In This Guide
What is Interoperability?
It is the ability of different information systems, devices and applications (systems) to access, exchange, integrate and cooperatively use data in a coordinated manner, within and across organizational, regional and national boundaries, to provide timely and seamless portability of information and optimize the health of individuals and populations globally.
Health data exchange architectures, application interfaces and standards enable data to be accessed and shared appropriately and securely across the complete spectrum of care, within all applicable settings and with relevant stakeholders, including the individual.
Four Levels of Interoperability
- Foundational (Level 1): Establishes the inter-connectivity requirements needed for one system or application to securely communicate data to and receive data from another
- Structural (Level 2): Defines the format, syntax and organization of data exchange including at the data field level for interpretation
- Semantic (Level 3): Provides for common underlying models and codification of the data including the use of data elements with standardized definitions from publicly available value sets and coding vocabularies, providing shared understanding and meaning to the user
- Organizational (Level 4): Includes governance, policy, social, legal and organizational considerations to facilitate the secure, seamless and timely communication and use of data both within and between organizations, entities and individuals. These components enable shared consent, trust and integrated end-user processes and workflows
What is Health Information Exchange and Data Sharing?
Health information exchange, or HIE, provides the capability to electronically move clinical information among disparate healthcare information systems and maintain the meaning of the information being exchanged. The goal of health information exchange is to facilitate access to and retrieval of clinical data to provide safe, timely, efficient, effective and equitable patient-centered care. HIE can also be used by public health authorities to assist in the analysis of the health of populations.
The term HIE is generally used as either a verb or a noun.
- Verb: The electronic sharing of health-related data between two or more organizations facilitated by applied standards for use by a variety of stakeholders to inform health and care.
- Noun: Organizations within the United States that provide health information exchange technology and services at a state, regional or national level and often work directly with communities to promote secure sharing of health data.
In the European Union, the act of information exchange is often referred to as data sharing. The European Commission’s Support Centre for Data Sharing uses the term to refer to the collection of practices, technologies, cultural elements and legal frameworks that are relevant to transactions in any kind of information digitally, between different kinds of organizations. This term is more broadly applied to all types of data sharing, but can also be specifically used for health-related data.
Standards provide a common language and a common set of expectations that enable interoperability between systems and/or devices. In order to seamlessly digest information about an individual and improve the overall coordination and delivery of healthcare, standards permit clinicians, labs, hospitals, pharmacies and patients to share data regardless of application or market supplier.
A standards organization, standards body, standards development organization (SDO) or standards setting organization is focused on developing, coordinating, promulgating, revising, amending, reissuing, interpreting, or otherwise producing standards that are intended to address the needs of some relatively wide base of affected adopters.
In order to be recognized as an SDO, an organization may be accredited by the American National Standards Institute (ANSI) or the International Organization for Standardization (ISO). Standards are also developed by other groups such as trade unions or associations. The development and adoption of open, consensus-based standards can be a complex process involving many different stakeholders and subject matter experts.
There are over 40 different SDOs in the health IT arena. Some entities create standards, such as Health Level Seven (HL7), Systematized Nomenclature of Medicine (SNOMED) International, and the Clinical Data Interchange Standards Consortium (CDISC). Others, like Integrating the Healthcare Enterprise (IHE), do not develop new standards, but rather bundle complementary base standards into IHE profiles that are used to define a specific function or use case, and then are balloted. This creates a scenario that helps drive adoption of the base standards by providing implementation guidance that describes how multiple standards can be used together to support interoperable health information exchange.
The different SDOs and profiling organizations have varying compositions and processes, but generally follow shared principles based on developing standards through a multi-stakeholder, consensus-based process to respond to specific industry or market needs.
Types of Standards
In order to understand the types of health data standards available for use, informatics professionals organize these standards into the following specific categories: vocabulary/terminology, content, transport, privacy and security, and identifiers.
Vocabulary/terminology standards address the ability to represent concepts in an unambiguous manner between a sender and receiver of information, a fundamental requirement for effective communication. Health information systems that communicate with each other rely on structured vocabularies, terminologies, code sets and classification systems to represent health concepts. Some common vocabulary standards currently used in the marketplace include:
- Current Procedural Terminology (CPT®): A code set, maintained by the American Medical Association (AMA), used to bill outpatient and office procedures.
- Healthcare Common Procedure Coding System: A set of healthcare procedure codes based on CPT that is used for Medicare reimbursement.
- ICD-10 and ICD-11: The International Statistical Classification of Diseases and Related Health Problems (ICD) is a medical classification list by the World Health Organization (WHO). It contains codes for diseases, signs and symptoms, abnormal findings, complaints, social circumstances, and external causes of injury or diseases. The 11th revision will replace the ICD-10 in January 2022.
- Logical Observation Identifiers Names and Codes (LOINC®): A universal code system for identifying health measurements, observations and documents. These codes represent the “question” for a test or measurement. LOINC codes can be grouped into laboratory and clinical tests, measurements and observations.
- National Drug Code (NDC): Maintained by the U.S. Food and Drug Administration, NDC provides a list of all drugs manufactured, prepared, propagated, compounded or processed for commercial distribution.
- RadLex: A unified language of radiology terms for standardized indexing and retrieval of radiology information resources, managed by the Radiological Society of North America. It unifies and supplements other lexicons and standards, such as SNOMED-Clinical Terms and DICOM.
- RxNorm: A terminology used to normalize names for clinical drugs and links its names to many of the drug vocabularies commonly used in pharmacy management and drug interaction software. By providing links between these vocabularies, RxNorm can mediate messages between systems not using the same software and vocabulary.
- Systematized Nomenclature of Medicine-Clinical Terms (SNOMED-CT): A comprehensive clinical health terminology product. It enables the consistent, processable representation of clinical content in electronic health records (EHRs). These codes often represent the “answer” for a test or measurement to the LOINC “question” code.
- The Centers for Disease Control and Prevention (CDC) provide a number of code sets for vaccines (Vaccines Administered (CVX)) and manufacturers (Manufacturers of Vaccines (MVX)). These codes can be used in immunization messages.
- The Unified Code for Units of Measure: A code system intended to include all units of measures used in international science, engineering and business to facilitate unambiguous electronic communication of quantities together with their units.
Content standards relate to the data content within exchanges of information. They define the structure and organization of the electronic message or document’s content. This standard category also includes the definition of common sets of data for specific message types.
- Consolidated CDA (C-CDA): A library of CDA templates, incorporating and harmonizing previous efforts from HL7, IHE, and Health Information Technology Standards Panel (HITSP). It represents harmonization of the HL7 Health Story guides, HITSP C32, related components of IHE Patient Care Coordination and Continuity of Care Documents, or CCD.
- HL7’s Version 2.x (V2): A widely implemented messaging standard that allows the exchange of clinical data between systems. It is designed to support a central patient care system as well as a more distributed environment where data resides in departmental systems.
- HL7 Version 3 Clinical Document Architecture (CDA®): An XML-based document markup standard that specifies the structure and semantics of "clinical documents" for the purpose of exchange between healthcare providers and patients. It defines a clinical document as having the following six characteristics: persistence, stewardship, potential for authentication, context, wholeness and human readability.
Transport standards address the format of messages exchanged between computer systems, document architecture, clinical templates, user interface and patient data linkage. Standards center on “push” and “pull” methods for exchanging health information.
- Digital Imaging and Communications in Medicine (DICOM): The standard for the communication and management of medical imaging information and related data. DICOM enables the transfer of medical images across systems and facilitates the development and expansion of picture archiving and communication systems.
- Direct StandardTM: Defines a set of standards and protocols to allow participants to send authenticated, encrypted health information directly to known, trusted recipients over the internet. Two primary specifications are the Applicability Statement for Secure Health Transport v1.2 and the XDR and XDM for Direct Messaging.
- Fast Healthcare Interoperability Resources (FHIR®): An HL7 standard for exchanging healthcare information electronically. The basic building blocks of FHIR are “resources,” which describe exchangeable health data formats and elements. FHIR also provides standardization for application programming interfaces (APIs). FHIR provides a number of benefits and improvements as a modern healthcare standard including facilitating interoperable exchange with legacy standards, lower overhead, shorter learning curve, an ability to transmit only the necessary pieces of information, potential for patient mediated data, and an energized community of supporters and implementers.
- IHE provides a number of specifications that can be used in the exchange of health information.
- PCHAlliance co-sponsors the Personal Health Device (PHD) efforts within the IHE Devices Domain, which are focused on developing IHE profiles that leverage and build upon the Continua Design Guidelines and are also updated to support FHIR. These profiles provide guidance to implement globally recognized, consensus-based approaches to connect and test both personal and clinical devices and integrate them into health information systems. The specifications being developed support both medical devices and mainstream consumer facing apps to enable scalable interoperability of the rapidly expanding connected health ecosystem.
Privacy and Security Standards
Privacy standards aim to protect an individual's (or organization's) right to determine whether, what, when, by whom and for what purpose their personal health information is collected, accessed, used or disclosed. Security standards define a set of administrative, physical and technical actions to protect the confidentiality, availability and integrity of health information.
In the U.S., the Health Insurance Portability and Accountability Act (HIPAA) outlines standards that safeguard the privacy and security of protected health information.
- HIPAA Privacy Rule: Establishes national standards to protect individuals’ medical records and other personal health information. It applies to health plans, healthcare clearinghouses, and healthcare providers that conduct certain healthcare transactions electrically. The rule applies safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures of such information without patient authorization. The rule also gives patients rights over their own health information, including the right to examine and obtain a copy of their records, and to request corrections.
- HIPAA Security Rule: Sets national standards for protecting the confidentiality, integrity, and availability of electronically protected health information. Compliance with the Security Rule was required as of April 20, 2005 (April 20, 2006 for small health plans). The rule addresses the technical and non-technical safeguards that “covered entities” must have in place to secure an individual’s electronic protected health information. Prior to HIPAA, there were no generally accepted requirements or security standards for protecting health information.
In Europe, the General Data Protection Regulation (GDPR) outlines privacy and security regulations for all processing and storage of data relating to data subjects—or people—in the European Union (EU). This regulation extends to health information and any organization that may process or store data on these subjects, meaning it has extensive reach to many organizations worldwide and related to the sharing of data across organizations.
Entities use identifier standards to uniquely identify patients or providers.
- Enterprise Master Patient Index (EMPI): A data registry used across a healthcare organization to maintain consistent and accurate data on the patients treated and managed within its departments.
- Medical Record Number (MRN): An organization specific code used as a systematic documentation of a patient’s history and care during a hospital stay.
- National Council of State Boards of Nursing ID (NCSBN ID): A unique identifier automatically generated for each registered nurse and licensed practical/vocational nurse, freely available via the Nursys database and maintained by NCSBN.
- National Provider ID (NPI): A unique 10-digit number for a healthcare provider to create a standard identification. These NPIs are included in the free NPI Registry.
- Object ID (OID): A globally unique ISO identifier and a preferred scheme for unique identifiers in HL7.
Standards, Implementation Guides and Profiles
Standards on their own are helpful because they describe and constrain what data moves.
Implementation guides describe how to implement these standards for a specific use case. An implementation guide is a companion to a standard that describes how to use a standard to satisfy a specific healthcare use case. It should specify which way a standard is to be applied in a particular use case—how to structure the data consistently and what vocabulary to use. While you can implement a standard in a number of different ways, when using an implementation guide to integrate a standard into a health IT system, the guide directs one way to constrain the standard for a particular situation, removing ambiguity and achieving consistency.
A benefit to the use of implementation guides like IHE Profiles is that they provide a common language for purchasers and market suppliers to discuss the integration needs of healthcare sites and the integration capabilities of health IT products. They provide precise definitions of how to implement standards to meet specific clinical needs. They offer developers a clear implementation path for standards that has been carefully documented, reviewed and tested as well as supported by industry partners. They give purchasers a tool that reduces the complexity, cost and anxiety of implementing interoperable systems. IHE profiles, in particular, organize and leverage the integration capabilities that can be achieved by coordinated implementation of communication standards, such as DICOM, HL7 W3C and security standards.
Testing and Conformance Efforts
The adoption and implementation of standards involves a testing ecosystem that spans standards development, implementation and feedback from real-world testing into the development process to support continuous improvement. There are various different testing and compliance efforts that support advancing health IT interoperability, including:
- Conformity Assessment: IHE International administers the IHE Conformity Assessment Scheme, which forms the basis for IHE Conformity Assessment Programs and any official certification of conformance to IHE Profiles associated with such testing programs. IHE International authorizes designated test laboratories accredited under this standard to assess the conformity of products with selected IHE profiles.
- eHealth Exchange Testing Program: The program was developed to test compliance for HIE standards as required by the eHealth Exchange Coordinating Committee for onboarding to the eHealth Exchange network. Its purpose is to enable organizations that wish to participate in the exchange to validate the compliance of their health IT with the eHealth Exchange Performance and service specifications.
- HL7 FHIR® Connectathons: These events provide hands-on FHIR development and testing opportunities held in conjunction with working group meetings. Participants engage in development and testing, working directly with other FHIR developers and senior members of the FHIR standards development team.
- IHE Connectathons: A cross-vendor, supervised and structured testing event where the industry tests implementation of IHE Profiles and other standards to successful standards implementation and use. All tests are evaluated on interoperability and conformance to IHE Profiles found in IHE’s technical frameworks. The test floor is overseen by IHE’s technical project managers, providing a safe, neutral test environment and an opportunity for industry collaboration and problem resolution.
- Office of the National Coordinator for Health IT Health IT Certification Program: A voluntary certification program established by the Office of the National Coordinator for Health IT (ONC) to provide for the certification of health IT. Requirements for certification are established by standards, implementation specifications and certification criteria adopted by the ONC secretary. The program supports the availability of certified health IT for its encouraged and required use under other federal, state and private programs. The program is run as a third-party product conformity assessment scheme for health IT based on the principles of the ISO and International Electrotechnical Commission framework.
Organizations like the Global Consortium for eHealth Interoperability, which was co-founded by HIMSS, IHE International and HL7 International, work to amplify and align the work of organizations like IHE and HL7 to increase adoption of emerging and mature health IT standards. The primary goal of the consortium is to coordinate work with governments and national ministries of health to further align existing and emerging standards and implementation guidance with strategic healthcare policy goals to achieve improved health outcomes for people everywhere.
The Interoperability Ecosystem
The health interoperability ecosystem comprises individuals, systems and processes that want to share, exchange and access all forms of health information, including discrete, narrative and multimedia. Individuals, patients, providers, hospitals/health systems, researchers, payers, suppliers and systems are potential stakeholders within this ecosystem. Each is involved in the creation, exchange and use of health information and/or data.
An efficient interoperability ecosystem provides an information infrastructure that uses technical standards, policies and protocols to enable seamless and secure capture, discovery, exchange and utilization of health information.
Exchange Partners and Data Sources
Historically, the focus was on the exchange of clinical information between providers and hospitals. As the technology has progressed, these exchange partners have broadened to include individuals, such as patients and caregivers, and organizations, such as long-term care, public health departments, community-based organizations and payers. With this expansion, along with the shift to value-based care, has also come a broader range of data types that are available to inform health and care, including device data, patient-generated data and data pertaining to the social determinants of health. Social determinants of health can include data points such as an individual’s housing status, access to reliable transportation and level of food security.
There are three primary types of exchange network architecture used to coordinate the exchange of health information across entities.
- Centralized: Patient data are collected and stored in a centralized repository, data warehouse or other databases. The exchange organization has full control over the data, including the ability to authenticate, authorize and record transactions among participants.
- Federated (Decentralized): Interconnected but independent databases allow for data sharing and exchange, and grant users access to the information only when needed.
- Hybrid: Incorporates variations of federated and centralized architectures to harness the advantages of both. These are becoming common as various combinations of available services are implemented.
An important technical development that has expanded exchange partners and data sources is the emergence of healthcare APIs. APIs outline a set of clearly defined specifications to allow for one software application to build on the data and functionality of another application, without needing to understand its system design. APIs are already ubiquitous in today’s web economy, and will play an essential role with respect to fueling healthcare interoperability for person centered care.
Types of HIE Organizations
An HIE organization oversees and governs the exchange of health-related information among organizations according to nationally recognized standards. The purpose of a health information exchange organization is to perform oversight and governance functions for information exchange. There are several different types of HIEs currently operating across the U.S. and its territories:
- Hybrid HIEs are often collaborations between organizations, such as an ACO and a vendor network, within a state or region. The Kentucky Health Information Exchange is an example of a hybrid model.
- Private/Proprietary HIEs concentrate on a single community or network, often based within a single organization, and include overall management, finance and governance. Examples may include hospital/integrated delivery system networks, payer-based HIEs and disease-specific HIEs. Some software vendors have also established an HIE network for their clients across the U.S. Additionally, the industry may see other evolving entities such as Accountable Care Organizations (ACOs) supporting information exchange.
- Regional/Community HIEs are inter-organizational and depend on a variety of funding sources. Most are not-for-profit. Indiana Health Information Exchange and Chesapeake Regional Information System for Our Patients are examples of a regional HIEs.
- State-wide HIEs are run by the governments of their respective states or maybe the state's designated entity. Some state-wide (and regional) HIEs use an umbrella approach and serve as the aggregator for disparate private health information exchanges. Statewide Health Information Network for New York and Arizona’s Health Current are examples of a state-wide HIEs.
U.S. Exchange Initiatives: An Environmental Scan
Many organizations are actively working to achieve ubiquitous exchange. This environmental scan provides a curated review of the current landscape of the U.S.-based networks and frameworks which enable interoperable, nationwide health information exchange via a variety of methods and collaborations.
International Networks Enabling Exchange
Beyond the examples outlined above, various exchange networks and infrastructure have been established globally.
- The eHealth Digital Service Infrastructure (EHDSI) facilitates the two primary building blocks of cross-border digital health services in Europe: ePrescription and Patient Summary. ePrescription (and eDispensation) allows EU citizens to obtain their medication in a pharmacy located in another EU country. Patient Summary provides information on important health related aspects such as allergies, current medication, previous illness, surgeries, etc. The digital Patient Summary is meant to provide doctors with essential information in their own language concerning the patient, when the patient comes from another EU country and there may be a linguistic barrier.
- An important precursor of major exchange initiatives in Europe have been the European Reference Networks. These are virtual networks involving healthcare providers across Europe. They aim to facilitate discussion on complex diseases and conditions that require highly specialized treatment, providing concentrated knowledge and resources. Coordinators convene virtual advisory panels of medical specialists across different disciplines, using a dedicated IT platform and telemedicine tools.
- Argentina’s National Interoperability Network uses standards to enable communication between participating health information systems, providing a bridge for identity management across systems, sharing documents and patient summaries, managing ePrescriptions and supporting national registries.
- Australia’s My Health Record is an opt-out, CDA-based document repository used to store shared health summaries, eReferrals, specialist letters, discharge summaries, event summaries, prescription records, diagnostic imaging and pathology reports. Once patients have their record, they are able to manage access and permissions.
- Canada’s Health Infoway manages an ePrescribing service, PrescribeIT, electronically shares prescription information from clinicians with pharmacies for dispensing. Another Infoway initiative, ACCESS Health, aims to accelerate citizen access to personal health information and digital health services. The exchange initiative is expected to use a cloud-based infrastructure, a FHIR-based API service and a blockchain-enabled consent service.
- Hong Kong’s Electronic Health Record Sharing System is the country’s equivalent to a regional HIE, managing patient data on care episodes, lab results, radiology studies and drug items. The Hong Kong Hospital Authority launched eHRSS to public and private health sectors using an opt-in patient consent model.
Be the Change: HIMSS Global Health Conference
August 9-13, 2021
Join changemakers at HIMSS21—in person and digitally—as we reimagine health together through education, innovation and collaboration.
Uses of Information Exchange
Watch the HIMSS TV deep-dive on interoperability.
Ultimately, the goal is to be able to share and access information that informs an individual’s full, longitudinal health story. By having and understanding the complete and accurate picture of an individual’s health—including their preferences and other determinants of health—includes a number of benefits. Clinicians can better inform care and decision making, patients can become active participants in their care plans, and health IT developers and implementers can leverage evidence to create and adopt systems that support clinical processes and improve care delivery.
A number of benefits can be realized for exchange stakeholders, including:
- Care coordination: Care coordination often involves a variety of stakeholders, including patients, caregivers and care teams across settings in the management of a patient’s health. This is a dynamic process that requires data movement across platforms and among service providers in real time to successfully manage care.
- Improving business and administrative processes: Having access to health information can eliminate time-consuming tasks within a health system, including processing of intake information, coordination across care teams and reporting needs associated with various regulatory requirements.
- Increased patient safety and satisfaction: Having a full picture of a patient’s health through access to disparate data can better inform clinicians on the patient’s medical history, preferences and past encounters. This can help avoid duplicate testing, reduce adverse events, inform care decisions and conduct appropriate follow-up to ensure adherence with care management.
- Value-based care: Population-level data analysis is an essential component of health systems managing high-risk patient populations, public health systems and other stakeholders working to coordinate care needs for a community. Understanding population data can enable better risk analysis and more cost-effective care. At an individual level, having access to longitudinal health data on a patient can reduce duplicative testing and close gaps in information. A key consideration in the shift to value-based care is the incorporation of non-traditional health data, such as an individual’s social determinants of health data (e.g. food security status, housing stability and access to reliable transportation) into patient records. This data can be leveraged by health systems to proactively identify a health risk within a target population and intervene to work toward positive outcomes.
With these benefits in mind, taking a use-case driven approach can frame how information sharing may inform care or business practices and can help frame the potential benefits and drive interoperability forward. The following examples provide a snapshot at how interoperable exchange may occur.
- Care delivery data: A physician can query a network or external health system for the appropriate patient data from other sources, such as other clinicians and hospitals. The physician can then select certain patient documents or resources (such as medication lists and reconciliations, allergy lists or lab reports) that they want to access during a patient visit.
- Consent management: Where consent is not governed by other laws or regulations, a centralized consent management process can enable consensus among the community's stakeholders for a patient consent model, and provide awareness of a patient’s willingness to participate in data sharing activities.
- Lab results: HIE services provide physicians with the ability to get results directly via their exchange networks.
- Medication reconciliation: Having a longitudinal view of all of a patient’s encounters can raise awareness of the potential medications a patient was previously or is currently using. This can allow for appropriate follow up with the patient to reconcile differences in records to produce an accurate picture of their medication lists for future encounters.
- Patient intake: Using a query and response process, the patient's health record can be acquired ahead of an appointment for clinician review.
- Patient preferences: Exchange networks can enable access to information about a patient’s care preferences, such as advance directives, empowering patients to make decisions in their care.
- Provider alerts: HIE organizations are able to provide alerts to a clinician on their patients when one presents to the emergency department or is admitted to or discharged from a hospital, to ensure appropriate follow-up can be conducted.
- Query services: Physicians may want to obtain more information about a patient that is referred to their office. They can query an exchange network which can in turn query other networks or health systems to assemble a complete, longitudinal health record.
- Record locator services/master patient indexes: Many exchange networks enable creation of one continuous community record or search capabilities for patient records, facilitating patient identification across multiple provider settings.
- Referrals: Organizations have the ability to send referrals directly through HIE services, along with all appropriate documentation.
- Secure messaging: Many use cases require the exchange of patient records or related health information between clinicians in different healthcare settings with different EHRs or IT systems. For instance, providers needing to send referrals can electronically share data, eliminating paper documents and expediting the patient's treatment.
- Transitions of care: As patients make the transition from one care setting to another (such as from hospital to a primary care provider or skilled nursing facility), interoperable exchange of relevant documentation from one care setting can be easily accessed at the next.
Workflow Considerations and Guidance
As the HIMSS definition suggests, interoperability goes beyond its technical requirements. Often there are policy changes influencing the value proposition and therefore willingness to exchange. Organizational considerations must align with external organizations and work toward achieving trust across stakeholders to enable meaningful data sharing. The following outlines some of these considerations and the approaches that may be leveraged.
Obtaining Patient Consent
Ensuring and communicating patient consent for data sharing activities is critical to abide by regulatory requirements and maintain the trust of the patient. There are several consent models used in information exchange, dependent on regulatory requirements within a jurisdiction.
- No consent: Patient health information at a participating healthcare organization is automatically included in and available for exchange.
- Opt-in: No patient data sets are made available for electronic exchange until patients actively express whether they would like to make all, or a pre-defined set, of their information available.
- Opt-in with restrictions: No patient data sets are made available for electronic exchange until patients actively give their consent to participate. Patients have the option to:
- Allow information to flow only to specific providers/li>
- Include only specific categories of data or data elements
- Make all of their information available for exchange
- Opt-out: All or some predefined data sets are qualified to be included and available for exchange, after patients are given the opportunity to opt out in full.
- Opt-out with exceptions: All or some predefined data sets are qualified to be included and available for exchange after patients are given the opportunity to:
- Allow the exchange of their information only for specific purposes
- Limit exchange of their information only for specific purposes
- Limit exchange of their information to specific providers or provider organizations
- Opt out in full
- Selectively exclude categories of data or specific data elements from the exchange
Regardless of the model leveraged, a patient has the right to revoke their consent at any time, and processes to ensure that preference is communicated and enforced is important for data sharing processes.
Ensuring Privacy and Security
Regulations such as GDPR in the EU, HIPAA in the U.S., and various other national and state laws and regulations set forth privacy and security requirements to safeguard health information when it is created, received, transmitted, or maintained by health systems and other organizations. Privacy and security considerations may include the following:
- Executing and implementing data use and reciprocal support agreements (DURSA)—also known as trust agreements—with the health systems and other stakeholders. These agreements set forth who may access and exchange the data. Additionally, such agreements set forth standard privacy and security policies and procedures that govern data protection and use. Further, data is typically encrypted when data is exchanged from one organization to another.
- While specific security requirements may differ depending upon the DURSA, a typical DURSA may call for each participant to maintain appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity and availability of the data, aligned with the HIPAA requirements and any other applicable laws and/or regulations.
Producing High-Quality Data
In order to ensure that the information received from disparate sources can be trusted that it is accurate and complete, there needs to be efforts by organizations to maintain high-quality data. This can be achieved by ensuring that:
- Data are structured and coded with standardized terminology and styles where possible to be leveraged in a machine-readable format for analysis and interpretation
- Documentation is robust and complete to communicate the full patient story in a way that provides meaning to the human end user of the information.
Public Policy and Government Efforts
Achieving interoperability to date has required government involvement, guidance and regulation. Public policy efforts have the potential to drive forward frameworks for trusted exchange, align and educate stakeholders on existing and emerging standards and broaden stakeholder participation to ensure an inclusive exchange ecosystem for care coordination and continuity. The following outlines examples of how governments have worked to facilitate exchange both within the U.S. and in countries around the world.
United States Policies and Initiatives
With the goal of achieving ubiquitous, interoperable, nationwide exchange, the U.S. Department of Health and Human Services (HHS) has enacted and implemented a variety of legislation, regulations and guidance to further the adoption of standards-based approaches to interoperability.
21st Century Cures: Key Provisions
Among the health IT provisions outlined in 21st Century Cures, many sections provide directives to the ONC, Centers for Medicare and Medicaid Services (CMS) and other agencies related to improving interoperability.
- The draft Trusted Exchange Framework and Common Agreement includes the policies, procedures and technical standards that build from existing health information network capabilities and enables them to work together to provide that single on-ramp to electronic health information regardless of the developer, health information exchange, or where a patient’s records are located.
- The U.S. Core Data for Interoperability is a “standardized set of health data classes and constituent data elements for nationwide, interoperable health information exchange.” A “Data Class” is an “aggregation of various Data Elements by a common theme or use case.”
- The ONC Interoperability and Information Blocking Final Regulation implements key provisions of the 21st Century Cures Act focused on advancing interoperable exchange; supporting the access, exchange and use of electronic health information; and addressing occurrences of information blocking. The rule calls for accelerated use of healthcare APIs. ONC Certified Health IT must have standardized APIs for patient and population services, and meet specific requirements called out in the API Conditions and Maintenance of Certification. Most importantly, the regulation requires that United States Core Data for Interoperability is available for healthcare providers and patients “without special effort.”
- The Cures Act tasks ONC with the creation of an EHR Reporting Program as a condition of their certification and maintenance of certification. ONC has a process to solicit feedback from the industry on what criteria and methods of collection should be explored for this program. The program's reporting criteria aims to address the following five categories: security, interoperability, usability and user-centered design, conformance to certification testing, and other categories as appropriate to measure the performance of certified EHR technology.
In parallel with the release of the ONC Interoperability and Information Blocking Final Regulation, CMS also outlined an Interoperability and Patient Access Final Regulation, as part of their MyHealthEData Initiative, focused on driving exchange of and patient access to health information by liberating patient data using CMS authority to regulate Medicare Advantage, Medicaid, Children’s Health Insurance Plan, and Qualified Health Plan issuers on the federally facilitated exchanges.
Interoperability Standards Advisory
The Interoperability Standards Advisory (ISA) process represents a single, public list of standards and implementation specifications published by ONC. ONC coordinates the identification, assessment and determination of these recommended standards and implementation specifications for industry use to fulfill specific clinical health IT interoperability needs. Stakeholders are encouraged to implement and use these recommended standards as applicable to their needs.
The ISA is organized into sections with related interoperability needs, each including one or more standards or implementation specifications to accomplish the listed need. Additional characteristics on these standards and implementation specifications are listed to inform stakeholders on maturity and adoption. These include:
- Adoption Level: Approximate, average adoption level for that specific use case in healthcare within the United States.
- Cost: Conveys whether a fee is involved to purchase, license, or obtain membership for access or use of the recommended standard or implementation specification.
- Federally Required Status: Conveys whether a standard or implementation specification has been adopted in regulation, referenced as a federal program requirement, or referenced in a federal procurement (i.e., contract or grant).
- Implementation Maturity: Conveys maturity based upon its implementation state.
- Standards Process Maturity: Conveys maturity in terms of its stage within a particular organization’s approval/voting process.
- Test Tool Availability: Conveys whether a test tool is available to evaluate health IT’s conformance to the standard or implementation specification.
Advancing Standards for Precision Medicine
This ONC project aims to standardize data found outside of traditional care delivery settings. As part of the precision medicine initiative, it focuses on standards in two areas:
- Mobile health, sensor and wearable data
- Social determinants of health data
Interoperability Proving Ground
ONC hosts an open, community platform where individuals and organizations can share and learn from projects occurring in the United States and internationally.
Data: Elemental to Health Campaign
HIMSS and PCHAlliance strongly urge prioritization of necessary funding and technical assistance to implement modern health information and technology strategies to ensure timely interoperability and sharing of public health surveillance data. An important component is the work in partnership with the Association of Public Health Laboratories, Council of State and Territorial Epidemiologists and the National Association for Public Health Statistics and Information Systems that support this multi-year effort to modernize public health data systems, surveillance and analytics at the CDC, and state, local and tribal health departments. Funding included in the Fiscal Year 2020 Appropriations Package and the Coronavirus Aid, Relief and Economic Security (CARES) Act, will help address some of the challenges, but in the long term, we need a predictable and sustained funding source to fully tackle this issue.
State-Level Interoperability Initiatives
In the U.S., state public health agencies manage and track information for immunizations, infectious diseases and vital statistics, however, they often lack adequate funding to ensure their information systems are updated and conform to national standards and profiles. Health information exchanges—which are public or private entities, depending on the state and region—aim to ensure there is robust and standardized data exchange between and among public health entities and state and local health departments.
Global Governmental Policies and Initiatives
At an international level, there are a variety of initiatives being led by health ministries and governments to further country-level and cross-border interoperability efforts.
The Global Digital Health Partnership (GDHP) is a collaboration of over 40 governments and territories, government agencies and the World Health Organization, formed to support the effective implementation of digital health services. Interoperability is one of the various work streams explored by GDHP. The proposed work stream activities focus on the evolving challenges of sharing patient data between care providers, organizations, caregivers and patients. These challenges are partly a technical problem for health systems, clinicians and patients, however they also pose significant risks for patient safety, and detract from high-quality coordinated care and the efficient delivery of services. A GDHP report outlines a variety of government efforts from 15 participating countries.
In Europe, the EU EHR Exchange Format developed the EU’s eHealth Network to support the digital transformation of health and care in the EU by seeking to unlock the flow of health data across borders, and support implementation of the Cross-Border Health Care Directive. The recommendation seeks to facilitate the cross-border exchange of EHRs in the EU by supporting member states in their efforts to ensure that citizens can securely access and exchange their health data wherever they are in the EU. It will help citizens to quickly access and share their health data with healthcare professionals, for example, when consulting a specialist or receiving emergency treatment in another EU country.
The backbone infrastructure for the EHR exchange is the EHDSI. The EHDSI consists of services and infrastructure that use information and communication technologies to enable cross-border healthcare services. Initial focus is on enabling the exchange of baseline health information, including:
- ePatient Summary to provide access to verified key health data of a patient during an unplanned care encounter while abroad
- ePrescriptions to enables patients to receive equivalent medication treatment while abroad to what they would receive in their home country
A number of EU countries are already exchanging the ePatient summaries and ePrescriptions. As part of the EHDSI, Finland and Estonia were among the first to implement infrastructures to support the exchange of patient summaries, leveraging the X-Road platform, a free and open-source data exchange layer solution that enables organizations to exchange information securely over the internet. Future phases will include lab results, medical imaging and reports, and hospital discharge letters.
The European Commission also outlined priorities for 2019-2024 EU Digital Strategy, which included the creation of a European Health Data Space (EHDS) to foster the exchange and sharing of different kinds of health data (electronic health records, genomics, registries, etc.) in Europe. It aims to not only support exchange for the delivery of primary care, as well as, the development of new treatments, medicines, medical devices and services. Beyond the citizens, this would help meet the needs of different users and actors in the health system, while simultaneously protecting citizens’ data. The commission is currently working with the member states and stakeholders to define the best governance structure and set up the appropriate infrastructure for the EHDS. Additionally, some existing regulatory gaps regarding member states implementation of the GDPR for the secondary use of data are being addressed.
The European Interoperability Framework (EIF) gives specific guidance on how to set up interoperable digital public services. It offers public administrations 47 concrete recommendations on how to improve governance of their interoperability activities, establish cross-organizational relationships, streamline processes supporting end-to-end digital services, and ensure that both existing and new legislation do not compromise efforts.
In an effort to ensure secure and federated access to genomic data, the European 1+ Million Genomes Initiative aims to create a technical infrastructure to improve disease prevention, allow for more personalized treatments and provide a sufficient scale for new clinically impactful research. In addition to the technical foundation for this effort, the signatory countries will also assess ethical and legal implications of genomics, and data storage, security and ethical uses.
Beyond these broader initiatives occurring across Europe, many countries are also leading specific regional and national efforts to expand exchange abilities./p>
The Nordic Interoperability Project is a consolidated grassroots effort to demonstrate the value for the patient from a seamless cross-border exchange of health data. The consortium includes organizations from all five Nordic countries—Denmark, Finland, Iceland, Norway, Sweden—and works to enable patients to live and act in an open, seamless, cross-border healthcare ecosystem, by showcasing and implementing solutions and innovations from the Nordics. The goal is to enable the Nordics by 2030 to be the most sustainable and integrated health region in the world, providing personalized healthcare for all its citizens.
In Portugal, the Shared Services of the Ministry of Health (SPMS) is a state-owned enterprise that manages the Portuguese Health Ministry Central Purchasing and serves as the national IT authority and the Portuguese representative for eHealth cross-border affairs. SPMS provides shared services in the areas of purchasing and logistics, financial services, human resources, and information and communication technologies to health and care entities to centralize and optimize the procurement of goods and services within the Portuguese National Health System.
In Asia and the South Pacific, many governments are also adopting digital health strategies to encourage interoperable exchange. For example, India’s The Ministry of Health and Family Welfare (MoHFW) publishes EHR standards and created a Centre for Health Informatics under the eHealth Division of MoHFW as part of their Digital Health Strategy to initiate several digital health initiatives in the country, and started the National Health Portal as a citizen portal with the objective of improving the health literacy of the masses in India. New Zealand’s health agencies, organizations and individuals signed a Commitment to New Zealand Health Interoperability to outline principles to drive the adoption of exchange infrastructures and processes in their health sector.