Differing laws, data standards complicate state HIE initiatives

State health IT leaders discuss how privacy laws and EHR interoperability issues make interstate health information exchange anything but straightforward.

WORCESTER, Mass. -- State health information exchange (HIE) initiatives face formidable technical and funding obstacles.

The biggest challenge of all, however, may be privacy laws that vary across state lines, according to several state health IT leaders in attendance at Gov. Deval Patrick's second annual Massachusetts annual health IT conference.

In some states, payers, employers, public health researchers and, of course, patients seeking their own data might have access to data in their publicly funded HIE. Many states, however, impose limitations -- some more than others.

New Hampshire, for example, prohibits its state HIE from sharing patient data except in provider-to-provider exchanges related only to an individual's care. For meaningful use, that means only exchanging lab results, continuity of care and e-prescribing data, mostly between a patient's physician, nurse and pharmacist. Even patients can't aggregate their own records via the HIE.

Oregon privacy laws, according to an audience member in a breakout session on interstate HIE led by Massachusetts eHealth Institute (MeHI) director and state HIT coordinator Richard Shoup, are stricter than many other states -- except when it comes to law enforcement officials, who can access any data they need in the course of criminal investigations and prosecutions.

Building interstate HIE hasn't been a priority, Shoup said in his session. "The focus for most of us is intrastate, because we have to move very quickly to support meaningful use requirements, not to mention payment reform and all the other things we're working on."

Massachusetts, like Oregon, restricts the exchange of genetic testing data, and has an even stricter rule for HIV testing results. In a workshop session, Atrius Health director of clinical informatics Dr. Mike Lee -- who helps manage patient data for an 800-member physician group and also sits on a committee developing the state's HIE patient-consent rules -- said that law theoretically could apply to almost anything.

"The disclosure of the results of genetic testing requires patient consent in Massachusetts," Lee said. "That led to a long discussion about how many things are actually a genetic test, and how quickly that's evolving. There are just thousands of them at this point in time…you could argue a cholesterol test is a genetic test, because of the family history related to that."

Patients can cross state lines, but patient data sometimes can't

The New Hampshire patient data exchange dilemma occurred, state health IT coordinator David Towne told SearchHealthIT.com, partly because lawmakers had to pass the statute defining the HIE entity and what it would do before health IT leaders had a chance to develop the state HIE.

His office has begun proposing ideas to legislators that may eventually turn into more HIE-friendly regulations. "It's not [a] static [situation], but it has to be taken in steps," Towne said.

The disclosure of the results of genetic testing requires patient consent in Massachusetts. There are thousands of them. You could argue a cholesterol test is a genetic test.

Dr. Mike Lee, director of clinical informatics, Atrius Health

That said, New Hampshire will probably first get legislative approval to form a nonprofit, public-private health information organization to manage the HIE, Towne added. (Other states have done this. Doing so effectively removes HIE organizations from their respective state health and human services agencies.) Once that's in place, smoothing the mechanics of health information exchange could come later, he said. "If we're going to impose on the legislature for their support, we have to be deliberative about what they want them to look at first."

Interstate HIE affects significant patient populations in New Hampshire, Towne said, pointing to several examples --  the 40% of Dartmouth-Hitchcock patients who come from Vermont for treatment; patients referred to Boston hospitals from hospitals in the state's southern tier, where much of New Hampshire's population is concentrated, and the state's sizeable "snowbird" population that migrates south each winter.

One of Towne's peers in Vermont, Dr. David Cochran, CEO of Vermont Information Technology Leaders and manager of the state's HIE, pointed out in an interview that the federal HIPAA rule trumps state laws. Even when state laws are restrictive, HIPAA grants state HIEs leeway in at least pushing a minimum set of patient data across state lines so that providers can care for patients.

"HIPAA allows you to have that kind of communication, and that's a really good place to start," Cochran said. It helps, too, that patient data flows very well within Vermont's borders -- he characterized it as "kind of like meaningful use stage 2.5" -- because the state's medical home project requires such infrastructure.

Interstate EHR task force working out health data exchange issues

At a roundtable during the conference, Beth Israel Deaconess Medical Center CIO Dr. John Halamka and Dr. Karen Bell, chairwoman of the Certification Commission for Health Information Technology (CCHIT), acknowledged that federal health data standards are not granular enough to enable machine-to-machine interoperability -- and by extension, MeHi’s Shoup added, state-to-state HIE.

A group of state health IT leaders are tackling that issue on their own with an ad hoc committee called the EHR/HIE Interoperability Workgroup. The goal is to harmonize health data exchange among most New England and Middle Atlantic states and a handful of others, including California, Ohio and Colorado.

Shoup said the committee is still in its early stages; it began with a recent memorandum of understanding. However, it's becoming clear that the group is working toward a potentially bigger goal: Laying the blueprint for nationwide interstate health data exchange by creating a standard HIE interface within EHR systems.

"We don't want to preclude federal standards, we want to incorporate them when possible," said Shoup, adding that the committee could name preferred EHR vendors and create certification programs in the future. "But to the point where [standards] don't provide enough specificity -- or enough detail -- we figure we can come up with a specification that we could share with EHR vendor partners to code to, so that we have true interoperability."

Kris Cyr, MeHI state HIE project manager, said the states involved in the committee represent 41% of U.S. patients. He told SearchHealthIT.com that each individual state is developing templates for interstate HIE, as dictated by its own infrastructure. In theory, common data sets will eventually flow into the templates from one state to another.

Cyr said that New York eHealth Collaborative (NYeC) executive director David Whitlinger spearheaded the committee. NYeC is providing some funding and technical architecture support while also acting as the group's facilitator.

"We're validating with stakeholders in the states. It truly is a multistate workgroup down to the detail level, where we're ending up with template specifications in as common a format as possible," Cyr said.

"The idea is to basically give EHR vendors confidence in the direction we're going…letting them know what we have in common so that EHR vendors will say, 'We'll build this thing into our system,' not only in the back end but [so] that it gets into the workflow. I think that's the nirvana, when interoperability hits the front end, the provider."

Let us know what you think about the story; email Don Fluckinger, Features Writer.

Dig deeper on Health information exchange implementation and management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.