Tools & Strategies News

Why Health Information Exchange Needs HIM, IT Collaboration

By Jennifer Bresnick

- “Competing initiatives” is an oft repeated phrase in the healthcare industry, and for good reason.  Between meaningful use, ICD-10, EHR interoperability, emerging reimbursement reforms, big data analytics, and a slew of population health management projects still barely peeking over the horizon, providers are certainly being pulled in hundreds of directions at the same time.

Health information exchange and health information management

But organizations that feel overwhelmed with the laundry list of health IT tasks ahead of them should remember that many of these projects are actually complementary

When it comes to building health information exchange capabilities, which are a foundational competency for many of these other projects, it’s better to pull together than to try to divide and conquer.

This is especially true for members of the health information management (HIM) and IT departments, who may not always have had opportunities in the past to collaborate on organizational initiatives.  

For providers to successfully develop connections to a health information exchange, whether it’s hyper-local, state-wide or national, both departments must share the responsibility of ensuring that patient data is appropriately and securely passed between participating organizations.

“Collaboration is important because both the HIM and IT departments bring value to the HIE experience,” said Susan Carey, RHIT, PMP, System Director for HIM at Norton Healthcare during an interview with HealthITAnalytics.com at the 2015 AHIMA Convention in New Orleans.  “We have to have the technical infrastructure in place, and it has to fit within the organization’s configuration, and that’s what IT knows best.”

“Then HIM has to come in to ensure that the information flowing through that architecture gets where it needs to go,” she continued.  “You can’t have IT doing that, because they don’t understand all the rules, policies, and procedures of use and disclosure.  HIM needs to take it up and look at where the data is going and who’s using it so they can support the integrity of the data, which is what it’s all about.”

Joining a health information exchange, or building one in a local community, isn’t just a matter of connecting a few wires and watching the data move back and forth.  There are numerous patient privacy rules to parse out, and the security of the data must be paramount when devising guidelines and usage agreements for the network.  While existing HIEs have often done much of this work already, it remains the responsibility of each participant to ensure that data is being handled appropriately before and after it enters the local system.

Neither the HIM nor the IT departments can meet these requirements independently, says David Borden, Chief Technology Officer at MRO Corporation, which provides PHI disclosure management services to HIE-minded organizations.

“There’s a phrase that’s used a lot, which is ‘the security and privacy of patient information,’” he said. “Very often, it’s not well understood that security and privacy are two very distinct knowledge domains.  IT is very good at security, and sometimes they may think that means they’re also good at privacy, without realizing that’s just as naïve as someone who’s trained in privacy thinking they understand all the ins and outs of security.”

“Because IT has been, by and large, in the role of implementing HIEs, and because it’s been seen as mainly a technical problem that needs to be solved, the privacy aspects have taken a back seat.  And that’s problematic.”

As health information exchange evolves, this misconception may produce a number of obstacles for providers, who would prefer to stay out of the data breach headlines that seem to crop up on a near-daily basis. 

“It’s still early enough that there are many big challenges that are going to arise,” Borden said.  “People have a general idea of where those problems are, but with any new technical product, you put it out and then you only really understand what you didn’t know about the design after it’s gotten some usage.  We’re in that early usage stage, and hopefully we’ll be able to recognize some of those information governance problems as we move along.”

“Then people are going to recognize the importance of bringing in subject matter experts like HIM professionals to help address those problems,” he added. “HIEs are still struggling at all levels with financial sustainability, and it’s hard to get participation and monetary contribution unless you can really show what the return on the investment will be,” Borden pointed out. 

“HIM can really pinpoint that and actually operationalize it to make it happen.  Right now there’s a lot of general availability of information, but it hasn’t been tailored into the workflow.  That requires more technical work, but it’s going to have to come through collaborative effort.”

Carey and Borden both have first-hand experience with the difficulties of bringing health information exchange into healthcare organizations while remaining vigilant about the appropriate use and disclosure of patient data.  Borden is a member of the board at the Pennsylvania eHealth Authority, and has worked closely with DirectTrust to expand the adoption of Direct secure messaging across the industry.

At Norton Healthcare, a five-hospital system serving Kentucky and parts of Southern Indiana, Carey has been helping to lead the system’s connection to the Kentucky Health Information Exchange (KHIE), keeping the HIM department fully involved in the process of maintaining high levels of data integrity and security.

“KHIE had a council that put together what the security parameters were, so we followed that,” she explained.  “And our EHR is certified, so that’s all set up from that perspective.  Our next steps, where it comes to privacy, is guarding against breaches and things like that.  We just don’t know where the threats are going to come from.  We have to have the situation occur before we can understand where the breach happened or where the mismatch in the patient’s identity occurred so we can go back and work with everyone to prevent it next time.”

“I have a great relationship with our HIE coordinator, and I’m a charter member of the privacy council,” she said.  “Through that exposure, I know they’ve put a very secure structure in place.  They have master patient index (MPI) duplicate checking software, so they’re doing all the right things.”

But even when obeying all applicable patient privacy and security regulations to the letter, healthcare organizations may find themselves handicapped by state and federals laws written long before interoperability and electronic data exchange became top priorities for the healthcare industry.

“The challenge is that we’re working with outdated laws,” said Carey.  “Our state’s laws are out of date when it comes to electronic data in healthcare, so that’s an aspect we have to deal with.  How do we take the laws we have today and apply them to this new world we’re in?”

“And how do we educate our lawmakers about the problems?” Borden added.  “One of the activities in the PA HIE is a committee that’s trying to work with legislators to get the state laws in line with HIPAA, so we don’t have to be following multiple sets of regulations, especially as state HIEs want to have interstate communication.  It makes it very challenging when one state is opt-in and the next is opt-out, for example,” he said.

“AHIMA is definitely looking at this and trying to understand all the issues so that we can get our members to move forward in each individual state,” Carey said.  She is a member of the 2015 AHIMA Board of Directors, which is taking the organization’s slogan, “HIM without walls,” to heart.  

AHIMA has been focusing on promoting the importance of utilizing HIM professionals across the organization to maintain data integrity, improve clinical documentation, foster interoperability, and delve into big data analytics, all of which will build a strong foundation for the next stages of meaningful use, the eventual implementation of the Merit-Based Incentive Programs (MIPS), and whatever health IT initiatives may come after that.

But internal cultural change must be the first priority for healthcare organizations, Carey says.  Without a collaborative spirit and a willingness to have an open dialogue between the HIM and IT departments, none of these important projects will be able to get off the ground.

I feel like we’re in a good place with HIEs, but there’s a lot more work to be done,” she said.  “We have made great strides.  But you don’t know what you don’t know.  So keeping those avenues open between IT and HIM is really want you want to strive for.  We have to understand the roles we all play and what the use cases are.”

Executive leadership can often be an important stimulant for building interdepartmental relationships, she added, but there’s no reason why HIM and IT staff members can’t make overtures towards a cooperative relationship themselves. 

“Every organization is a little bit different in their reporting structure, but I think HIM professionals are very capable of going out to IT and establishing the relationship.  In some cases, a senior leader may need to be involved.  But senior leaders who come in and just say, ‘Hey, fix this and do this because we have to meet a deadline,’ aren’t always that helpful.”

“In my organization, the HIE is spearheaded through our CMIO, and he and the CIO both have roles with it,” she explained.  “I report to the CIO, and the CMIO has a manager that sets up the exchange, and then she hands it off to me.  HIM could do all of that, but it’s about compromise and buy-in.  You have to look at your own organization and see what makes sense.”

“It can be a struggle,” she acknowledged.  “It’s true that everyone has deadlines and they’re told that they have to push through everything because if they don’t, they’re not going to get those meaningful use dollars.  There are always competing initiatives, and that’s a real challenge.”

Healthcare leaders are often told to look towards other industries, such as telecom and banking, for clues about how to construct data sharing networks that harness the potential of big data analytics for customer satisfaction and internal business intelligence.  But healthcare faces unique challenges that may require a slightly different – and slower – approach to crafting the health information exchange connections that will improve clinical care and generate actionable insights, Borden says.

“The datasets are so complex that when you want to create the standardization required for true interoperability, you have to start by coming up with those standards,” he said.  “And when you talk about the complexity of the human body, our knowledge is going to be evolving for the next 20 or 50 years.  So that’s one big challenge.”

“Another is that there’s no money,” he continued.  “When these other industries have done standardization and networking of systems, there was a lot of financial incentive, and a lot of clear ROI that came out right away.  It’s not quite clear how healthcare is going to achieve a payoff at the end of meaningful use.”

“That’s why analytics is such a hot topic, because that’s one of the big payoffs from doing this,” Borden said.  “But it’s going to be much more challenging and piecemeal in healthcare and you already see a lot of fragmentation.  No one has a big analytics picture.  Everyone has a little sliver of it.  That’s going to be something that, in the next five years, will start showing some ROI.  Some companies are already seeing benefits from these niche analytics use cases, and I think that will continue to evolve.”

But there’s no clear consensus on how those bits and pieces of the data-driven landscape are going to come together into a cohesive ecosystem.  While some stakeholders believe that vendors are primarily responsible for helping providers implement the foundational health information exchange and interoperability capabilities, others would prefer a stronger rule-based approach that would keep the industry to a strict and ambitious timetable.

Still others would like to see regulatory bodies like CMS and the ONC take a step back, and let the marketplace dictate the pace of technical development.  Independent private or public-private partnerships are becoming a significant force in the health information exchange arena, and state-level HIEs are still pushing to connect hospitals and health systems into increasingly sophisticated networks.

“It’s fascinating to work in the industry, because we do have all these different forces out there, and it’s a true marketplace of ideas,” Borden said.  “Obviously the government deciding to spend $30 billion on meaningful use has been an important impetus for progress, and it had a very clear, focused purpose which was to get everybody over the hump and onto EHRs.  That was very successful.”

“But that was sort of a low hanging fruit in the equation, and the next steps are by no means as clear.  I think it’ll be very risky for government or some other large hand to step up and say what direction we should go.  I think it’s just going to evolve slowly as all these different organizations make their contributions in different directions, and ultimately the things that are valuable will rise to the top.”

That may happen sooner rather than later, Carey predicts, if healthcare organizations can successfully establish the internal relationships required to position themselves for success.

The thing to remember is that the technology is here,” she said.  “We have it.  We know the value and the benefit.  And if we don’t embrace it, or we decide to look the other way, then shame on us.  Because that’s how laws get made and regulations change.  We need to take action, and we can’t remain silent.  We have to do everything we can to move forward and make the progress we want to see.”