Assessment Released of Health Information Exchanges (Part 2 of 2)

Posted on January 7, 2015 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site ( and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The previous installment of this article talked about the survivability of HIEs, drawing on a report released under ONC auspices. This installment delves into some other interesting aspects of information exchange.

Data Ownership and Privacy Raise Their Heads
Whenever data is a topic, policy issues around ownership and privacy cannot be dismissed. The HIE report does not address them directly, but they peek out from behind questions of how all this stuff gets stored.

Two essential strategies allow data sharing. In the simpler strategy, the HIE vacuums up data from all the providers who join. In a more subtle and supple strategy, known as a federated system, the HIE leaves the data at the providers and just provides connectivity. For instance, the HIE report explains that some HIEs store enough data to identify patients and list the providers who have data on them (this uses a master patient index, which solves the common problem of matching a patient). Once a patient is matched, the HIE retrieves relevant data from each provider.

The advantage of the vacuum suction strategy is that, once an HIE has all the data in one place, it can efficiently run analytics across a humongous data set and deliver the highly desirable analytics and planning that make the HIE attractive to clients. But this strategy brings significant risk as well.

Programmers and administrators in the computer field have long understood the classic problem of copying data: if you keep two or more copies of data, they can get out of sync. The HIE report recognizes this weakness, indicating that HIEs storing patient data can get outdated (p. 12). According to the report, “Stakeholders reported it is very damaging to the reputation of state efforts when provider queries return insufficient results, leading users to conclude the system is not useful.” (p. 17) In fact, some HIEs don’t even know when a patient has died (p. 20).

Another classic problem of copying data is that it forces the HIE to maintain a huge repository, along with enough server power and bandwidth to handle requests. This in turn raises costs and drives away potential clients. Success in such cases can be self-defeating: if you really do offer convenient query facilities and strong analytic power, demands will increase dramatically. Larger facilities, which (as I’ve said) are more attractive to HIEs, will also use data in more highly developed and sophisticated ways, which will lead to more requests banging on the HIE’s door. It’s no whim that Amazon Web Services, the leading cloud offering in the computer field, imposes limits on data transferred, as well as other uses of the system.

Thus the appeal of federated systems. However, they are technically more complex. More significantly, their success or failure rests on standardization more than a vacuum suction strategy. If you have a hundred different providers using a couple dozen different and incompatible EHRs, it’s easier to provide one-way channels that vacuum up EHR data than to upgrade all the EHRs to engage in fine-grained communication. Indeed, incomplete standards were identified as a burden on HIEs (p. 19). Furthermore, data isn’t clean: it’s entered inconsistently by different providers, or in different fields (p. 20). This could be solved by translation facilities.

What intrigues me about the federated approach is that the very possibility of its use puts providers on the defensive over their control of patient data. If an HIE gets a federated system to work, there is little reason to leave data at the provider instead of putting it under the control of the patient. Now that Apple’s HealthKit and similar initiatives put patient health records back on the health care agenda, patient advocates can start pushing for a form of HIE that gives patients back their data.

What Direction for Direct Project?
The Direct project was one of the proudest achievements of the health IT reforms unleashed by the HITECH act. It was open source software developed in a transparent manner, available to all, and designed to use email so even the least technically able health care provider could participate in the program. But Direct may soon become obsolete.

It’s still best for providers without consistent Internet access, but almost anyone with an always-on Internet connection could do better. The HIE report says that in some places, “Direct use is low because providers must access the secure messaging system through a web portal instead of through their EHRs.” (p. 11)

A recent article uncovered the impedances put up by EHR vendors to prevent Direct from working. The HIE report bolstered this assessment (pp. 19-20). As for DirectTrust (also covered by the article’s reporter), even though it was meant to solve connectivity problems, it could turn into yet another silo because it requires providers to sign up and not all do so.

Ideally, health information exchange would disappear quietly into a learning health care system. The ONC-sponsored report shows how far we are from this vision. At the same time, it points to a few ways forward: more engagement with providers (pp. 14, 25), more services that add value to patient care, tighter standards. With some of these advances, the health care field may find the proper architecture and funding model for data exchange.