Driving Secure National Health Data Exchange

The mission of achieving secure nationwide data exchange, through such efforts as electronic health record interoperability, will gain momentum thanks to healthcare payment reform that rewards collaborative efforts to improve treatment outcomes, says David Whitlinger, executive director of New York's statewide health information exchange.

"One of the bigger steps forward has been the [Centers for Medicare and Medicaid Services] essentially doing a throw-down, saying 'we're getting out of the fee-for-service business and getting into the managed care business. And we're encouraging all the commercial plans and payment systems to come with us, and start paying for [healthcare] quality and better outcomes,'" he says. That reform "is one of the biggest drivers" for secure information exchange and interoperability on a national level, he says, because collaboration and easy access to timely patient information is essential to better outcomes.

That momentum has already started in New York, with reforms in state Medicaid payments that are driving healthcare organizations to share data regionally, and soon through the Statewide Health Information Network of New York, or SHIN-NY, which will link the eight regional HIEs, he says in an interview with Information Security Media Group.

"Because of the [Medicaid] payment system alignment ... providers [are] really seeking to interoperate and share records with each other," he says.

Last year, the New York legislature voted to fund SHIN-NY as a statewide public utility. The legislature recently approved $45 million to help finance work to finish linking eight regional exchanges into a statewide network for securely sharing patient information. The connectivity will be completed by the end of the year, Whitlinger says. Currently, there are about 50,000 providers in the state participating in the exchange of health data on the regional level, he says. And so far, 7 million patients so far have consented to have their records shared in the network.

As New York's evolving statewide health information exchange prepares to provide patients with access to all their medical data via a Web portal, it's considering customizing knowledge-based authentication methods commonly used in the financial sector, Whitlinger says.

Many financial institutions use knowledge-based authentication for online banking, based on having customers select answers to questions based on information the banks can gather from credit bureaus. That can include, for example, previous addresses or cars owned.

SHIN-NY is assessing the potential use of similar knowledge-based authentication for patients that would rely, instead, on verifying health information. Asking patients a question about their cholesterol levels on their last lab test, or the date when the individual had an appendectomy, "could be more substantial than some of those financial challenges and questions," he says.

In the interview, Whitlinger also discusses:

• The data security threats posed by hackers and insiders to HIE organizations;
• An update on SHIN-NY's efforts to securely connect the state's eight regional health information exchange organizations.
• Why business sustainability challenges faced by some other health information exchange organizations across the country pose risks to data security and patient privacy.

As executive director of the New York eHealth Collaborative, which oversees the Statewide Health Information Network of New York, Whitlinger leads its various HIE-related efforts. Previously, Whitlinger was director of healthcare device standards and interoperability for Intel in its digital health group. He also led the cross-industry consortium, the Continua Health Alliance, focused on establishing an ecosystem of interoperable, personal telehealth systems.