Although we do not propose a detailed blueprint for the SPE, we propose several guidelines to drive its creation.

Mission and functions. The SPE would be responsible for identifying, specifying, interpreting, and disseminating the policies and bundles of standards necessary for the sharing of electronic health information. Relevant policies include agreements associated with privacy; security; methods for the accurate identification of patients, professionals, and institutions; and baseline rules for user authorization and use and access policies. Standards that would fall within the SPE’s purview include those for message transport, privacy and security, and data standards. These policies and standards collectively make up the Common Framework, which will maintain a consistent core but evolve to meet the developing needs of the health sector and the changing technologies it employs. For example, the SPE might endorse a particular approach to distributed identity management that would drive specific standards and policy choices.

The SPE would identify priority situations (such as tracking all of a particular patient’s medications and assuring that they are compatible), and suites of standards, based on the input from many stakeholders. It would also develop detailed technical specifications for implementing those standards.

The purpose of the SPE must be clearly defined, and its activities must remain tightly constrained to those for which it is designed. Failure to do so could result in an unintended accretion of duties and thus diminish the SPE’s credibility and effectiveness as a focused policy and standards entity.

The importance of coordinating policy and standards functions. Seemingly narrow technical choices and standard-setting processes can have a broad and lasting impact on public policy and individual rights and can affect the overall cost and feasibility of implementing electronic connectivity in health care. The recent ChoicePoint privacy spill and the proliferation of unsolicited commercial e-mail on the Internet exemplify such reactive and often "too little too late" attempts at policy patchwork solutions. To avoid such pitfalls and to achieve maximum policy and technical consistency, the SPE should be the sole entity responsible for both the policy and technical components of the Common Framework.

Structure. The SPE could be a government function, an independent public/private partnership, or a private organization. Regardless of its corporate structure, however, it is clear that it must allow the diverse members of the health care community, including representatives of the public, to debate and determine policy and technical guidelines related to health information sharing.

The SPE must be able to act on issues of interest to its constituents without accepting the lowest-common-denominator consensus. To do so it must have (1) a well-defined mission and structure, including an independent board of trustees, a secure source of funding, and a strong executive office; (2) policy procedures that enable all interested parties to debate in an open and transparent way; (3) the ability to resolve disputes through an open and transparent process; and (4) a mechanism to adopt and validate its standards.

Broad stakeholder representation in governance. The SPE’s activities will affect a great variety of interest groups, including IT vendors, providers, payers, and the public—for example, through the accelerated availability of interoperable EHRs. The policies and standards it develops will ultimately facilitate or impede adoption of personal health records and other patient-focused tools. The representation and consultation structure of the SPE must therefore create a meaningful role for affected groups, including the public, in its operation and policy development.

Accountability, transparency, and trust. The SPE can succeed only if it remains accountable to key stakeholders. Its bylaws must include effective procedures for independent review of controversial decisions, and its reporting arrangements—most appropriately to Congress and other parts of government—must be clear.

The importance of transparency in the SPE’s governance is especially great because of its unique relationship with its stakeholders—a relationship based more on trust than on financial, legal, or political ties. As our collaborators in Connecting for Health have emphasized, generating the trust necessary for data sharing is far more difficult than solving the associated technological challenges.

Building on existing work. Although the SPE’s primary obligations would be to its stakeholders and member organizations, its authority and efficacy would depend heavily on the extent to which it can collaborate effectively with existing SDOs and other relevant entities. Many of the SPE’s policy and technical efforts would build on existing efforts; there would be no reason for it to replicate work already done by others. Evidence that these groups have accepted the SPE’s authority, and resolution of doubts or concerns they may have about it, would be a measure of the SPE’s success.

Support for evolution and innovation. Although the SPE would not be directly responsible for promoting the development of an interoperable health system beyond the narrow scope of its coordination activities, it could support and preserve the long-term evolution and innovation of the health sector instead of hindering it.

The Urgency Of Action

Top Identifying The Challenges Addressing The Challenges The Common Framework For... The Need for A... The Urgency Of Action NOTES

 
More than 100 communities across the country are actively engaged in creating health information exchanges.¹⁰ Pharmacies and pharmacy benefit managers (PBMs) are offering medication management tools, chronic disease tools are being optimized for people with congestive heart failure or diabetes, and secure e-mail and result-reporting systems are being integrated with both inpatient and outpatient EHRs.

In a general sense, these developments represent positive movement toward the ideal future we envision. At the same time, however, this burgeoning of disjointed efforts could undermine achievement of our national goals: There is no guarantee that these initiatives will be compatible, either technically interoperable or following consistent and predictable policies for information handling.

This new health information environment—based on open, consensus-driven, and nonproprietary standards; uniform policies that protect privacy, assure security, and support existing trust relationships; and a common technical approach to linking personal health information—can be the springboard to a generation of innovation and improvement in health care and in personal health. Clinical models, self-care and decision-support tools, application and communications software, and even redesigned care practices will emerge within this new environment. Research and innovative approaches to prevention and treatment can be strengthened and the results integrated more rapidly into health care and health-related decision making. The delivery of high-quality care can become more likely, less expensive, and more timely if the right skills and knowledge can be brought to the right person at the right time. We can put patients and families at the very center of the health care system, supported and surrounded by an information environment that they can use—or allow others to use—to make decisions, monitor health, provide feedback, and support strategic analytic functions that produce measurable improvements in health.

Editor's Notes

 
John Halamka is chief information officer of CareGroup Healthcare System and of Harvard Medical School in Boston, Massachusetts. J. Marc Overhage (moverhage{at}regenstrief.org) is president and chief executive officer of the Indiana Health Information Exchange; an associate professor of medicine at the Indiana University School of Medicine; and a senior investigator at the Regenstrief Institute, all in Indianapolis. Lygeia Ricciardi is director of the Health Program at the Markle Foundation in Washington, D.C. Wes Rishel is a vice president of Gartner Research at the Gartner Group in Alameda, California. Clay Shirky is an adjunct professor in the New York University Interactive Telecommunications Program, in New York City. Carol Diamond is a managing director of the Health Program, Markle Foundation, in New York City.

The authors acknowledge the substantial contributions to this paper by David Lansky and Stefaan Verhulst of the Markle Foundation.

NOTES

Top Identifying The Challenges Addressing The Challenges The Common Framework For... The Need for A... The Urgency Of Action NOTES

 

1. J. Walker et al., "The Value of Health Care Information Exchange and Interoperability," Health Affairs, 19 January 2005, content.healthaffairs.org/cgi/content/abstract/hthaff.w5.10 (10 June 2005); L.T. Kohn, J.M. Corrigan, and M.S. Donaldson, eds., To Err Is Human: Building a Safer Health System (Washington: National Academies Press, 1999); and E.A. McGlynn et al., "The Quality of Health Care Delivered to Adults in the United States," New England Journal of Medicine 348, no. 26 (2003): 2635–2645.[Abstract/Free Full Text]
2. Recent studies emphasize that technology alone is not sufficient to address quality and efficiency problems; implementation and support are vital. See, for example, R. Koppel et al., "Role of Computerized Physician Order Entry Systems in Facilitating Medication Errors," Journal of the American Medical Association 293, no. 10 (2005): 1197–1203.[Abstract/Free Full Text]
3. D. Brailer et al., Moving toward Electronic Health Information Exchange: Interim Report on the Santa Barbara County Data Exchange, July 2003, www.chcf.org/documents/ihealth/SBCCDEInterimReport.pdf (10 June 2005); J. Overhage, C.J. McDonald, and J.G. Suico, "The Regenstrief Medical Record System 2000: Expanding the Breadth and Depth of a Community Wide EMR," Proceedings of the 2000 AMIA Annual Symposium (2000): 1173; and Massachusetts Health Data Consortium, "MA-SHARE Program Overview," www.mahealthdata.org/ma-share/mission.html (10 June 2005).
4. J.T. Finnell et al., "Community Clinical Data Exchange for Emergency Medicine Patients," Proceedings of the 2000 AMIA Annual Symposium (2003): 235–238; see also MHDC, "MA-SHARE, MedsInfo-ED Project Overview," www.mahealthdata.org/ma-share/projects/medsinfo.html (10 June 2005), for a description of a communitywide emergency medicine information sharing network.
5. Connecting for Health, Achieving Electronic Connectivity in Healthcare: A Preliminary Roadmap from the Nation’s Public and Private-Sector Healthcare Leaders, July 2004, www.connectingforhealth.org/resources/cfh_aech_roadmap_072004.pdf (21 March 2005).
6. For more on the technical aspects of network design, see Connecting for Health, Linking Health Care Information: Proposed Methods for Improving Care and Protecting Privacy, February 2005, www.connectingforhealth.org/assets/reports/linking_report_2_2005.pdf (21 March 2005).
7. The implications of these differing degrees of interoperability are detailed in Walker et al., "The Value of Health Care Information."
8. Connecting for Health, Linking Health Care Information.
9. C.J. McDonald et al., "SPIN Query Tools for De-identified Research on a Humongous Database," Journal of the American Medical Informatics Association (forthcoming).
10. J.M. Overhage, L. Evans, and J. Marchibroda, "Communities’ Readiness for Health Information Exchange: The National Landscape in 2004," Journal of the American Medical Informatics Association 12, no. 22 (2005): 107–112.[CrossRef][Web of Science][Medline]

                      What's this?

This article has been cited by other articles:

				G. J Kuperman, J. S Blair, R. A Franck, S. Devaraj, A. F H Low, and for the NHIN Trial Implementations Core Services C Developing data content specifications for the Nationwide Health Information Network Trial Implementations JAMIA, January 1, 2010; 17(1): 6 - 12. [Abstract] [Full Text] [PDF]

				M. C. Christensen and D. Remler Information and Communications Technology in U.S. Health Care: Why Is Adoption So Slow and Is Slower Better? Journal of Health Politics Policy and Law, December 1, 2009; 34(6): 1011 - 1034. [Abstract] [PDF]

				A. R. Hinman and A. J. Davidson Linking Children's Health Information Systems: Clinical Care, Public Health, Emergency Medical Systems, and Schools Pediatrics, January 1, 2009; 123(Supplement_2): S67 - S73. [Abstract] [Full Text] [PDF]

				J. W Dexheimer, T. R Talbot, D. L Sanders, S T. Rosenbloom, and D. Aronsky Prompting Clinicians about Preventive Care Measures: A Systematic Review of Randomized Controlled Trials JAMIA, May 1, 2008; 15(3): 311 - 320. [Abstract] [Full Text] [PDF]

				T. Bodenheimer Coordinating Care -- A Perilous Journey through the Health Care System N. Engl. J. Med., March 6, 2008; 358(10): 1064 - 1071. [Full Text] [PDF]

				J. M. Grossman, T. S. Bodenheimer, and K. McKenzie Hospital-Physician Portals: The Role Of Competition In Driving Clinical Data Exchange Health Aff., November 1, 2006; 25(6): 1629 - 1636. [Abstract] [Full Text] [PDF]