Choosing an HIE Model

As featured in For The Record

Health information exchanges (HIEs) are nearly as varied as individual communities within the United States, and they must take into account the number and types of healthcare systems in the geographic area, the prevalence of certain diseases, and the values on which the community places importance, says J. Marc Overhage, MD, PhD, president and CEO of the Indiana Health Information Exchange

“These issues make it difficult to determine exactly which model is best for a particular community, region, or state,” he says. “There’s no doubt that our [Indiana] state laws have created an environment that fosters a robust health information exchange, but the key to creating a sustainable HIE involves a number of factors, including selecting the appropriate consent model and providing relevant services that address the needs of all stakeholders.”

Stakeholders should determine the stringency of state privacy law requirements as well as federal requirements when developing a consent model on which to structure an HIE, says Melissa M. Goldstein, JD, who serves as an associate professor in the health policy department in the School of Public Health and Health Services at the George Washington University Medical Center in Washington, D.C. For example, according to new requirements under the HITECH Act, self-pay patients have the ability to restrict information from being shared with payers. “HIEs need to figure out how to exclude this information as well,” she says.

Although HIE implementations will vary by region, they should all have one aspect in common: adequate stakeholder input, including that of consumers, says Lee Barrett, executive director of the Electronic Healthcare Network Accreditation Commission. Ideally, patients should serve on HIE advisory committees or the board of directors, providing input on portal capability, consent models, access to information, and dashboard design, he adds. “They need to be at the table and very much a part of the implementation of HIEs. If they’re excluded, that creates a major obstacle to success,” he says

Consumer education is also important, says David Finn, CISA, CISM, HIT officer for Symantec in Houston. “The key is the patient has to understand what you’re doing with their information—where it goes, who can get it, and how they can get it,” he says. “If you haven’t done that education and training, it doesn’t matter what the consent model is. They’ll never be happy with it.

HIEs that pay close attention to the importance of consumer consent and education will be most successful, says Barrett. “I think people are very concerned today that their data will be misused or that certain confidential aspects of their data will be breached and that they’ll be in a compromised position,” he says. “How the data is used and the whole concept of security, privacy, confidentiality, and trust become absolutely critical.