An HIE Structure That Breaks the Mold

Western Pa. Exchange Builds on Participants' Technologies

By , August 30, 2012.
  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
An HIE Structure That Breaks the Mold
Read Transcript

Nine organizations in western Pennsylvania are taking a customized approach to health information exchange that leverages the security technologies they already have in place, says Chris Carmody, who heads the effort.

The HIE, ClinicalConnect, provides local control over who accesses patients' information while allowing secure data exchange capabilities to be built into the workflows of participating organizations, Carmody explains in an interview with HealthcareInfoSecurity.

"Who knows these users better than the member organizations that we're working with at the local level?," asks Carmody, a vice president in University of Pittsburgh Medical Center's information systems division. UPMC is a founding member of ClinicalConnect, launched in 2010.

"Instead of trying to manage the identities of our users from a central place, we felt it best to leverage what was already in place, which is based on [applying] HIPAA security and privacy regs at that local level," says Carmody, who oversees ClinicalConnect and will soon be named its president.

HIE users are authenticated and access patient information through their own organization's electronic health record systems and related security technologies, he explains. Once they gain authorized access to their EHR, they can access ClinicalConnect through a hyperlink to launch a search of other data available about the patient from the organizations that participate in the HIE. They then receive an aggregate view of the patient's information that lists all the sources of the data.

"Patient data is sent back out and presented in a very user-friendly format for providers and clinicians," he says. "We took a very lean approach to managing and dealing with the security factor."

Patient Consent

In the interview, Carmody also:

  • Describes ClinicalConnect's opt-out patient consent model. The HIE and its member organizations "try to educate patients about what is going to happen to their information being passed along to other providers through Clinical Connect," he says.
  • Tells why the HIE's technical team works closely with participating clinicians on functionality issues. "Engaging nurses and doctors and other clinicians in the planning early on is important," he says. "This is not an IT project; this is a healthcare effort, and it so critical for them to be engaged throughout the entire process."
  • Outlines how ClinicalConnect participants validate patients' information.

Carmody also stresses that ensuring the privacy of exchanged patient information is an ongoing effort. "I would expect as usage grows, there will be times and events that occur that call into question who's accessing data, was it appropriate, was it valid - and that's part of our continuous effort to look at what our controls and practices are," he says.

Carmody is vice president of information technology outreach services and program governance and reporting at UPMC. He has 16 years of IT experience. Before joining UPMC in 1998 as an information systems auditor, Carmody was a local area network administrator at Mellon Financial. He's also an adjunct associate professor at Point Park University and Duquesne University, teaching information systems and business courses.

Follow Marianne Kolbasuk McGee on Twitter: @HealthInfoSec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE HIPAA Compliance Audits Remain on Hold

After a three-year delay, federal regulators remain tight-lipped about when the next round of HIPAA...

Latest Tweets and Mentions

ARTICLE HIPAA Compliance Audits Remain on Hold

After a three-year delay, federal regulators remain tight-lipped about when the next round of HIPAA...

The ISMG Network