burwoodgroup, inc.
Policy Direction Overrides Technology
in Setting Stage for HIE
Government decisions and consistent
standards are critical to developing healthinformation-exchange technology with
essential capabilities and solid acceptance.
Executive Summary
This forum brought together leaders from California who are responsible for—or most critically
affected by—efforts to bring health information exchange (HIE) to the state. Federal grant
programs, for HIE specifically and health information technology (IT) generally, are infusing
the health field with funding to help healthcare providers and health information organizations
make headway in adopting health IT and organizing for HIE. But along with the funding comes
a variety of requirements to enable such technology to accomplish a set of objectives within
challenging timeframes during the next several years. The fundamental questions follow:
• Where should we start?
• What concerns or problems are preventing progress?
• What barriers are in the way of envisioning and executing HIE plans with good prospects
of acceptance and success?
Burwood Group and Cisco Systems jointly sponsored a round-table format that encouraged
more than 60 prominent representatives of the California healthcare community, along with
several notable leaders from around the country, to deliver their strategic perspectives of
the challenges they face and to discuss tactics for putting those strategies into practice.
More than 40 percent of the assembly represented healthcare-delivery entities, from medical groups and hospital systems to community health centers and public health agencies.
Another 20 percent came from HIE networks in California, neighboring states, and as far away
as South Carolina. Health plans and payers—important participants in any discussions about
changes in the healthcare business model—were also represented, and additional expertise
was supplied by consultants in the health IT domain, medical product suppliers and health IT
vendors, and Health Level Seven, a major health IT standards-development organization.
With such diversity of interests and ambitions for how forum attendees can apply HIE to their
situations, the forum was not destined to come to solid conclusions but rather to present
all significant viewpoints and improve the climate for agreement and common objectives
to advocate in the months to come. The group came together, for instance, on the critical
prerequisite of clear policy direction on creating, managing, and technically executing patient
consent to use information in HIE activities. Also a high priority was the creation of standards
to consistently guide exchange mechanisms, content, and infrastructure design in order to
put various independent and concurrent HIE building blocks on the same foundation from the
Smarter solutions. Better outcomes.
www.burwood.com | 877-BURWOOD
This paper provides a synthesis
of the conversation among
prominent stakeholders and
experts in electronic health
records and information-sharing
topics at the Southern California
HIE Forum on January 20, 2011.
page 2
beginning and prevent potentially costly and complicated integration efforts in the future.
With the first forum completed and lessons learned
from the experience, Burwood Group is working
to identify and articulate the group’s value and to
develop a plan for follow-up sessions.
Introduction
Health information exchange, along with electronic
record systems that feed it, have made notable progress in just a few years toward the level of viability
and ubiquity that the healthcare industry has long
sought but not achieved.
The sudden infusion of more than $100 million in
federal funding to accelerate IT adoption and infrastructure building in California has made it possible
to prepare for the promise of $3 billion more when
healthcare providers reap incentives for the creation,
use, and sharing of information in electronic health
records (EHRs) and information-exchange systems.
Since the American Recovery and Reinvestment Act
(ARRA) of 2009 offered to subsidize construction of
an electronic health information highway, vendors of
EHRs and HIE technology have prepared to supply
the applications and communication pieces perceived
as necessary and marketable to this proliferating
customer base.
The $100 million-plus in funding includes $38.8 million
from the federal Office of the National Coordinator
for Health Information Technology (ONC) to a nonprofit corporation called Cal eConnect to enable the
operation of HIE networks across the state, from the
Redwood MedNet north of San Francisco to the Los
Angeles Network for Enhanced Services and Orange
County Partnership Regional Health Information Organization, powered by the Western Health Information
Network for Los Angeles and Orange Counties, and
a host of exchanges in between. Four IT Regional
Extension Centers blanketing the state are using a
combined $51.53 million for physician practices and
critical-access hospitals to first select, acquire, and
implement EHRs and then meet requirements in
ARRA’s HITECH Act to attain designated levels of
“meaningful use” of EHRs and HIE in order to qualify
for incentive payments. Another $33.75 million is
being spent on special projects: $15.28 million in
the San Diego area from the ONC’s Beacon Com-
munity initiative, and $18.46 million from the Health
Resources and Services Administration to implement IT in community-based coalitions of healthcare
organizations.
But as HIE has become financially plausible and technologically possible, new challenges to deploying the
potential of rich patient information have appeared.
The information is more than bits and bytes—it contains the sensitive medical details of people’s lives,
and the data most likely originated in a highly private
encounter with a physician or in a hospital stay.
Collecting patient data for wider dissemination,
though justifiable for coordinated care and populationlevel health improvement, is a topic fraught with
policy and legal implications, starting with patients’
roles in deciding how their data is accessed and
extending to managing and protecting those wishes.
Beyond the policy concerns, the demands of aggregating information and governing its use call for
new modifications in IT capabilities that only now are
being recognized as pivotal to success.
Breaking the Policy Barrier
These challenges were identified and articulated by
the dozens of players in the health information deployment and exchange fields who met at a forum in
January 2011 to better understand current concerns
with HIE and ultimately how they relate to efforts
in Southern California. The forum, organized and
sponsored by Cisco Systems and Burwood Group,
featured a series of facilitated small-group brainstorming sessions in a round-table format, after which each
small group reported its observations and ideas to the
whole assembly.
“a call to action … a call to make
policy, not just put technology
on top of bad processes”
- Facilitator, Jeanne McNerney
Though the focus overall was on IT challenges and
on gaps in the necessary processes of providing HIE
services, attendees came to see the gathering, in the
words of facilitator Jeanne McNerney, as “a call to
page 3
action … a call to make policy, not just put technology
on top of bad processes”. And at the top of the action
list was the “enormous gap” between current capabilities and what is necessary to manage consents to
use information—both technologically and in terms of
achievable policy directives.
Defining the problems took forum participants
through numerous layers, beginning with policy
decisions that clearly direct information-exchange
managers on the options of people whose medical
records and other clinical information the HIE seeks
to make available. Should patients have the right to
opt in—specifically consent before their data can
become part of the information initiative—or have
their information included by default unless they
specifically opt out of the system? Can patients have
an opt-out choice that includes exceptions? An opt-in
choice with limitations?
From that starting point, other topics along the path
to resolving consent concerns encompassed:
• Determining the elements of the process
necessary to obtain the actual consent decisions
from patients after policy makers establish rules
of procedure
• Managing the stated consent preferences
throughout the reach of the HIE network
• Assessing these identified policy and
administration challenges against the availability—
or lack—of enabling technology in the
marketplace.
bers of that group expressed concern, however, that
the state was heading in an opt-in direction and that
those favoring an opt-out approach would need to
make their voices heard.
Others wondered why the industry had to live with
one extreme or the other—certain situations called
for exceptions to the opt-in or opt-out rules. For
example, mental health, substance abuse, and HIV
status have gained specific protections on disclosure
of related personal information. Attendees argued for
more granular consent policies that account for, at
minimum, the type of healthcare service for which information is being requested. More nuanced consent
would be equally beneficial whether at the physician’s
office, health system, or HIE levels.
Whatever the eventual consent approach, HIE efforts will have to include educating the public on the
factors that enter into a decision that is in their best
interests. Part of that education involves understanding the trade-off between patients having tight control
of disclosure of their information and the benefits
of giving their care providers and others acting on
their behalf access to that information. One group
suggested the information confidentiality concern is
exaggerated, and that part of the education challenge
is to rephrase the question: When it comes to real
patients in real care situations, presented with a wellcrafted explanation—not, do you want your data kept
confidential, but do you want the right data shared
with your providers—those patients will support
information sharing.
Decisions, Please, on Consent Options
The Consent-Management Workload
At both the California and federal levels, there is no
consensus on whether the consent policy should land
on the side of opting out or opting in, according to
attendees. That lack of direction in itself posed a problem: One of the small groups reported that because
no legislation at the state level has been enacted
to rule one way or the other, several organizations
represented at that table were waiting for a legislative decision to be made before going much further
on HIE strategy. However, if it were their choice, the
better approach would be to opt out.
The basis for governing and gaining consent is the
first obstacle but by no means the only one. Consent
must be managed. Devising a usable, reliable system
for managing consent information and integrating
it with health information access management is
problematic enough internally throughout a medical practice or healthcare-delivery organization. As
providers solve internal information problems and
begin integrating with outside partners, the consent
problem increases. Forum attendees said HIEs may
be the entity best positioned to determine regional
consent management as a companion process to the
main goal of designing ways to receive, store, and
exchange health information for wide areas.
Another group, after discussing how the state has
yet to provide definitive direction, also reached the
conclusion that it should be an opt-out policy. Mem-
page 4
Managing that consent does not stop at storing and
routing initial decisions about what can or cannot be
disclosed. Consent forms should be easy to renew,
retract, update, and given exceptions or special
declarations (you can share everything except my picture, for example). The reality is that most consent is
paper-based, the forms scanned in nondiscrete form
or stored somewhere. And although consent in the
context of HIE usually calls to mind the dissemination of patient information beyond the original record
source, consent also is a basic request at the provider
level to permit treatment or intervention.
Forum attendees discussed the need for a way to aggregate consents into a repository, but said currently
there are no incentives to perform that service. One
suggestion was that Cal eConnect should consider
providing such a repository as a service. Chosen
as the “state-governance entity” for HIE under the
4-year federal grant program, Cal eConnect’s role is
to provide “core services” common to existing HIE
organizations in the state.
Whoever takes responsibility, wide-area consent management is a new and sizable problem to put on the
list of organizational challenges that are pivotal to the
prospects for HIE success. As one attendee observed,
much of the consent problem concerns building it
into the process, getting it right at the beginning
instead of having to clean it up later.
And it will take new types of enabling technology,
which many at the forum concluded is not available to
handle the new requirements—whether it be facilitating consent options, computerizing the process of
gaining consent, or managing consent information
after it is obtained.
Technology Not Quite Up To the Task
Before the healthcare community can develop proper
information policy, it must develop its own policies
to generate the appropriate IT development for HIE
infrastructure. Attendees talked about the products
and priorities of IT vendors and concluded that,
among other emerging technology needs, consent
is low on their list of activities to support EHRs and
information sharing. Unfortunately missing from the
catalogue of applications are computerized solutions
to record consent information in standard ways, carry
consent across entities and geographic distances,
and facilitate easy electronic means of renewing and
otherwise following up on consent preferences.
Data structures also were seen as not standard
enough among EHRs and other sources of information for HIEs to consider more nuanced possibilities
for patient consent preferences than the all-or-nothing
extremes of opting completely out or completely in.
Innovation in creating more granular data and using
metadata tags—labeling the basic nature of discrete
data elements to enable sorting and disclosure decisions—would make progress for tailoring access
instead of approving or rejecting the policy easier.
Forum participants noted that if data in records were
more discrete and separable, patients could designate parts of the record they do not want shared
while making the rest available through HIE networks. Healthcare situations call for different levels
of consent both to share information and to receive
treatment, and this paradigm could be assisted by
technical programming that is not available yet.
The obstacles facing HIE on the important topic of
patient consent are applicable to the challenges of
deploying wide-area information exchange in general.
Concerns about security, accuracy, interoperability
among information systems, and protection against
data corruption or tampering have always been associated with data mobility and exchange. The scope—
and stakes—of information exchange at the regional
and state level are just more complex.
One small group’s summation reduced the topics
requiring resolution to four bullet points:
• Policy overrides technology.
• Data must move bidirectionally.
• Data structures and metadata are critical to
supporting bidirectional data flow.
• Metadata is critical to tagging the source—which
is necessary for authentication (to protect against
tampering).
Getting Architecture Right, But Adaptable
With HIE in its early developmental stage, planning
decisions made today might not have immediate consequences statewide or nationwide, but the time will
come when all independently established entities will
have to travel the same technological roads and col-
page 5
laborate as partners. In a separate discussion about
what the information flow of the future will require
of EHRs and health information systems, forum attendees voiced the pivotal importance of developing
standards at the outset. And if the standards were
not there yet, getting there soon would have to be a
prime priority.
A small-group spokesperson likened the problem to
the history of railroad building, noting that Americans
were successful because they required the same
gauge—the distance between the two rails—in all
track laying by independent regional companies. Not
so in Australia, where uncoordinated efforts long ago
still require elaborate wheel changes today to adjust
trains for three different gauges in different regions.
Assuming an eventual 300 HIE efforts in the United
States, the spokesperson warned, “We are about
to have 300 different wheel changes to connect all
our HIEs. So I would argue that we need to get the
architecture right long before we get the HIEs right at
a granular level.”
The never-to-be-attained ideal put forward at the
forum is one truly centralized patient record system
that both providers and patients could access and
that could lead to population-centered evaluation. But
most of the forum attendees stayed focused on reality, not an idealized future. Although most agreed that
figuring out the foundation at the outset was important, so was the need to allow for business, technological, and communications innovations that alter the
architecture while improving prospects for making
HIE acceptable and more comprehensive. Some of
the innovations mentioned follow:
• Getting information from new-era health
providers, such as retail walk-in clinics, into the
medical record to round out the data set and
manage compliance more fully
• Using social media to bring consumers closer
to their care-givers—“friending” or texting
doctors, getting tweets from providers, pushing
information to consumer mobile devices—all
of which changes data flow and disrupts
assumptions about how to design information
exchange
• Building into the infrastructure a capacity
for virtual diagnostic and provider-contact
systems—say, developing an artificial-intelligence
application where patients enter a problem,
get a response, have it entered into the record
automatically, and then arrange to talk to a
clinician in a Skype session
• Encouraging development of health IT tools
through open-source methods, providing more
creativity to develop applications that have not
been thought of yet and having a process to
feed that work into the overall EHR and HIE
architecture and infrastructure
• Connecting the multitude of informationexchange systems through a network much
like that used for sharing state-level driver’slicense and driving-record information
nationwide; emulating the U.S. Department of
Transportation’s coordinating role, Cal eConnect
could again be the logical unifier
Increasing Value of Data Flow Through HIE
Improving the way information flows is one thing;
improving what healthcare can do with that flow
begins to achieve the promise of HIE. Having information that can travel widely and easily could help forge
solutions to what have been intractable problems.
One example put forward: ensuring that providers are
aware of advance directives. Just like consent preferences, managing very personal patient wishes on
heroic measures is a fundamental but often difficultto-manage responsibility. A centrally accessed repository could simplify creating directives and accessing
them from multiple locations. In fact, one attendee
pointed out that the California Secretary of State has
an advance directivwe that is inaccessible by healthcare providers.
In the future, personal health data in electronic form
will be so rich and valuable that the healthcare field
should figure out a way to make the data independent of IT vendor products, one round-table group
recommended. The concern centered on the intense
competition and proliferation of vendors for a share
of the advantages in the wake of the market opportunity created by HITECH—compared to a “land grab”
before all the IT real estate is taken. What happens
to data in EHR systems over time, as some vendors
go out of business, is a potential future problem; data
portability must be a major part of the solution.
An open question remains how valuable the data will
become, and along with that the willingness of all
page 6
providers to seek and share information instead of
guarding their own. One topic raised was the idea of
a “health information economy”, somehow monetizing the data—getting to the point that it has tangible
value, something received in return for providing
information to others.
attendees discussed the motivation of self-funded
employers that offer high-deductible health-insurance
coverage—would they offer a PHR to their employees,
and would that be a differentiating factor for choosing
employment in the future, given similar salary levels
and location?
Patient-Controlled Records: Still Not Viable
Taking a step back in perspective, one point of view
discussed was that we should reconsider the whole
premise of separating EHRs and PHRs—why develop
them separately if the view is that patients should
have access to their health data? A simpler approach
for PHRs is to say there is one set of data and the
healthcare industry should determine how people can
best access certain parts of that single data set.
Although HIE has finally progressed from laudable
concept to seriously considered component of the
healthcare business or clinical model, the same
cannot be said for patient-controlled records, also
called personal health records. Notwithstanding the
call for consumer access to their medical information
in the coming second stage of HITECH meaningfuluse objectives, the prevailing view at the forum
was that patient health records (PHRs) are still a
“nonissue” for numerous reasons, both policy- and
technology-based:
Doctors have a major problem concerning the lack of
trust in data from outside sources, and they also have
many more pressing concerns before they address
PHRs.
There is too much uncertainty around legal ownership and security of the patient-controlled record, and
some forum participants were convinced that nonhealthcare PHR vendors do not fully understand the
idea that confidentiality has to be ported over to the
personal record.
• Portability concerns, especially for PHRs linked
to healthcare-provider systems, have not been
resolved.
• T
here is the obvious question of who will pay for
these records.
The lack of progress generated discussion about the
possible role of a patient portal strategy, to encompass patient legal and operational control of information, the means to share it, and the individual responsibility for consent. A related idea was the potential
for—and development of—consumer information
portability through a private “cloud” of servers that
can follow patients wherever they go.
Consumers would have to see enough value to pay
for the cloud-based service, unless it was in the
interests of some other party to pay for it. Forum
No Significant Conclusions—But Value in Discussion
The forum confirmed the need for consensus on a
variety of infrastructure and standards challenges,
and although it was clear that those objectives are far
from being resolved, there was a sense of urgency
to achieve resolution. The caliber and inclusiveness of
the assembly accomplished the first step of getting
most of the important clinical and technological representatives in one place to learn each other’s priorities.
“This was a very good first step in terms of convening
a group that has a lot of expertise and understands
the challenges we face, but at the same time has lots
of different perspectives on it”, observed Dr. Larry Ozeran, President of Yuba City-based Clinical Informatics Inc. “We all see different major challenges in the
problems we have with [information] exchange.”
“It’s clear that the greatest
challenge for HIE in the future
is not a technological one”
- Facilitator, Dr. Peter Yellowlees
The forum was able to highlight technological gaps
that must be addressed in health information exchange and the use of patient data, but it also was
able to distinguish between technical and social barriers. “It’s clear that the greatest challenge for HIE in
the future is not a technological one”, commented Dr.
Peter Yellowlees, Director of Health Informatics at the
page 7
UC Davis School of Medicine. “Most people think this
problem is a technical one, but really it’s a problem for
humans. And it’s a problem about trust, primarily, and
about how individuals and systems trust each other
and learn to work together better.”
Lessons were learned about enhancing the value of
the rich discussion. Leaders of each round table were
articulate in summarizing their conversations for the
whole group, but more organized note-taking could
have preserved much more of the total content. The
depth and breadth of ideas and opinions resident in
such an accomplished gathering would have been
elicited more fully through more focused discussions,
perhaps by assigning fewer topics or allowing more
time for them.
Burwood Group plans to convene a follow-up meeting
to discuss creating a governance structure and charter
for this group, and also to plan additional forums dedicated to a single topic.
More About the Sponsors of Southern California HIE
Forum
Burwood Group
With more than 14 years of healthcare IT experience
at nearly 150 organizations nationwide, Burwood is a
recognized leader in delivering advanced healthcare
solutions with a steadfast focus on improving patient
experience and outcomes. Its team of clinicians and
healthcare IT leaders use their combined experience
and expertise to assist medical device companies
and healthcare organizations from large academic
systems to small physician practices in the delivery of
advanced medical IT excellence.
Burwood Group Expertise:
• Clinical Collaboration and Communication
• Strategic Operations and Advisory Services
• Information Technology
• Regulatory Compliance
• Facility Transformation and Development
• Medical Device Strategy and Integration
Burwood Group is committed to the advancement
of healthcare technology and is a proud strategic
partner to the following organizations:
V1.1 - © 2011, Burwood Group, Inc. - All Rights Reserved - EDCS-962012
Cisco Healthcare
Cisco® Healthcare addresses how to extend access,
improve workflows, and lower costs across the entire
community of stakeholders. Cisco puts patients—
their outcomes and information—at the center, where
Cisco Healthcare Solutions help to build a connected
health vision. For more information, please visit:
http://www.cisco.com/web/strategy/healthcare/index.
html.
Cisco MDES
Medical Data Exchange Solution (MDES) is an
integrated end-to-end, standards-based solution that
enables patient-centric access to medical records. It
enables interoperability and access of patient data
among multiple healthcare providers and locations,
utilizing the Integrating the Healthcare Enterprise
(IHE) frameworks. Now providers can quickly and
easily access and review a patient’s medical data
gathered by different applications and stored in separate locations
Cisco MDES operates over the Cisco Medical-Grade
Network, a highly secure and scalable framework that
meets the unique needs of the healthcare industry.
The standards-based architecture supports the secure
management of patient data, giving healthcare providers patient-centric access to data, results, and reports
as well as improving workflow and operations for
increased productivity and cost-effectiveness.