In June 2010 sixteen organizations representing California patients and consumers adopted nine principles for electronically exchanging health information among and within provider organizations. The principles were formulated with the goal of improving patient and population health care by increasing the availability and use of patient data while protecting patients’ privacy. This study assesses to what extent five health care organizations—all in different stages of increasing their capacity for health information exchange—conformed to the principles in early 2011. Although an increasing amount of electronic data has been exchanged among organizations and with patients, progress has been modest, and patients still have little control over their data. For organizations to comply with all nine patient and consumer principles, clear “rules of the road” for information sharing must be defined, and patient education in health information exchange and control over personal data must be increased.
The Health Information Technology for Economic and Clinical Health (HITECH) provisions of the American Recovery and Reinvestment Act of 2009 have accelerated federal, state, and regional health information exchange, which is the electronic movement of health-related information among separate organizations.1 The act provided up to $27 billion in incentives for physicians and hospitals to adopt electronic health records. Subsequent regulations specified three stages for achieving “meaningful use” of electronic health records.2 The first stage requires meeting such objectives as maintaining data on patients’ demographic characteristics, diagnoses, and procedures in electronic form, and giving patients electronic access to some of their data.3
The act also provided another $2 billion for activities to support achieving meaningful use.4 These funds included grants to promote health information exchange efforts that help meet several stage 1 meaningful use objectives, such as e-prescribing and receipt of structured—that is, encoded—electronic lab results, and more ambitious objectives in the second and third stages.5,6
Electronic health information exchange can potentially benefit patients by enabling them and their providers to make better use of all available electronic patient health information. Take, for example, “Ms. Jones,” a typical Medicare patient who sees seven doctors—five of them specialists—in four different practices.7
Each physician with an electronic health record may generate electronic demographic data, progress notes, or specialist reports, as well as prescriptions. He or she may also receive coded lab results for Ms. Jones. All of these reports and data could be shared electronically with the other physicians. But the reality of health information exchange has not yet lived up to its promise.
For example, doctors in Practice A can readily share information about Ms. Jones with each other, but they typically cannot access her electronic data from doctors in Practice B. This gap frustrates Ms. Jones, who gave permission for data sharing with the expectation that enabling her care providers to access more complete, accurate data would improve the quality of her doctor visits and her self-care.
In theory, electronic health information exchange should enable Ms. Jones’s providers to share information about her health status and current medications and to remind themselves about services she needs. In addition, Ms. Jones should be able to review all of her health records via a web-based patient portal; identify discrepancies; possibly correct or add information; communicate with her providers; view reminders of needed services; and review educational materials tailored to various aspects of her health.
Despite its potential benefits, electronic information sharing can entail risks for patients, especially loss of privacy and misuse of data. For example, Ms. Jones does not want anyone to use her electronic health information to make decisions that work against her interests.
In June 2010 a group of sixteen organizations representing California patients and consumers endorsed nine principles aimed at maximizing health information exchange benefits (improved care, self-care, and population health) and minimizing risks (loss of privacy and security) (Exhibit 1).8 The organizations—which included Consumers Union, AARP, the National Council of La Raza, and the Pacific Business Group on Health—discussed and debated the principles over the course of six months.
Nine Consumer And Patient Principles For Electronic Health Information Exchange (HIE) In California
The privacy and security principles are mostly based on Connecting for Health recommendations, which influenced the Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information of the Office of the National Coordinator for Health Information Technology.9,10 The principles cover both health information exchange among unaffiliated providers and public health agencies and data sharing within organizations, as many consumer concerns are the same in both cases.
In addition to improving the privacy and security of health information, the principles aim to enable patients and their providers to have “immediate, complete, and accurate information about relevant medical history, medications, and tests” that could improve health care in multiple ways.11 For example, electronic data could be available to any authorized emergency department physician; care coordination and transitions could be facilitated; medical errors, adverse reactions, and duplicative care could be avoided; the accuracy of chronic or preventive care reminders to providers during patient visits and reminders to patients between visits could be increased; the quality of providers’ services and performance measurement could be improved; comparative effectiveness of medical practices could be determined; and, more broadly, costs could be contained and quality improved.
We assessed how well five diverse California health care entities’ health information exchange capabilities, policies, and procedures satisfied the patient and consumer principles as of early 2011. These entities are building information exchange “nodes,” or hubs, that can enable the movement of data among many providers. The Nationwide Health Information Exchange Network—a federally funded public-private partnership that is demonstrating the feasibility of electronic health data exchange among organizations across the United States—sees such nodes as key building blocks for robust regional, statewide, and national information sharing.12
Study Data And Methods
I selected different types of health care organizations that collectively served all types of California’s patient populations. The organizations were as follows: Kaiser Permanente (hereafter Kaiser), a capitated integrated delivery system; Nautilus Health Care Management Group (Nautilus), a physician management service organization that provided electronic health record services to many physician members of a large independent practice association; Santa Clara Valley Hospital and Health System (Santa Clara), a large public hospital; and Inland Empire Health Plan (Inland Empire), a large health maintenance organization participating in Medi-Cal, California’s Medicaid program. I also selected the Santa Cruz Health Information Exchange (Santa Cruz), one of California’s two most developed regional health information exchange organizations.
Each health care organization was a health information technology leader for the patient populations it served. However, the organizations used different types of software, some much more robust than others (Exhibit 2).13
Characteristics Of Health Information Exchange Organizations Studied
Using survey questions developed jointly by the University of California, San Francisco, and Consumers Union, I interviewed the people most knowledgeable about health information exchange in each organization, including some state and national leaders in the field (Appendix 1).14 From August 2010 to April 2011, I conducted twenty-three interviews with eighteen interviewees, for a total of twenty-five hours of interview time. Concurrently, I analyzed the transcribed and summarized interviews using pattern-matching and explanation-building techniques.15
Different organizations had different approaches to, and were at different stages of, health information exchange. Beyond data exchange within an organization, there are three types of exchange capacities, as follows: enterprise—that is, controlled by an organization; regional; and nationwide.16 For example, to exchange data among a wider group of partners, Santa Cruz stakeholders had developed and were operating a robust regional health information exchange organization or node that multiple stakeholders controlled and used to exchange data among themselves. Inland Empire and Nautilus were developing and operating enterprise health information exchange nodes that each enterprise controlled but that multiple contracting partners, such as small practices, could use. This type of node is developing much more rapidly in California than regional health information exchanges. Inland Empire was also leading an effort to create a regional health information exchange organization or node that would substitute for, and be more effective than, some of its enterprise health information efforts.
Kaiser and Santa Clara had extensively developed capacities for within-organization data exchange because most patients received multispecialty care from those organizations, and providers in each organization used a single, shared health record for each patient. For large organizations, such within-organization data exchange often precedes health information exchange with other separate entities. Kaiser was exchanging some data by participating in the Nationwide Health Information Network Exchange, but not in any regional health information exchange organization.17 And Kaiser and Nautilus had each launched web-based patient portals to enable patients to communicate with providers, view their data, and so on.
The sixteen California patient and consumer advocate groups had sought to develop principles that met their constituents’ needs and yet were pragmatic, imposing neither burdensome rules nor excessive cost on health care organizations. The interviewees in this study either supported the principles or did not oppose them outright. However, none of the organizations studied had specifically decided to develop their health information exchange initiatives in such a way as to comply with the principles. In fact, some interviewees were unaware of them, although most knew about, and agreed with, the underlying Connecting for Health recommendations concerning privacy and security.
Principle 1: Important Benefits For Individual Health
Because the benefits to individual health depend so much on the particulars of an organization’s health information exchange capabilities, I describe the benefits by organization.
The primary benefits to Kaiser patients derived from Kaiser’s extensive exchange of data within the organization. Providers employed by Kaiser could view patient data and reminders during visits, order tests, and message other providers within the Kaiser electronic health record. But health information exchange with unaffiliated organizations was negligible, meaning little benefit for care outside of Kaiser or for new or former Kaiser patients.
An important exception was the benefit created by the Nationwide Health Information Network Exchange pilot project of data exchange between Kaiser and the San Diego Veterans Health Administration, a project that began in 2009. The organizations used nationally developed technical standards, services, and policies to enable providers to view, one patient at a time, Continuity of Care Document data—important demographic and clinical information—for several hundred shared patients who had specifically permitted this data sharing to take place by “opting in” to the exchange.17
Kaiser’s robust patient portal capabilities allowed patients to view data on their own test results, allergies, immunizations, current medications, and past office visits; see preventive services reminders; exchange secure messages with providers; request refills and appointments; receive appointment reminders; and fill out forms.18
In the case of Nautilus, patients of providers that it supported benefited from the provider portal within the NextGen electronic health record. Providers used the portal to import into their electronic health record selected data on their patients from other Nautilus providers who used NextGen. It was much easier for providers to use these data within the record than in a separate web browser, such as Google’s Chrome.
The interfaced data—coded data imported into the electronic health record—included patients’ medications, allergies, chronic disease diagnoses, history, and lab results. Providers could also view hospital radiology reports. And patients could use the NextGen patient portal to view test results, contact providers, request refills and appointments, obtain test orders and reminders, complete forms, and receive some reminders for chronic or preventive care.
Patients served by Santa Clara’s providers benefited from extensive data exchange within the organization that allowed providers to access inpatient and outpatient data. However, the many Santa Clara patients also seen in local community health centers gained little from health information exchange with those centers because only some physicians not employed by the hospital could access Santa Clara’s data. Moreover, those providers could view data only in the web portal, one patient at a time, because no data were interfaced with external electronic health records.
Inland Empire patients benefited from their providers’ use of the health plan’s provider portal, which allowed providers to view data from other Inland Empire providers, including data on appointments, medication history, diagnoses, and emergency department visits. However, no data were interfaced with providers’ electronic health records. Thus, providers could access data only via the plan’s web portal, one patient at a time. Nor could providers electronically order tests or communicate with other providers by using the portal.
Santa Cruz’s robust health information exchange benefited patients because it connected many area labs, hospitals, and providers—although not a large local health care organization affiliated with a major statewide health care system in California. Providers with seven different electronic health record software products—such as Epic and Allscripts—could use interfaced data generated by their patients’ other providers. All providers could view their patients’ ambulatory care lab results; radiology, pathology, and other specialist reports; practice transcriptions and memos; and emergency department reports, chart notes, and discharge summaries. Furthermore, they could order prescriptions and lab and radiology tests; make referrals; obtain authorizations for tests and referrals; and send memos to other providers using the exchange.
In three organizations—Nautilus, Inland Empire, and Santa Cruz—individual patients and patient populations (such as people with diabetes) benefited from chronic or preventive care reminders that were based on comprehensive data collected from multiple affiliated and unaffiliated providers.
Obviously, patients could benefit only when providers routinely used the health information exchange data available to them. Factors appearing to influence the extent of that use included pay-for-performance incentives for chronic or preventive care and data-sharing methods that “fit” with provider office workflow—especially electronic data exchange interfaces that enabled easy viewing within electronic health records and electronic data that were at least clearly presented in web browsers.
In summary, Nautilus, Inland Empire, and Santa Cruz patients benefited from health information exchange among unaffiliated providers in multiple independent and mostly small practices. Kaiser and Santa Clara patients benefited from substantial within-organization data exchange, and Kaiser and Nautilus patients benefited from patient portals. In all organizations, information sharing with out-of-area providers was negligible.
Principle 2: Important Benefits For Population Health
Only two organizations—Santa Clara and Inland Empire—exchanged data with public health agencies. Santa Clara also functioned in the role of county public health department. Therefore, it received near-real-time biosurveillance data—that is, data on disease outbreaks—from county emergency departments. And it and Inland Empire regularly received data sent from state immunization registries, albeit in an outmoded data format that was difficult to use.
Principle 3: Inclusivity And Equality
Patient portal availability and use were the best available—although imperfect—indicators of inclusivity and equality. Kaiser had extensive experience with patient portals. Of the 53 percent of Kaiser members enrolled in the organization’s portal, 60 percent—including many people age sixty-five or older—used it at least five times per year. Native speakers of Spanish, underrepresented as portal users, could use some site capabilities in that language, including articles about featured topics and health-improvement programs. At the time of this study, Kaiser was trying to adapt its portal for mobile technology such as smart phones, used by many lower-income patients who do not have computers.
The interviewees could not yet determine if different patient groups benefited unequally from health information exchange. Inequality among organizations serving different populations probably existed because the scarcity of resources slowed the information-sharing efforts of Santa Clara—the one public hospital in the study—most of whose patients were disadvantaged.
Principle 4: Universal Design, Accessibility, And Interoperability
Universal design “anticipates and accommodates the differing needs” of different types of patients, according to the patient and consumer principles for health information exchange.8 Only Kaiser reported deliberately using universal design principles (applied to its patient portal) which, according to an interviewee, “flavored everything” in the portal from colors and font size to text-to-audio readers for the visually impaired, and which spurred extensive usability testing.
Universal design also involves easy connections between different systems and different patients and providers. Several interviewees emphasized that it was cheap and easy to connect organizations using the same vendor’s proprietary software and standards, but that it was costly and difficult to connect organizations using different vendors’ software.
Principle 5: Privacy And Security
The organizations in this study clearly took privacy and security issues seriously, as reflected in the many policies and procedures they had to ensure the security of their data, the careful limits they put on information sharing, and their caution about expanding the sharing they did. However, none of the organizations did much to educate consumers about the data available about them or to enable them to control their data. Importantly, many issues here and in other principles pertained to any patient data, rather than specifically to health information exchange within and among organizations.
Openness And Transparency:
The organizations were not transparent about providers’ use of patient data. They maintained audit trails to show who “touched” patient data and would provide this information to patients on request. However, they did not tell patients what audit trails were or even that they existed. Nor was the information available in an easily understood format. As a result, patients rarely asked for information from the trails, and if they did, it had to be interpreted by staff members.
Collection Limitation And Purpose Specification:
Four organizations in the study had policies clearly stating that collected data were to be used only for purposes of caring for patients and reimbursing services. But although three of the organizations tried to educate the providers in their mostly solo or small practices about privacy and security policies, they did not closely monitor the practices’ implementation of those policies.
Moreover, although the fifth principle calls for patient “knowledge and consent” to permit data collection, the organizations did not provide patients with a consent form. They did give patients the Notice of Privacy Practices required by the Health Insurance Portability and Accountability Act of 1996,19 but few patients read it.
Most organizations restricted the sharing of sensitive personal health information, such as data on HIV status, substance abuse, and mental health. In fact, they limited the exchange of this information to such an extent that some physicians complained about having insufficient information to provide appropriate care.
The fifth principle calls for data that is “accurate, complete, and current.”8 Provider staff members were responsible for determining, for example, that the hypothetical Ms. Jones in our example above was indeed Ms. Jones. Staff members at health information exchange nodes were primarily responsible for ensuring that data from different sources were linked to the right patient.
For example, two organizations used algorithms that checked a few patient data points—including name and age—to combine a patient’s information from different sources that did not use a uniform method of patient identification. These organizations tried to spread best practices for capturing patient identification data across physician practices. Staff members at the health information exchange node or the provider’s office were responsible for reconciling nonmatching information.
Staff members at providers’ offices usually were responsible for the accuracy of patient data, although staff at health information exchange nodes validated and corrected some data—for example, correcting or transforming new lab codes. They also helped providers identify and correct erroneous data and accurately capture new data. One organization launched a data cleaning campaign with its practices. Although patients who used a patient portal in two organizations could discover some inaccuracies in their data, these patients could not easily correct or “clean” their data, nor did the organizations encourage them to do so.
Use And Disclosure Limitation:
Privacy breaches can be the result of criminal activity; staff voyeurism about celebrities or people they knew; or staff mistakes, such as sending information in faxes to the wrong person. In compliance with existing laws, all of the organizations had policies for responding to breaches, and four had elaborate ones.
The organizations appeared to be vigilant about security to protect privacy. For example, several of them contracted with firms that maintained the organization’s data in high-security data facilities. To prevent privacy breaches, the organizations threatened to use audit trail monitoring to identify and fire those who misused data. However, there was little systematic analysis of audit trail information. Nor were patients able to view understandable analyses of audit trail data, a key way to identify and discourage security breaches.
The organizations did carefully control which providers could access which data. For data exchanged with unaffiliated providers, some required providers to check a box to attest that they cared for the patient and had his or her consent to see the data. One organization was implementing so-called trip wires to prevent, for instance, a pediatrician from looking at adult records, despite a concern about preventing legitimate inquiries—in this example, perhaps investigation of a patient’s family history.
In the absence of well-understood trust and data agreements between unaffiliated organizations, interviewees worried about how other organizations would use their patients’ data and whether that would lead to breaches. This increased interviewees’ reluctance to expand data sharing.
Individual Participation And Control:
Patients had minimal control over their data. They could not easily limit who could access their data or find out who had done so, although some vendors had begun introducing configurable patient consent modules to give patients greater control—for example, by making data visible to primary care physicians but not specific specialists. In practice, the managers of health information exchange nodes decided what data should be exchanged. At several organizations, even physicians had only an advisory role in these decisions.
Most of the interviewees did not have a strong opinion about whether patients should be offered “opt in” or “opt out” consent to allow their data to be shared. But the interviewees did express a desire that either one or the other consent option be used consistently for all patients in California. Nevertheless, some interviewees expressed the concern that requiring patients to opt in might lead them to overestimate the risks of sharing their health information and underestimate its benefits.
Principle 6: Preventing Misuse Of Health Data
Organizations strictly limited the release of data to other parties. Although insurers could access claims and encounter data, financial and marketing firms could not access any data, and law and immigration enforcement organizations had to request specific patient records.
Principle 7: Partnership And Health Information Technology Literacy
The organizations did not instruct patients in how to use their personal health information, other than providing forms and brochures that few patients read. Only Kaiser and Nautilus had patient portals. Neither organization had done much to use the portals to inform patients—in their own languages—about patients’ personal health information rights, remedies, and responsibilities.
Principle 8: Accountability
Organizations had virtually no accountability for realizing benefits from health information exchange, using universal design principles, or meeting other principles in the list.
Principle 9: Enforcement
Although enforcement should apply to all protections of health information exchange, these organizations’ enforcement of the principles pertained only to privacy breaches for the organizations in this study. In fact, enforcement consisted of one federal and one state agency levying fines and publishing the names of organizations that had had a privacy breach, in order to “shame” them in the eyes of their peers.
The overall challenge is to comply with the patient and consumer health information exchange principles in a balanced way, maximizing rewards (such as exchanging information more quickly to improve health at the individual and population levels) while minimizing risks (such as preventing security breaches and misuse of data). The organizations in this study were moving relatively slowly to exchange health information and thereby comply with the first two principles. Their inability to move faster was mostly due to a lack of clear “rules of the road,” including behavioral norms for health information exchange participants, legal agreements, and technical standards.
For health information exchange among unaffiliated entities, most of the interviewees emphasized the principles that reduced risk over principles that increased reward. For health information exchange with patients, the lack of patient portals in three organizations and truly robust patient portals in two organizations accentuated the lack of patient engagement, control, and data monitoring.
Unclear Legal and Business Rules
Organizations wishing to exchange data with others sometimes hesitated because of unclear or incomplete rules covering the types of data collected and the data’s timeliness and accuracy. Patients, for their part, had little idea what organizations did with their data.
Most of the interviewees wanted clear rules about what data to exchange and with whom, what agreements to sign, and what procedures to implement in order to minimize the risks of exchanging health information while improving patient care. Pervasive uncertainty combined with fear of data breaches led the organizations in this study to be excessively cautious, which slowed the exchange of information.
Several interviewees were exasperated with the breach-reporting process. One said, “I think the [Health Insurance Portability and Accountability Act] stuff is ridiculous, the amount of reporting I have to do…. It’s so much more important to have the data available at [the] point of care.”
Some uncertainty revolved around the responsibility and liability of the regional health information exchange entity. One interviewee at a regional exchange argued that health information exchanges should track who saw patient data and enable patients to easily view audit trails, but that health care organizations that sent and received data should be primarily responsible—and thus liable—for implementing health information exchange policies and preventing data misuse. California state law was not clear on this point.
The lack of harmonization of laws and regulations within California, let alone between the state and the federal governments, exacerbated the organizations’ uncertainty.
The lack of a standard document that all parties could sign and that would list their rights, responsibilities, and protections created delays in exchanging health information. An interviewee observed: “We need a set of uniform laws and a document…so that there’s no conversation to be had on the contractual side, [and so that] it’s simply a technical conversation.”
Several interviewees could not understand why the federal government was not requiring the use of a standard, comprehensive, multiparty trust agreement, that further developed the Data Use and Reciprocal Support Agreement,20 which they felt could speed health information exchange agreements.
Lack Of Definitive Technical Standards and Specifications
Several interviewees emphasized the need for one set of definitive federal or state standards and implementation specifications on how health information exchanges should connect with one another, what codes should be used, and how data should be transferred, among other matters. These interviewees argued that multiple, coexisting standards and insufficiently constrained specifications of existing standards increased the complexity and cost of health information exchange and slowed progress. They expressed dismay about several points.
First, they believed that the federal regulations on the meaningful use of electronic health records2 did not build upon and complete several dozen Health Information Technology Standards Panel recommendations that were funded by the Office of the National Coordinator for Health Information Technology and were the result of years of work and negotiation among innumerable stakeholders.21,22
Second, they believed that the recent federal emphasis on developing “simpler” data exchange specifications and software through the Direct Project23,24—which supports cases of pushed communication, or messages or documents sent directly from one health care provider or entity to another—could divert resources from implementing already well-tested, much more robust Nationwide Health Information Network standards, policies, and services for universal patient look-up and document discovery and exchange between entities.
Third, they feared that delays in creating federal standards and specifications would enable vendors to control those rules, increasing the time and money that health care organizations would need to connect software that used different standards.
Lack Of A Patient Identification Standard
Because there is no unique patient identifier that all California health care organizations could consistently use for the same patient, organizations wrestled with correctly linking data from unaffiliated organizations to the right patient. Beyond potentially interfering with or potentially harming appropriate patient care, this deficiency increased work for providers or health information exchange entities and delayed information delivery to providers and patients.
Lack Of Public Health And Safety-Net Capabilities
Several interviewees said that they would exchange whatever public health data were required, but that many public health departments were unable to specify which data they wanted and were technically unable to receive, process, and report on them. Moreover, with limited federal and state funding available for health information exchange, some safety-net organizations could lag behind private organizations, preventing communities from meeting inclusivity and equality principles.
Competing Priorities And Financial And Other Barriers
Although the organizations in our study still had many enterprise health information exchange opportunities with positive business cases—that is, they made financial sense to the enterprise—other health information technology efforts were often higher priorities. These included complying with government mandates—such as switching to using the ASC X12 Version 5010 standards for electronically transmitting claims—or meeting meaningful use criteria for electronic health records.2 With the exception of Santa Cruz and Inland Empire, the organizations either did not have clear financial reasons to participate in efforts to organize regional health information exchanges, or—in the case of Santa Clara—had no relevant regional health information exchange efforts to participate in.
Complying with key health information exchange principles depends on patients’ intensively interacting with and controlling their data through the use of patient portals. Yet if banking were like health care today, many consumers would have to go into the bank to check their transactions. Three of the organizations in this study did not have portals. Even the two organizations with portals did not offer web pages giving patients extensive information about their rights and did not enable patients to determine which data could be shared with whom, monitor who used their data, or correct their data.
The findings presented here are based primarily on interviews with managers in five California health care organizations. Nevertheless, these organizations represented key types of health care organizations and emerging, potential Nationwide Health Information Network Exchange nodes; served the spectrum of California patient populations; and were leaders in health information technology for their type of organization.
Although health care organization nodes were increasing the amount of data they exchanged, thereby increasing patient benefits, and took privacy and security seriously, thereby reducing patient risks, not one organization’s health information exchange initiatives came close to complying with the consumer-patient principles for such exchanges (Exhibit 1).
Nevertheless, important government actions are creating pressure to increase the exchange of health information and its benefits for patient and population health. These actions include federal grants for health information technology, federal incentive payments for achieving meaningful use of electronic health records, federal and state efforts to clarify standards and policies for health information exchange, and the development of accountable care organizations—whose financial survival will depend on excellent information-sharing capacity.
Policies that clarify the “rules of the road” for data exchange—specifying which data can be shared, how and with whom, through what agreements, and in accordance with what standards and specifications—can decrease health care organizations’ uncertainty and perceived risk. That in turn will lead to increased information sharing and associated benefits to patient and population health. California’s federally funded and state designated entity for health information exchange, Cal eConnect, is engaging leading stakeholders in the development of such rules.
Policies that require very substantial health information exchange for complying with stage 2 and stage 3 criteria for the meaningful use of electronic health records5,6 could potentially transform the business case for health information exchange and its progress. Meanwhile, special incentives or subsidies are crucial for safety-net and public health organizations likely to lag behind private organizations.
Ultimately, unless current enterprise health information exchange efforts intersect in some way with regional or national health information exchange efforts, policy makers might have to mandate minimum acceptable amounts of data exchange, especially for emergency care.
Several policies can end the marginalization of patients and consumers in current health information exchange efforts. Launching campaigns to increase health information technology literacy that engage consumers can increase patients’ demand for health information exchange, forcing organizations to do far more in this area. For example, patients educated about the possibilities of exchange might insist that their electronic data be available at any emergency department, not just their providers’ offices. Yet it is still not clear what techniques are successful in encouraging consumers to demand more exchange of health information and better access to, and control over, their data.
In the interim, the state and federal governments should enact new policies that set timetables for organizations to offer patient portals that satisfy the patient and consumer principles discussed here; create rules that will enable consumers to easily view audit trails, correct data, and control who uses their data; and fund and publicize timely quantitative evaluations of health information exchange progress and the resulting benefits and risks for patients. Such actions can help consumers by increasing regulatory pressure and market competition to advance truly patient-centered health information exchange.
ABOUT THE AUTHOR: ROBERT H. MILLER
In this month’s Health Affairs, Robert Miller reports on his examination of a 2010 initiative in which sixteen organizations representing California providers and consumers adopted principles for exchanging health information among providers. Miller assessed five health care providers and found that although they partially conformed to some principles and more data had been exchanged, gains were modest.
The impetus for the study, Miller says, came from one of the organizations involved in the effort, Consumers Union, the publisher of Consumer Reports. When the organization approached him about evaluating adherence to the principles and their impact, Miller says, “At first I was wary. I was concerned that [the principles] wouldn’t be pragmatic enough to be feasible. But in fact they were.” In his article, he writes that clearer “rules of the road” for information sharing, and more patient control of the data, will now be essential to making greater progress.
Miller is an adjunct professor of health economics at the Institute for Health and Aging at the University of California, San Francisco. He conducts research on how health information technology can transform health care, with a focus on health care organizations providing electronic health record services and on enterprise and regional health information exchange. Miller is especially interested in how electronic health records and health information exchange can improve quality and efficiency in safety-net organizations and in solo and small physician practices.
He has been lead author on several previous Health Affairs articles, including a 2009 article on financing clinical information systems and a 2007 article on the Santa Barbara County Care Data Exchange. Miller is a member of the Investment Advisory Committee for UnitedHealth Group’s California Health Care Investment Program and of the Business Advisory Group for Cal eConnect, California’s state-designated health information exchange entity.
Miller received his doctorate in economics from the University of Michigan.
Guest Blogger ROBERT H. MILLER Satisfying Patient-Consumer Principles For Health Information Exchange: