Many health care institutions have been investing in computerized systems for many years. So what's different now? Why is there so much more publicity now than in the past? And why is it important that State and community leaders understand health IT?
What's different is that the health care industry is no longer just looking at automating the administrative or back-office work within an institution. These new information systems are being designed in ways that will allow communication with each other across systems and institutions for a broader array of purposes. By collecting electronic health data from multiple sources and analyzing or presenting it in usable form at the point of care or in other contexts, health IT has the potential to improve the quality and safety of care delivery, enhance the development and dissemination of evidence-based protocols, or allow more effective allocation of health care resources.
This new development has two major implications. First, information technology is being developed with a greater focus on clinical information. This is much more complex and sensitive than administrative data in many ways. For example, clinical information can be more subjective and nuanced - attributes that are important to capture but that pose significant technical challenges. It is also much less likely to be approached in a binary fashion.
More importantly, to achieve the benefits of exchanging data it is no longer just about investing in technology (health IT). An investment must also be made in the information exchange (HIE) function. Ultimately, the systems will also be able not only to view or read incoming data from another entity, they will be able to use it, incorporate it, and send it on - all of which are a part of interoperability. The new connectivity and ability to manipulate or analyze data greatly increase the value of the health IT investment, much as increased connectivity and new applications continue to increase the value of our PCs.
Promoters of health IT and HIE must research how to establish these data exchanges in ways that maximize the value communities hope to realize--both clinically and economically and for population health. Also, developers and implementers must ensure that security and privacy protections are "baked into" these new health information systems.
Because electronic information systems are not generally designed to interact with each other, some standardization must occur to facilitate communication--much like what was needed when telephones and fax machines became ubiquitous. While it is clear that standards will be required for the technical aspects of HIE, it is not immediately obvious that standardized policies and practices will also be necessary for the smooth and secure exchange of electronic health information. For example, having an agreement among participants in data exchange activities about the practices that will be followed to ensure that only authorized users within an institution are permitted access to protected information will give greater assurance--beyond what protections technology provides--regarding the security of data when it leaves the originating entity. Standardizing these types of practices as well as the technology is an additional way to assure participants that their expectations about privacy and security are met. In a sense, not only does the technology need to be interoperable, related policies and practices should be interoperable as well.
Continuing with the privacy and security example, whenever new ways of exchanging data are being considered--in whatever medium--attention must be paid to how existing data protections are extended or adapted across these new connections and relationships. In addition, new exchanges and relationships call for a fresh analysis of privacy and security practices so that any newly created vulnerabilities do not undermine the overall system of protections.
A word here about "RHIOs" - regional health information organizations - because they may be a source of distraction. The term is being used in many discussions of health IT and HIE. It is not well defined and there is no attempt to define it here. In thinking about the role of State and local policymakers in HIE development, consider that "regional health information organization" implies that a fully-formed entity exists with rules of engagement and a model for operation. The inclination may be to wait until a RHIO is up and running before considering policy issues, i.e., if there is no RHIO functioning, there is no need to engage in a review of policy issues. That may not be a wise approach.
It is important for the focus to remain on health information exchange between different entities whenever it occurs. Whether or not there is a formal entity established to govern that exchange, once patient data leaves the control of the original entity holding it (including the patient), certain policy problems emerge. For example, it is critical to ensure the privacy and security of protected health information, monitor access to the data, monitor use of the data, address malpractice issues for clinicians, and assess economic impacts.
In other words, the simple fact of patient health information moving about has implications for the patient and the marketplace. And these are all issues that have historically been addressed in States and communities. So when health IT and HIE are being discussed, consideration should be given to building a consensus at the community and State levels around common or standardized principles and policies that can be adopted by the participants in the exchange.
AHRQ's Health IT and HIE Goals
The focus of AHRQ's health IT investments has been on addressing how to adopt health IT and HIE to achieve desired results. In addition to assessing the potential of specific applications through competitive grant projects, there is also an attempt--through both the grants and the State and regional demonstration contracts--to identify the issues communities are struggling with in HIE development, how they may be answering these policy questions, and how to communicate what is being learned to the health care community so that the same mistakes are not repeated.
Unfortunately, the results from the AHRQ health IT projects are only just beginning to be made available, but two things are becoming clear:
It's not all about technology, as one of the grantees says "it's one part technology and two parts systems and culture change" AND
The process of solving the policy questions is just as important as the solution.
The process is important because of the nature of the issues; the policy questions identified above go straight to community trust in new electronic information exchange.
Recommendations and tools that can help speed up the process include the Common Framework described below, see Current Activities, or the State-level HIE materials funded by the Office of the National Coordinator. Still, each community and State must engage as many stakeholders as possible in decision-making about what information will be exchanged when, how, by whom, and under what protections. Transparency is required, including in financial arrangements. This is absolutely essential to the trust that is needed for buy-in by clinicians, payers, and, most importantly, patients and consumers. Without significant participation in these new HIEs, the benefits being sought cannot be realized.
State legislators have a new resource for support in addressing these issues. The National Conference of State Legislatures has established http://hitchampions.org, with a focus on the particular needs of state policymakers. NCSL's Project HITCh seeks to build state legislative capacity related to health information technology and its use in improving quality at both individual and system levels.
Policy and Technology Solutions Must be Linked
The ability to exchange and transmit information in support of improved care delivery for individual patients and improved population health requires an extensive commitment to developing policies over a wide range of policy issues. These include data use limitations, data ownership, governance, liability, anti-trust, and the roles and responsibilities of individuals and organizations.
Early experience with large-scale information exchange suggests that policy and technology are inextricably linked where health information collection and exchange are concerned. One cannot implement an effective exchange without sound policies, and sound policies cannot be created without a clear understanding of a specific exchange's technical constraints and capabilities. The technical challenges are associated with linking information across an extremely diverse and highly fragmented system of health care. The policy challenges, particularly privacy concerns, are affected by such things as the technology used, community needs, market economics, and the way in which systems of exchange are created.
Privacy and Security
One of the key areas of policy and technical debate in which States and communities must engage involves the need to maintain public trust in electronic data exchange. There is great potential value in HIE; when doctors, nurses, and other health care professionals have access to the information they need at the time they need it, mistakes are avoided, care is more effective, and lives are saved. But the sharing of patient information across electronic networks cannot be taken lightly. Many surveys have shown that Americans are very worried about the privacy of their personal health information. While making such information available through HIEs can increase the value to the individual, it should not be associated with an undue risk. Although it is impossible to guarantee 100-percent privacy of health information, even using paper medical files, technical and policy approaches to maintaining the highest level of privacy and security are essential. HIE must be done in a way that protects patient privacy and improves health care safety and quality. For more information about AHRQ's support for addressing HIE privacy and security issues, click here.
Current Activities
Connecting for Health Common Framework
Several AHRQ staff and many AHRQ contractors and grantees have participated in the development of the Connecting for Health Common Framework: Resources for Health Information Exchange. The Common Framework is a small set of nationally uniform technical and policy guidelines for health care organizations that share a big objective: rapid attainment of widespread information-sharing in support of modern health care practice.
The first version of the Common Framework, publicly released on April 6, comprises a set of free resources with 16 policy guides and technical documents designed to advance HIE when and where it is needed in a private and secure manner. The guidelines contained in the Common Framework are associated with a specific technical architecture and privacy safeguards, but many of the principles may be applicable to a broader range of approaches to health information exchange. The guidelines may be adopted by any network, regardless of its size or underlying hardware and software. The Common Framework puts forth a model of HIE that:
Protects patient privacy by allowing health information to remain under local control - avoiding the need for a large, centralized database or for the creation of a national patient ID
Avoids large-scale disruption and huge up-front capital investments by making use of existing hardware and software
Supports better-informed policymaking around HIE
Establishes trust among collaborating organizations by applying well-vetted model contract language to fit their needs
Supports Privacy and Security Solutions for interoperable HIE
To see an overview of the Common Framework, click here.
Click here for more information, for access to the documents, and to register for discussion forums related to the Common Framework.
Privacy and Security Solutions for Interoperable Health Information Exchange
In September 2005, AHRQ awarded an 18-month, $11.5 million contract to RTI International in a national effort to address privacy and security policy questions with HIEs. The Privacy and Security Contract term has been extended to 19 months, and the funding increased to $17.23 million. Under the Contract, RTI is implementing its Health Information Security and Privacy Collaboration (HISPC), under which it has subcontracted with 33 States and Puerto Rico to assist them with doing the following:
Identifying variations in organization-level business privacy and security policies and practices that affect electronic clinical HIE
For those practices that States consider desirable (thought they may affect HIE), documenting and incorporating them into proposed solutions
For those with a negative impact, identifying the source(s) of the policy or practice and proposing alternatives
Preserving privacy and security protections as much as possible in a manner consistent with interoperable electronic HIE
Incorporating State and community interests, and promoting stakeholder identification of practical solutions and implementation strategies through an open and transparent consensus-building process
Leaving behind in States and communities a knowledge base about privacy and security issues in electronic HIE that endures to inform future HIE activities
The States that have signed subcontracts with RTI are: Alaska, Arkansas, Arizona, California, Colorado, Connecticut, Florida, Iowa, Illinois, Indiana, Kansas, Kentucky, Louisiana, Massachusetts, Maine, Michigan, Minnesota, Mississippi, New Hampshire, New Jersey, New Mexico, North Carolina, New York, Ohio, Oklahoma, Oregon, Rhode Island, Utah, Washington, Wisconsin, West Virginia, Vermont, and Wyoming.
Throughout the summer and fall of 2006, State subcontractors will be engaging with stakeholders across the country to carry out the above activities as well as propose solutions and implementation plans.
State and regional meetings of the subcontractors will be scheduled through the remainder of 2006 to enhance communication and collaboration among stakeholders. In early 2007, a national meeting of the States will be convened to discuss and finalize a nationwide summary and synthesis of business practice variation assessments and the proposed solutions among all States, in order to inform policymaking at the Federal, State, and local levels.
To find out more about specific State HISPC activities, click here.
A computer-generated message generated when specific criteria are met; e.g., entry of a critically abnormal laboratory test value generates a warning message to the care provider who ordered the test.
The American Medical Association (AMA) is an organization of physicians which works on the most important professional and public health issues including health information technology (HIT).
The American Medical Informatics Association (AMIA) is an organization dedicated to the development and application of biomedical and health informatics in support of patient care, teaching, research, and health care administration.
Ambulatory medical record system (AMRS), which is a clinical information system that supports the functions of an outpatient clinic, generally including registration, appointment scheduling, order entry, reporting of results, clinical documentation, and billing.
The American Nurses Association (ANA) is a professional organization representing registered nurses with the goal of advancing the nursing profession by fostering high standards of nursing practice and lobbying Congress and regulatory agencies on health care issues affecting nurses and the public, including the use of information technology (IT) in nursing practice.
The American National Standards Institute (ANSI) oversees the creation, promulgation, and use and thousands of standards and guidelines, in nearly every sector of the economy, in order to strengthen the U.S. market in the world economy and to improve the health and safety of consumers.
A computer program designed to help physicians in the proper ordering of antibiotics.
The Arden Syntax standard, which is maintained by HL7, is a coding scheme which provides a standard means for writing rules designed to relate specific patient situations to appropriate actions.
Application Service Provider (ASP) is a type of client-server installation where a business hosts computer-based services for customers to access across a network, such as electronic health record (EHR) solutions accessed over the Internet.
A mode of communication in which exchange of data does not require both parties to be actively involved at the same time.
Asynchronous transfer mode (ATM) is a network protocol for sending small, fixed-length packets of data over network connections.
A record of all accesses and updates to medical data, which is generally maintained in chronological order, which is used to promoted accountability of access to the data.
A process for the positive identification of system users; this process is used to control access to the system.
A process for limiting user access and activities to only the actions deemed appropriate for that user.
The American Academy of Family Physicians (AAFP) is the national association of family doctors; its mission is to improve the health of patients, families, and communities which includes the introduction and use of health information technology (HIT).
A level of encoding of medical data which involves reviewing the data and labeling the data based on an item from a terminology.
A security function in which users are responsible for their access to and use of medical information. The users must have a right to know and a need to know the information they access.
Time between learning sessions when teams work on improvements within their organization. The teams are supported by collaborative faculty/staff.
An adverse drug event (ADE) is an unexpected or dangerous reaction to a drug.
Admission-discharge-transfer (ADT), which is a component of a health information system (HIS) designed to maintain and update the hospital census.
Computer software designed to operate with a degree of autonomy from its programmer (e.g., an agent may be used to search the Internet for specified information).
The American Hospital Association (AHA) is the national organization representing all types of hospitals, health care networks, and their patients plus communities. It strives to ensure that its members’ perspectives and needs are addressed in national health policy development, legislative and regulatory debates, and judicial matters; this includes issues related to health information technology (HIT).
The American Health Information Community (AHIC) is a federal government advisory body chartered to provide recommendations to the Secretary of the U.S. Department of Health and Human Services (HHS) on how to accelerate the development and adoption of health information technology (HIT).
The American Health Information Management Association (AHIMA) is a professional organization devoted to improving healthcare by advancing best practices and standards for health information management (HIM).
Agency for Healthcare Research and Quality (AHRQ) is the lead federal government agency charged with improving the quality, safety, efficiency, and effectiveness of health care for all Americans. As one of 12 agencies within the Department of Health and Human Services (HHS), AHRQ supports health services research that will improve the quality of health care and promote evidence-based decision making.
This refers to the amount of data that can be transmitted over a communication channel in a given period of time.
A measurement obtained prior to an intervention and used for comparison to post-intervention measurements.
The College of American Pathologists (CAP) is a professional organization of pathologists which fosters and advocates excellence in the practice of pathology and laboratory medicine. It was responsible for developing the Systematized Nomenclature of Medicine (SNOMED).
Print
540 Gaither Road Rockville, MD 20850 Telephone: (301) 427-1364