Health Information Exchange (HIE): A Primer

Health Exchange Information (HIE) pertains to the storage, operation, and renewal of medical data among various healthcare organizations and medical institutions. It allows the secure exchange of data that is regulated and overseen by federal agencies. All the exchange of information is done as per the standards set by the government.

HIE helps efficient and secure access for the benefit of the patient. It also helps to improve the quality of treatment, care for the patient, and decreasing costs incurred. HIE is also interchangeably used for the system of exchange as well as the organization that regulates the exchange.

The HIE was started in 2004 by the office of the National Coordinator for Health Information Technology with the inception of Nationwide Health Information Network (NHIN), which is now known as eHealth exchange. This established rules and standards for the services.

HIE is essential in the coordination of different institutions for the betterment of quality and research of healthcare. It helps in giving the healthcare provider a complete perspective of the patient’s health conditions and prior issues. This ensures appropriate, and the best treatment is being followed and repeating the same processes again is avoided, facilitating faster treatment.

With HIE, patients get the full report of their treatments, prescriptions, and diagnosis reports. This will facilitate better communication between the patient and the healthcare institution.

There are 3 types of HIE models: –

• Decentralized:
  In this model, the records and documents are stored in independent data centers. The data is owned and maintained by the institution and access to outside parties is provided only after verification.
• Centralized:
  In the centralized model, all the data and records are stored in a single central repository.
• Hybrid:
  This may contain some information locally and some in a centralized system. When the data is requested, it is called a pull request. Similarly, when the data is fed into the database or repository, it is called a push. The data that is shared include clinical data, insurance claims, health profile, quality ratings, and miscellaneous data.

The HIPAA privacy rule lays down guidelines for the maintenance of privacy and protection of information. All the entities that are party to the HIE must ensure the provision of HIPAA as well as the corresponding state privacy laws.

Another act that is The Health Information Technology for Economic and Clinical Health(HITECH) Act provides federal protection laws to Personal Health Information(PHI) security under HIPAA. HITECH aims to facilitate the connection of entities in a way that improves healthcare quality and satisfaction by maintaining electronic forms of health records.

Every state has a provision of either opting-in or out of the HIE. The states that choose to opt-out, patients have the right to prevent their information from being stored and transmitted by the HIE. However, the states that decide to opt-in need the patient’s consent so that their information can be stored and exchanged by the HIE.

There are a few more laws and acts that affect the HIE:

• Privacy Act of 1974
• Food, Drug and Cosmetic Act
• Family Educational Rights and Privacy Act
• Gramm-Leach-Bliley Act

No matter how secure the data storage is claimed to be, there is always some possibility of a security breach. This may either be due to hackers or unintentional access, but this puts the sensitive patient data at risk of being stolen. This had happened before when an unsuspecting person gained access to the HIE in New England in July 2016. He used the credentials of an employee who was working at that hospital. In addition to the hospital’s 140 patients, he also gained access to 4,000 other patients listed in the HIE.

There were 4 major challenges, according to the U.S. Government Accountability Office:

• Unsatisfactory arrangements:
  The standards for the electronic exchange of information already exist within EHRs, but there were complaints that the standards were insufficient. The GAO stressed on the need for better infrastructure to support the exchange of information to be more useful to the healthcare providers.
• Privacy laws:
  Privacy laws vary in different states. This makes it difficult to exchange information when the providers are situated in different states because of variations in provisions.
• Finding accurate information:
  Due to anonymity in the health records, providers raised an issue that they find it challenging to match the health records with the corresponding patient’s name.
• Cost:
  Many providers argue about the costs incurred in maintaining the HIE records. That also included participation in local health information events and organizations and transaction fees charged at various stages.

The concept of Health Information Exchange is quite beneficial in ensuring the seamless delivery of the best healthcare facilities to the patients. But in order to eliminate the possible instances of misuse, setting up proper security mechanisms is also essential.