Nov

12

HIE is Wonderful But… - What is Required for Successful HIE Expansion

Before launching into my ramblings about the state of electronic health information exchange in this country today, I would like to wish all a happy Veterans’ Day. My thanks go out to all who have served our country to keep the average citizen safe and placing themselves in harm’s way to protect those freedoms we so much cherish but all too often take for granted. I may not agree with our current President’s position regarding the war in Iraq but I do admire and thank those of you who have and continue to place yourselves in harm’s way on behalf of this great country we live in.

Now on to electronic health information exchange… The push is on nationally to meet the President’s desire to see most Americans served by electronic health records by 2014. A number of national projects and national-state collaboratives have been launched. If you’re in the midst of all of this, you’ve heard many of the acronyms and we, as usual, talk in our cryptic fashion with our abbreviations and talk about the vision of a greater tomorrow where all or at least most health information is exchanged electronically. My question right now is how much of this is realistic and how much represents myth or wishful thinking.

I think the efforts of the US Department of Health and Human Services, the National Governor’s Association, the Workgroup for Electronic Data Interchange the eHealth Initiative and so many others is much needed and helps prod us along towards the future that the finance industry has already realized. I fully understand that healthcare is not the same as finance and we need to look at the current environment before we move at breakneck speed towards that nirvana – the future of universal electronic health information exchange.

The Health Information Technology Standard Panel (HITSP) has completed a considerable amount of quality work identifying appropriate standards for electronic health records, electronic health information exchange protocol, etc. The issue, though, is that business needs need to drive technology and actual organizational and industry business requirements were (as I was informed very emphatically more than once) outside the scope of the HITSP project. In many cases the technology can be wonderful and cure many ills but if it doesn’t serve the needs of the business, it becomes an uphill battle to implement any adopted technology standards.

As a retired CIO from the State of New Jersey stated, the business needs to drive technology. Technology attempting to drive business can well be a recipe for disaster. It seems more logical to begin the process of change from the side of what is needed by the patient, the health plan member and, especially, the organization from a business perspective and then develop or identify technology that serves those needs.

Me being one concerned with privacy and security would point to that infamous and HIPAA required activity called a risk analysis. The risk analysis looks across the business, identifies threats and vulnerabilities and, depending on the security controls in place (which could merely be training or proper policies and procedures), determine the bottom line risk to an organization. The organization is then in a position to determine whether mitigation is required or if the organization is willing to accept the risk because of the cost to mitigate and/or the adverse impact on providing quality health care. At that point technology decisions can be made if changes/mitigation is needed.

There is also this wonderful issue called trust. The health care industry is primarily focused on the patient or the health plan member – what are their needs, how high is the quality of care and how effectively can care and payment be accomplished. One of the more significant issue raised during the first phase of the Health Information Security and Privacy Collaborative (HISPC) was that of trust between providers, between providers and payers and trust issues with vendors. No matter how slick the system or solution, trust becomes much more significant than a new gadget or process to exchange information.

Health care has its own culture. What is needed from a business and patient perspective standpoint is attention to trust. Mixed messages from national projects, the lack of clarity, confusion regarding how national project interact and what the primary agenda is (as well as how it ties together) do not add much to the trust environment. Both initiatives and solutions need industry buy in (not to mention consumer buy in). That has not occurred and is very definitely getting in the way of any rapid move forward towards that national health information exchange environment.

To successfully move towards an expanded electronic health information exchange across the nation, we need to focus on the foundation first. Lack of business standards result in hodgepodge adoption of technology and business standards that then represents a significant problem called lack of interoperability. We can create many little islands of exchange but that does not move us any closer to an interoperable national health information exchange.

These little islands are created because of a lack of business standards, communication issues (state, regional and national), community but not state or regional trust (e.g., I trust my neighbor but I don’t trust a community or organization on the other side of the state or someone attempting to “show me the way” from DC). Some successful community electronic health information exchanges have been established. They work locally but they don’t work across a state, region or nationally.

The place to start is on the ground – what is happening today. The foundation needs to be built before a new RHIO or HIE can be built on top of that foundation. A shaky foundation will quickly lead to failure and, in some respects, it would be best to get this right the first time. If we don’t, we find ourselves up against, once again, the trust issue – “if you can’t get it right and you want my money, why should I invest with you in the near future.”

A friend of mine who is the chief privacy and security officer for a fair sized health care delivery system indicated we need to take baby steps. We can’t take that giant leap to a fully constructed national exchange without addressing business standards, providing tools such as secure messaging and common methods of authentication and actually addressing how to address exchanges in the current environment.

The next step is building the bridge to that national health information exchange (or even just a regional health information exchange) that is sustainable and successful, after beginning to lay a sound foundation, is to begin building the bridge between today’s hybrid environment and a future workable and sustainable primarily electronic health information exchange.

The bottom line is we need the national and local leadership to set a clear direction. We need to start work understanding today’s environment (we can’t move forward if we don’t understand where we’re coming from). We need to develop a foundation before building the RHIO. We need to take into account and involve the industry and consumers to address what is really needed from a care and business perspective as well as to build the trust needed to move to that workable and sustainable model.

We also can’t build a long term structure or process that continues to rely primarily on government and grant funding. We need to demonstrate ROI, map out the steps needed to move forward and bring the industry along with us. We can draft all of the profound reports we want but they collect the proverbial dust on the shelves in the long run if appropriate attention is not paid to where we need to start from, business/care needs and inter-organizational trust.