HIEs and Disaster Recovery

Sizing Up Lessons Learned from Superstorm Sandy
HIEs and Disaster Recovery

In the aftermath of Superstorm Sandy, federal officials will refine their recommendations for the role health information exchanges can play during a natural disaster.

See Also: The Application Security Team's Framework For Upgrading Legacy Applications

When natural disasters strike, "it really drives the national conversation on how we can best prepare for these types of disasters and respond effectively," says Lee Stevens, the policy director of state health information exchange programs at the Office of the National Coordinator for Health IT.

In July, ONC released a report on the role of HIEs in disaster preparedness and response based on lessons learned from Hurricane Katrina. As a result of Sandy, the report will be refined to reflect the electronic health record sharing experiences of healthcare organizations affected by the superstorm.

"I do think that every disaster that we experience teaches us new lessons and ways to do things better," Stevens says in an interview with HealthcareInfoSecurity's Marianne Kolbasuk McGee (transcript below). "I think we'll learn in the coming days and weeks what other aspects we need to consider."

In the interview, Stevens also discusses how:

  • An HIE in New York helped to connect hospitals and other providers affected by the storm so they could share records;
  • State privacy and security laws must align when health data is exchanged across state lines in times of crisis;
  • Enabling multiple levels of data exchange, ranging from secure direct messaging to using HIEs to make patient data queries, is important in addressing the needs of providers of all sizes.

Before taking on his current role at ONC, a unit of the Department of Health and Human Services, Stevens served as the ONC's manager of HIE plan development and oversight for the Eastern and Southern regions of the U.S, Puerto Rico and the Virgin Islands, including technical assistance and long-term planning activities related to enabling exchange. Earlier he served as federal policy director for the Southern Governors' Association, where he managed the Gulf Coast Health Information Technology Task Force.

Disasters Preparedness

MARIANNE KOLBASUK MCGEE: Based on the lessons learned a few years ago with Hurricane Katrina in Louisiana, ONC worked with others in developing a report on health information exchange in disaster preparedness and response. This report addresses legal, technical and governance issues associated with the exchange of health information during a disaster. How do you see those recommendations from the report coming into play now with healthcare providers in New York and in New Jersey and other regions impacted by Hurricane Sandy?

LEE STEVENS: Honestly, whenever we have a disaster, particularly in an instance like this where it affects a very large area, it really draws attention to evacuating patients, those who are vulnerable and the elderly. It really drives the national conversation on how we can best prepare for these types of disasters and respond effectively. As many of the southern states have experienced [disasters] over the years, going all the way back to Hurricane Hugo, there was a drive to develop templates or agreements between states for exchanging resources in the event of an emergency.

After Katrina, we really saw that we were at a point where health information exchange and health information technology were now available to support the transfer of patient data electronically, and it really became a priority in those states, recognizing the vulnerability of their citizens, to do that as quickly as possible. The work that has gone on at ONC through the Southeast Regional Collaboration has been very focused on laying out exactly what the policy issues are for exchanging patient health data across state lines. As we know from a lot of our programs here, the technical issues are not nearly as tough as the policy issues.

As this applies to Hurricane Sandy, I do believe we would like to see this work move forward and advance to other states. There's currently health information exchange available in both New Jersey and in New York, and we would really like to advance this conversation with all states in the country to look at ways to respond to disasters.

Sandy: Exchanging Patient Info

MCGEE: With many hospitals and healthcare providers in the Hurricane Sandy region not having power and having to evacuate patients, what's your assessment so far on how patient information is being exchanged and how it's being accomplished? Is it being accomplished electronically or is there still a reliance on paper being sent with patients? What role are the health information exchange organizations playing right now?

STEVENS: I think it depends on the particular hospital and I don't know exactly the hospitals that have moved patients in New York City. I'm not 100 percent sure exactly how they've moved that patient data. They may have done it both ways. Health information exchange is a normal business practice at this point in New York City and all of the major hospitals do share patient information electronically.

In this particular case, it does require electricity and the generators being operational would allow that data to be exchanged, I believe. Otherwise, there's an ability to query those patients through the Statewide Health Information Network of New York, which just recently launched and connects all of the hospitals and provider offices that are enabled for health information exchange in the state of New York. It has launched in the downstate region and covers about 14 million lives at this point. In the scenario where a patient arrives at a different hospital, the Statewide Health Information Network there would be able to identify that patient's records from another hospital or another system.

Exchange Issues with Smaller Providers

MCGEE: What are the biggest health data access and exchange challenges being faced by smaller healthcare providers versus larger hospitals during this crisis?

STEVENS: I think something that has been very important to us at ONC is establishing exchange on multiple levels. We've enabled exchange on the simplest level, [using] secure e-mail through our Direct Messaging Project. In states like New York or New Jersey, secure messaging is available to small providers and single-provider practices, and they can exchange that data securely and authenticate it from an authenticated exchange from their office to another provider with relative ease at this point.

Lessons Learned

MCGEE: What new lessons can be learned so far from Hurricane Sandy in terms of healthcare providers, business continuity and their disaster plans?

STEVENS: I do think that every disaster that we experience teaches us new lessons and ways to do things better. I think we'll learn in the coming days and weeks what other aspects we need to consider. In the SERCH report that we've issued at ONC, we do see that we've covered most of the policy issues. There may be areas that we want to go back and reconsider. There may be additional things that need to be added, or there may even be things that are not necessary, within an issue of aligning state privacy and security laws and determining how those laws stand up when data is exchanged across state lines. Inside a state, the laws typically would remain in effect for New York or for New Jersey, so there would be guaranteed privacy and security. But I think that there's more to learn in the coming weeks.

MCGEE: In terms of some of the things you said that you might want to go back and re-evaluate now that you have hindsight of this hurricane, does anything pop out?

STEVENS: I think the issue is how simple should we make these [HIE] agreements. I do believe that this report is very simple and streamlined at this point, but we continue to try to hone it to make it able to go into effect very quickly and without any concern from any patient in the states or state governments.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.