Government & Policy

Q&A: Keeping state HIE costs low when 'rules are developed as we go'

By Tom Sullivan
February 04, 2013
08:33 AM

At least one state health information exchange has fallen prey to changing winds otherwise known as federal regulations. And that is just a single hurdle among the obstacles all HIEs, public and private, face as they try to keep pace with and build upon such rules.

Janet Hofmeister knows about those. As the program director at Florida HIE, Hofmeister trekked ahead of some states only to encounter new rules from ONC that forced the exchange to rethink some of its approaches — and to do so on a sustainability budget less than $2.5 million.

Hofmeister spoke with Government Health IT Editor Tom Sullivan about Florida HIE’s biggest hurdles in 2013, its design to keep costs minimal for all participants, and practicing privacy and security of patient data in the age of exchange.

Q: In running Florida HIE, what are your top challenges for the year ahead?
A: Certainly making sure that as we put the HIE into operation, and that the way we envisioned for it to work is actually the way it works. For example, we have policy and governance rules put into place and we need to make sure that the sites are adhering to them and also that they are practical for the sites to adhere to. So there may be changes we want to make there.

Technically we want to bring on the EHR vendors and now we’ve heard [about] an ONC guideline that for an SMTP POP connection you actually have to credit each EHR, so that’s a bit of extra work we hadn’t taken into consideration, but we do believe it’s very important so we’re just going to have to fit that into the schedule somehow.

Another challenge that we have kind of lived with for a while is that to some extent the rules are being developed as we go. And Florida HIE, we were actually out ahead of several other states so we did our implementation a little early and, in the meantime, ONC has come out with some new rules so we have to figure out those for the timing of our software — and also how to pay for it.

Q: Speaking of rules continuing to develop in real-time, there’s been this sort of lingering thought that health information exchange is limited to rather simple use-cases but when you start talking about the interoperability requirements in Stage 2, there’s potential for that to advance in 2013. How do you see HIE moving forward next year?
A: Exactly what you just said. The meaningful use Stage 2 requirement is going to be a driver for it and so we are trying to make sure that our system is ready for that.

We're also looking to connect a lot of the EHR vendors — that’s kind of our push for this year. Generally, we’re going to see a lot more use cases, such as an EHR that can use Direct to inform someone of an event. The one that is obvious is when a patient is admitted to a hospital. That notification can then go to their primary care or any other doctors they have and it also can go to their health insurance company.

To a limited extent those are in place now but one of the big issues is that data gets to payers quite late. Sometimes it can take months. So instead they could know that someone was in the hospital immediately and that helps them keep an eye on what’s happening with patients. It’s a more efficient use, they don’t have to go back and ask for records. And then, of course, from the physician’s view it’s very important because they know their patient is in the hospital then, rather than finding out after the patient has been discharged. That’s just one use case but I think it will have a profound effect on healthcare as it’s implemented across the county.

Q: One of the things we’ve started to see is state HIEs looking at opportunities to generate revenue from the data they collect. In Montana, for instance, there’s talk of analyzing the mountains of data they have for population health research, but also perhaps selling analytics services to hospitals, networks, payers. Now, as far as I know, this is all nascent and may or may not actually happen. But does Florida HIE have any grand visions to start analytics services or any other ways to generate revenue from health data?
A: The way the Florida system is structured we actually do not have the ability to do that — and that was by design. One of the issues is that Florida is a pretty conservative state and there was a lot of fear from the physicians that their data would be harvested and sold. Generally, the sense we get is that they feel strongly that the data is theirs, they want to keep control of it, and they don’t want people having the ability to share it without their consent. We actually created a federated model for that, where the data resides at all the nodes, so we don’t have a centralized repository, which is what you would need to do those analytics.

One of the good things about the HIE effort in Florida altogether is that these local HIEs that are developing do have that capability, on a community basis very often they do have a central repository that they would be able to analyze and use for reporting to CMS or to the state, or to make improvements within their community. The idea of the analytics is, I think, a very good one; we just don’t have a way to perform it at all.

Now, we are looking at a lot of other ways to generate revenue. We have a sustainability model which divides the costs of the HIE between the nodes and factors in the size of the node, and on the Direct messaging side we are asking the payers to pay for the service there in order to not charge the physicians, to really make it adoptable for the physicians by not putting any financial burden on them. 

We have kept our sustainability costs very low by using open source components and having a very lean infrastructure. We’ve estimated our sustainment costs at about $2.3 million a year going forward, which is really a very low amount. And we have a plan in place that we’ve been vetting with the stakeholders to get acceptance because we want a larger percentage of organizations and individuals to join than a smaller percentage.

We are also looking at other things. For example, as we bring the EHR vendors on we may ask them to contribute at least to help with the costs of joining, the cost to integrate them. We’re looking at more out-there things like maybe putting some advertising on our Web site. There are lots of ideas. As time goes on, we’re exploring each one to decide if it's a practical use or not.

Q: When the Ponemon Institute published its seminal report late last year on Patient Privacy and Data Security, almost lost among the data breach statistics was the finding that 35 percent of responding health org’s have no plans to become a member of an HIE, and even  for those that are using an HIE, 34 percent are not confident that patient privacy can be maintained. How do you calm fears about HIE and patient privacy? 
A: It’s a difficult question. Security and privacy have to be handled at the point the patient is seen because patients have to understand that their data will be queried if they allow it and they have to sign the HIPAA forms. That’s as it is now.

A side effect of joining the Florida HIE is that we do have security best practices that we flow down to our adopters both on the Direct secure messaging side and the patient look-up side. The HIEs or health systems that join, within the description agreement that they sign, they have to meet certain requirements for different levels of security that they will take care of. Most of those are large hospitals that are very aware of HIPAA and have those security controls in place.

We go into quite a bit of discussion with them at the beginning to make sure they have their tools in place and we provide some tools to query the HIE to see what traffic is going to be passed so they can keep an eye on the queries made and possibly pinpoint someone misusing the system on the patient look-up side.

From the Direct messaging side, that’s a lot harder because now you’re dealing with individual physician’s offices and they are required to have these HIPAA controls in place. It’s nothing new with an HIE but it kind of reinforces for physician practices that they need to make sure they are being responsible with the data. One good thing about the Direct system is that at the most you’re sending one record at a time so it would be very difficult to have a breach where more than one record was illegally obtained.

Related articles:

What will drive HIE growth? Business value for providers

Top 5 HIE findings from ONC research

Are providers ripe for a massive medical records heist?

HIE and the patient privacy conundrum

Podcast: HIX, HIE and the industrialization of healthcare

Q&A: On remaining ambiguities in the final HIPAA rule

 

Topics: 
Government & Policy

More regional news

Dr. Lyle Berkowitz of KeyCare on telemedicine

2025 forecast: Telehealth will boost panel size and enable more delegation

By
Bill Siwicki
January 06, 2025
Developers around a table with documents discussing product life cycles

FDA offers new draft guidance to developers of AI-enabled medical devices

By
Andrea Fox
January 06, 2025
David Nickelson of Cella by Randstad Digital

In 2025, look for more digital-first patient engagement and data-driven decisions

By
Bill Siwicki
January 03, 2025
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Dr. Lyle Berkowitz of KeyCare on telemedicine
2025 forecast: Telehealth will boost panel size and enable more delegation

Most Read

What Trump's election means for healthcare
China to pilot standards for virtual primary care
ATA calls on Congress to beat the telehealth deadline, as it preps for Trump's term
HIMSS launches veterans health IT workforce program
ASPR seeks feedback on public health orgs' cybersecurity needs
VA plans to end telehealth copays and fund virtual care access in rural areas

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

Mike Miliard, Susan Morse, Jessica Hagen at HIMSS Media Part 2_Health in 2025 Photo by pcess609/iStock/Getty Images Plus
Looking ahead to 2025 with HIMSS Media, part 2
Mike Miliard, Susan Morse, Jessica Hagen at HIMSS Media_Health in 2025 Photo by pcess609/iStock/Getty Images Plus
Looking ahead to 2025 with HIMSS Media, part 1
Zachary Durst at WittKiefferFuturistic human medical interface Photo by Nattapon Kongbunmee/iStock/Getty Images Plus
AI officers becoming more prevalent in healthcare
Muhammad Babar at the Pakistan Ministry of Health_Las Vegas skyline Photo by halbergman/E+/Getty Images
How Pakistan is tackling some key digital health challenges

More Stories

Healthcare worker with tablet looking at a digital display of a human spine
Trends 2025: AI in healthcare progressing despite reimbursement hurdles
Dark monitors on a desk and more on a dresser
Brain Cipher begins to leak stolen Rhode Island data
Padlock icon
Ransomware downtime costs U.S. healthcare organizations $1.9M daily
Muhammad Babar at the Pakistan Ministry of Health_Las Vegas skyline Photo by halbergman/E+/Getty Images
How Pakistan is tackling some key digital health challenges
Hospital colleagues share article on tablet
Top 10 most-read stories of 2024
server room
Top 15 largest U.S. healthcare provider data breaches of 2024
HHS building
HHS releases notice of HIPAA Security Rule update
Aashima Gupta at Google_Doctor typing on computer Photo by Everyday better to do everything you love/iStock/Getty Images Plus
Physicians can get back to patient care with genAI