Safe & Sound with Marianne Kolbasuk McGee

Statewide HIEs Face Challenges

Networks Struggle With Sustainability and Trust

I've been covering efforts to build a successful model for exchanging health information among providers since the turn of the century, when regional health information organizations, or RHIOs, came on the scene, and then many disappeared. Now, with the news that Tennessee is pulling the plug on a statewide health information exchange, it's worth reassessing yet again just what it will take for HIEs to succeed.

See Also: The Application Security Team's Framework For Upgrading Legacy Applications

Privacy and security issues can derail efforts to build a successful health information exchange. If patients don't trust that their exchanged information will be kept confidential, they'll opt out of participating. If a healthcare organization doesn't support giving competitors potential access to their patients' data, they may drop out, too.

The jury's still out on whether local, regional and statewide HIEs will prove to be sustainable over the long haul. 

But beyond that, keeping HIEs up and running is difficult. Developing a business model that's sustainable, meets the data needs of all healthcare providers, and keeps all the competing participants onboard is a challenge.

The HITECH Act allotted about $2 billion in funding to help states build and advance their statewide HIEs. The funding is aimed at making secure sharing of patient data among healthcare providers easier in the hopes of improving care, reducing redundant tests, eliminating adverse medication interactions, and ultimately saving lives and money.

But even with help from Uncle Sam's pocket, HIE success isn't guaranteed.

In June, the state of Tennessee pulled the plug on ongoing efforts to build a statewide HIE, which has received $11.6 million HITECH grant. It's opting for a new, much simpler approach designed to achieve a narrower goal: Help providers meet meaningful use requirements for Stage 2 of the HITECH Act electronic health record incentive program. The state is now promoting the use of the Direct Project protocol for provider-to-provider secure messaging.

"With the number of 'meaningful use' hospitals and providers growing every month and with the anticipation of direct messaging becoming a secure health transport option within certified EHR systems, Tennessee is formulating a plan to help providers adopt direct messaging to jump-start the electronic exchange of health information across the state," Tennessee's Office of e-Health said in a statement.

As a result, the state has cancelled its relationship with Health Information Partnership for Tennessee, a non-profit formed in 2009 to build a statewide HIE in Tennessee based on a "network of networks" model that linked a handful of smaller regional health information organizations as well as healthcare providers that hadn't yet hooked up to an HIE.

Security, Privacy Issues

Keith Cox, CEO of the soon-to-be-defunct partnership, says security and privacy issues weren't involved with Tennessee's decision to pull the plug on its statewide HIE plans. But he believes that security and privacy are big concerns for many HIE efforts across the country and for the healthcare providers who are deciding on whether to participate in them.

Beyond the actual technology issues involved with keeping patient data exchange secure are deeper worries related to governance, Cox says. That's because HIEs require competing healthcare entities to trust one another.

"While there have been national discussions about health information sharing, healthcare is about community-based services. So when you deal with privacy and security, it's about partners feeling comfortable with each other," he says.

Besides fears among competing healthcare providers sharing data about one's patients, other worries include whether a healthcare provider will be somehow dragged into a negative public spotlight or be liable if one of their HIE partners experiences a data breach.

"People who participate in HIE workgroups are the privacy officers of these participating [healthcare] organizations," he says. "They don't want to be highlighted in the latest breach articles."

Yet at the same time, HIEs are also dealing with other sustainability issues. If not enough large healthcare players agree to participate and financially support an HIE with paid subscriptions, for instance, after seed money like government grants run out, the HIE is doomed.

"Sustainability is driven by the number of partners," Cox says. "Regional efforts are carried by flagship organizations." If an HIE loses a big player over issues that include concerns over trust, or secure data access and exchange, that hurts sustainability, he says.

The jury's still out on whether local, regional and statewide HIEs will prove to be sustainable over the long haul. It's essential that HIE promoters gain buy-in to a viable business model. It's also essential that they demonstrate to the public that they'll protect privacy and security.



About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.