Massachusetts HIE's Security StrategyFederated Model Keeps Data Exchange Simple
The New England Healthcare Exchange Network is continuing to use a federated model to protect patient data because it wants to rely on data owners to maintain security, says Sira Cormier, program director.
NEHEN, which has served portions of Massachusetts and Rhode Island since 1998, started with administrative transactions, and now also accommodates the exchange of clinical records as well as e-prescription data, Cormier explains in an interview with HealthcareInfoSecurity's Marianne Kolbasuk McGee (transcript below).
"All our data is stored at the sending or receiving organizations, and the only thing in the middle for us is a community directory that holds the addresses of where the message needs to go," she says.
Cormier contends the federated model is more secure and easier to administer than a centralized HIE model, which involves storing patient information from many organizations in a repository.
In the interview, Cormier also describes:
- NEHEN's use of "push" technology to share data among 55 hospitals, eight payers and 5,000 physicians;
- The HIE's approach to obtaining patient consent;
- The role of a community directory in authenticating those exchanging information;
- Why it's important to adhere to industry standards and seek out best practices for security.
Cormier is a principal consultant at the IT services firm Computer Sciences Corp. As NEHEN program director, she is responsible for the overall program direction, business sustainability, overseeing member recruitment, enrollment and technical operations.
MARIANNE KOLBASUK MCGEE: Tell us a little bit about your organization and your role.
SIRA CORMIER: I'm the NEHEN program director. The NEHEN organization is a consortium of payers and providers. We have been around since 1998. We're a member-funded, member-directed non-profit organization. We're the most widely-used HIE solution in Massachusetts. We include about 55 hospitals and over 5,000 physicians and eight of the health plans in the state. We're the longest sustained and most widely scaled HIE in the area. We service many organizations, from very large hospitals and health systems to a small community hospital and also physician practices.
We [use] a federated model where we're focused on doing pushing of clinical information from sender to a receiver. That's our main focus, pushing information in a federated model, which means that all of our data is stored at the sending organization or the receiving organization. The only piece that's in the middle for us is the community directory that holds the addressing of where the message needs to go.
We have three service lines. Clinical exchange is the typical HIE exchange of clinical messages. ... We also have an administrative exchange [using] the HIPAA transaction sets. This is the area that we're strongest in, since our inception in 1998. ... And finally, our third service line is e-prescribing.
MCGEE: How does the federated model safeguard data security and privacy compared with other models that you've considered or rejected?
CORMIER: The federated data model relies on the security practices of the network participants. So because the data sits at each of their participating organizations, if you're a sender of information - you're sending clinical information out of your system to another receiving information - you're in charge of that data that sits within your own four walls. All of our participants are required to adhere to many of the healthcare HIPAA standards and so forth, so all of those industry requirements that are required for [electronic health records] or any other systems that they're running apply to the HIE as well.
Data Security, Privacy Strategies
MCGEE: NEHEN's history had been in facilitating the exchange of administrative health data, and now you're expanding into clinical data exchange. How has your data security and privacy strategy changed?
CORMIER: There were many lessons learned in terms of the federated model and considering any of the centralized models. We stayed true to the federated model because, again, the safeguards are that the owners of the data are the folks who should be safeguarding the data at their own data centers, at their own organizations. We've also stayed true to utilizing industry standards, so whether those are standards for message types [or] protocols, all of those things we use as industry standards that are driven by the meaningful use [HITECH Act EHR incentive program] standards.
MCGEE: Describe your approach to obtaining patient consent for exchanging their information.
CORMIER: Because we focus on the pushing of clinical information, let me describe a little bit how that works. Pushing of clinical summaries is really around taking that information to that next provider of care. So at the time of registration, for example, at a hospital, the hospital collects that information from the patient about who their PCP [primary care physician] is and who's the specialist that had enrolled them into the hospital. Those are the two things that the patients supply for them at that point, and this is information that typically goes out to the next provider of care, whether that's on paper or electronic. We're simply making that into the electronic form to the next provider of care. At that time when the patient's supplying this information, [they're] understanding that the information's going to go to their own PCP, to their own specialist. Patient-consent responsibilities are again part of the network participant. They need to adhere to those, and we're not pulling data. We're not storing data in a centralized repository, so all of those types of decisions - the complexities - go away because we're dealing with a federated model.
MCGEE: What approach are you taking to authenticate the identity of organizations or individuals that are using NEHEN to exchange information?
CORMIER: Our approach is ... every participant who comes on board needs to be registered in our community directory, which really says who the provider is and what organization they belong to. What's the end-point that we need to send a message? Before we send a message out, we're checking our community directory to make sure that the next provider who needs to receive that message is listed in our directory. If they're not [registered], then the message is rejected.
Best Practices for Security, Privacy
MCGEE: What advice do you have to start-up health information exchanges in terms of best practices for data security and privacy when planning their strategies?
CORMIER: The best advice that we can give new start-ups is to start with meaningful use [HITECH Act] requirements because the meaningful use requirement already outline the required standards that you need to use.. Industry security best practices are already established. ... You should always try to use the available industry standards rather than developing something proprietary for your own network, because the purpose of the HIE is to be able to talk to many organizations, and we need to be talking the same language for us to be able to coordinate the care in exchange information. ... And we also believe that the pushing of information is easier and it also safeguards you against many of the things that you hear about around the challenges for a centralized database.