Health Information Exchange and Data Privacy: If Done Right, A Data Bonanza Beckons
Powered by technology and the goal of improving patient care, Electronic Health Information Exchange (HIE) has made progress in some parts of the U.S., providing more data sharing and better access to information at the point of care.
HIE represents a significant opportunity to reap much greater returns from the industry-wide investments in electronic medical record (EMR) technology beyond intra-system silos that remain the legacy of the paper era. The true ROI lies in sharing data across systems for not only patient treatment and care but to meet emerging needs for access to aggregated, useful data.
Technology, pressure to improve health care outcomes at lower costs, and progress towards a culture of health information sharing have disrupted silo-thinking. Information is increasingly available to more providers in a just-in-time basis, particularly in the hospital emergency room where access to a patient’s medical history provides new opportunities for improving outcomes and saving money on unnecessary tests and procedures.
But these important outcomes are possible only if patient identities can be protected as the law requires. Indeed, concern about data privacy has been a constant since the start of HIE, when federal grants became available in 2009. While HIE is the process of sharing patient-level electronic health information between different organizations, implementation is done nationwide through more than 200 Regional Health Information Organizations (RHIOs).
RHIOs to the rescue
RHIOs are neutral third-party organizations that facilitate information exchange between providers within a geographical area to achieve more effective and efficient health care. They are the anti-silos. Some observers note the lack of more widespread growth of HIE and provider participation during the last two decades, attributing it to a number of factors including competitive concerns among providers, incompatible technology, absence of workable funding models and privacy concerns.
While privacy laws allow for the sharing of information between organizations for the purpose of patient care, RHIOs still have to ensure patient privacy to the satisfaction of the patients themselves and their providers. Lastly, fears of legal liability from unlawful disclosure of information can also restrict the potential for exchange.
HIE has been and is now seen as an antidote to earlier silo-bound systems that still typically exist within hospitals, physician practices, laboratories, insurance companies and pharmacies. Expansion of insurance coverage, involvement of multiple providers, and increases in highly specialized care for chronic, complex diseases generate more and more potentially relevant information into a fragmented, non-interoperable assortment of individual actors.
Currently, HIE allows health care professionals across the industry and patients to access and securely share a patient’s vital medical information electronically—improving the speed, quality, safety and cost of patient care. For example, some types of HIE send secure messages to providers when their patients are admitted to an emergency room. They can then coordinate care with the ER team in ways that avoid unnecessary tests, medications and hospital admissions. Alerts are also provided when patients get released from the hospital so that prompt follow-up appointments can be scheduled.
The requirement of patient privacy
The hope is that organizations will continue to get knowledgeable and adopt commercially available risk-based data privacy techniques that meet the highest international standards. Risk-based approaches such as the Expert Determination Method, or Statistical Method, require an expert, familiar with the principles and techniques of de-identification to examine the data and determine risk by considering the sensitivity of the data, context for its release, and the controls in place. These techniques provide a proven way to stay steps ahead of the rapidly changing technology and health care landscape, while making more and better data available for research to help fight serious diseases.
Addressing privacy concerns and then paying for measures that provide the necessary protection at the lowest risk addresses only one of the solutions needed to increase participation in HIE, which can lead eventually to more third-party data sharing. Federal and state governments need to weigh in on the importance of having robust HIE. Strong government support, especially given the precarious politics of health care, will help ensure more and better health care for everyone.
Sam Wehbe, Privacy Analytics
Wehbe is director of marketing at Privacy Analytics. He holds a Bachelor of International Business degree from Carleton University and a Master of Business Administration from Queens University.