Writing the RHIO Fine Print: Model Policies and Specifications Speed Data Exchange Start-Ups

by Todd Stein

Fledgling RHIOs get a head start with new model policies and technical guidelines from Connecting for Health.

When Chuck Fitch first began to promote a regional health information network for Memphis’s far-flung hospitals, medical centers, county clinics, and physician groups three years ago, he ran head on into a classic dilemma. Many of the organizations that would benefit most from sharing clinical information were market competitors. Even the promise of reducing medical errors and cutting costs through streamlined data exchange wasn’t enough to overcome their fear of losing ground to the competition.

“You wouldn’t believe the work that it takes to get every one of these different hospitals and different HIM departments together, and all the compliance officers and all the privacy officers to sit down and agree to something,” says Fitch, vice president and chief information officer of UT Medical Group, the 350-physician faculty arm of the University of Tennessee Medical School. “We staff a hospital down the road, and getting patient data even from them—electronically—is like pulling hen’s teeth. It’s horrific.”

Fitch’s fledgling coalition, which last fall was absorbed into a statewide regional health information organization, or RHIO, is one of dozens if not hundreds of regional data exchange efforts now under way in virtually every part of the nation. They share common goals—reducing medical errors, harmful drug interactions, and healthcare costs—and a common approach of leveraging the Internet to connect healthcare’s fragmented, scattered nodes of clinical information.

It’s a tall order. Regional data exchange coalitions must overcome significant technical hurdles such as creating secure connections and reliable authentication across a host of clinical and business applications. They also must forge agreement among groups that have good reason to distrust each other—health plans, employers, hospitals, physicians, laboratories, retail pharmacies, pharmacy benefits managers, state and federal governments, and a virtual army of consumer advocacy groups.

Bringing them all together at the same table and keeping them there requires, above all, sound policies that frame their debates and guide them through a quagmire of legal and logistical challenges.

“In some regions of the country, these groups actually hate each other,” says John Halamka, MD, chief information officer of Harvard Medical School and chief executive officer of MA-SHARE, one of the nation’s earliest RHIOs. “So building a regional organization to share data has to be fundamentally based on trust.”

Models of Good Behavior

To help nurture trust among MA-SHARE’s 34 constituent organizations, Halamka, like many of the country’s data-sharing leaders, turned for guidance to Connecting for Health, a group of diverse stakeholders from across the healthcare map that is managed by the Markle Foundation and funded by Markle and the Robert Wood Johnson Foundation. In 2001, long before the industry as a whole was convinced of the need for connectivity and data sharing, the Markle group began creating a vision for health IT connectivity. Coming to agreement hasn’t been easy, but in 2004 the group produced a road map that centered on what has since become a widely accepted model for a network of nationwide health information sharing—essentially an index for peer-to-peer data exchange.

That model, Halamka says, is the one most likely to be adopted by the four groups awarded contracts in November by the Department of Health and Human Services to develop prototype nationwide health information network (NHIN) architectures. “I have no doubt that the Markle work, being so foundational, will end up being very influential for this process, and then it will serve as a model for the country,” says Halamka, who is a key consultant on the NHIN.

If Connecting for Health had stopped at infrastructure, that would be the end of the story. But the group’s work is far more comprehensive. This year, it will release a public version of a set of extensive technical and policy documents outlining a common framework for regional and nationwide health information exchange. The complementary documents include technical guidelines for electronically indexing health information and, just as importantly, explicit policies for information use and governance. The policy documents are a kind of off-the-shelf blueprint for forging contractual and logistical ties between plans, providers, pharmacies, and patients.

If these technical and policy guidelines are widely adopted, as Markle hopes, the common framework should ultimately enable regional health information networks to connect to each other in a loosely federated nationwide network. The framework is designed to accommodate the nation’s diverse and fragmented health system, permitting a wide variety of users to share information via the Internet by adhering to a small number of essential rules and protocols that enable interoperability and protect the privacy and security of data.

Even in their early form, the documents have proved effective. Healthcare organizations that turn to Markle for help have been able to receive a draft version of some of the documents, which remain a work in progress.

“Without the Markle guidelines, I think most of these initiatives would exhaust themselves before they made any progress,” says Mark Frisse, MD, professor of biomedical informatics at Vanderbilt University in Nashville, and director of the MidSouth eHealth Alliance. “People would spend months just agreeing on the right framework of things to talk about. It would be very difficult to conduct meetings and make progress, and there would be much earlier and more intensive involvement of lawyers.”

Money is always short for hiring lawyers and for other needs of the data-exchange groups, who compete for private and government grant funds. The Markle policy documents help the groups conserve their funds but still develop legally sound answers to such fundamental questions as how and when to let patients opt out of the data sharing network and how to create agreements that satisfy all stakeholders.

David Lansky, a former regional director of clinical information services for an integrated health system in Oregon, now serves as the senior director of Markle’s health program. He says the foundation takes calls nearly every day from data-exchange groups looking for policy guidance. “They’re writing their first privacy policies and first contracts between doctors and hospitals and IPAs, trying to figure out how to build their patient index,” Lansky says. “And they call us up saying, we’d like to use your tools because they’re effective and they don’t cost anything.”

Lansky hopes the policy guidelines will help promote standardization among the nation’s existing and future RHIOs. “The big national networks—the VA, Medicare, [pharmacy benefits managers]—don’t want to talk a hundred different ways to a hundred different RHIOs,” says Lansky. “They need to have a single set of standards and protocols and policies. So we think RHIOs are an important platform, and it’s great to have public, local participation and buy-in, but they can’t be entirely idiosyncratic in what they do.”

For that reason, Connecting for Health’s common framework model accommodates variation in software, hardware, and network design by identifying the key rules that participants must adhere to as they develop their own unique networks.

Trust Is in the Details

Even more important to Markle than the standardization of communication protocols is agreement that any national network for exchanging clinical information include strict privacy protections for patients. Connecting for Health’s road map promotes a patient-centric model that grants patients authority to decide how, when, where, and with whom their clinical records can be shared.

Markle’s heavy emphasis on patient choice and privacy is only partly due to the foundation’s proconsumer cast. In the highly politicized arena of healthcare reform, Markle believes that a patient-centric approach may be the only way to ensure success for every healthcare stakeholder.

“For the entire health information environment to be successful, the public has to have confidence and trust that our information will be handled properly,” says Lansky, who was previously president of the Foundation for Accountability, a now-defunct nonprofit organization that promoted a vision of consumers as equal partners in shaping the delivery of care. “If I’m in Boston and my medical record can be accessed electronically by someone in Chicago, I need some level of confidence that the rules in Chicago are the same as the rules I already trust with my doctor and hospital in Boston. To create that level of trust, there needs to be a certain amount of uniformity across the country.”

Patients aren’t the only ones with trust issues, of course. Hospitals and providers also have good reason to fear electronic data exchanges, says Mark Overhage, MD, an associate professor at Indiana University School of Medicine and a Connecting for Health member.

“Hospitals and providers have a huge concern that payers are going to ding them in some way based on this information,” says Overhage. “Or they worry that patients are going to get stolen by some other organization, or that payers may understand better how they price things. So trust is probably one of the biggest issues, and I think the Markle policies really do attack that square in the face.”

Like all good policies, Markle’s are rooted in the real world. Connecting for Health has served as the default “business incubator for RHIOs,” says Harvard’s Halamka, in part by encouraging the group’s members to share best practices for data exchange. These in turn make their way into Markle’s policy documents.

To further refine its model, Markle last year spawned a working prototype of information sharing within and among three very different communities: a group of Northern California safety-net clinics with minimal IT infrastructure and no central database of clinical information; the Harvard Medical School, with perhaps the nation’s most sophisticated IT infrastructure; and one of the nation’s largest and most advanced RHIOs, the Indiana Health Information Exchange. These prototype sites are in the midst of implementing Markle’s patient-locator index and peer-to-peer exchange architecture, with guidance from the foundation’s policy documents.

“Our architecture and our privacy model should work equally well in all three [prototypes],” says Lansky. “In effect it is like an umbrella sitting above all those and saying, Look, if you can just meet certain fairly modest criteria for identifying patients, standardizing data exchanges, and agreeing to certain privacy policies, all three of these very different sites can talk to each other.”

An October 2005 test of the prototype network’s data sharing capabilities using anonymous patient data proved promising, and it served as a valuable learning experience. “There’s still plenty of poorly marked ground,” says Overhage, who in addition to his medical school responsibilities is president and CEO of Indiana Health Information Exchange. “What we intended with the prototype was to figure out where are the real issues and problems and then craft a solution to them.”

Good Ideas in a Noisy World

Still, many key policy questions that would affect a national health information network have yet to be asked. That’s because no one has begun to share electronic information about real patients between different healthcare markets. Even multistate healthcare organizations such as Kaiser Permanente don’t do that yet. The Markle prototypes won’t begin to share the records of real patients until mid-2006.

Once they do, Overhage says, they’ll begin to face some tough questions.

“Say a doctor in Boston asks for data from my Indiana database about my patient,” says Overhage. “Do I treat that the same way I do a request from the physician across the street? The technical model is silent on that, and so it really becomes a policy question. I think until we’re further down the road with people being able and wanting to share information across markets, it’s going to be hard to answer that question definitively.”

In the end, the experts agree, finding answers to data sharing questions may prove less important than doing the asking. In most communities, relations between healthcare stakeholders have long been defined by either fierce competition or mute indifference. For these groups to reach agreement on a patient-focused healthcare system, says MidSouth eHealth Alliance director Frisse, honest dialogue is the key.

“The big win for all of us is that Markle gave communities a framework and a starting point from which they can debate these topics,” says Frisse, who plans to introduce Markle’s documents to the Memphis healthcare community. “More often than not, they’re reaching the same recommendation that Markle has made but they’ve made that recommendation their own. They’ve personalized it at the community level, and that is a very powerful thing.”

Frisse’s Tennessee network has adopted a central database model, not Markle’s federated approach. Still Frisse has nothing but praise for Connecting for Health’s policy work, which he says can be helpful to groups no matter which technical architecture they opt for.

“On a practical level, the Markle policies move people along far more quickly and at lower legal cost than if they were left on their own,” Frisse says. “I guess the bottom line is they are introducing a set of very good ideas into a very noisy world. Along with the Markle prototype, they are going to change the way everyone thinks about data exchange in America.”

A Glimpse at the Guidelines
Connecting for Health’s documents are voluntary guidelines intended to help communities use technology to share health information while protecting the privacy and security of personal health information. The complementary documents cover explicit policies for information use and governance—policies that Connecting for Health believes organizations must put in place before they attempt to design a technical solution for sharing information.

Highlights of the documents include the following. (Connecting for Health’s concept of a subnetwork organization is equivalent to that of a RHIO.)

  • Model subnetwork organization terms and conditions: a model contractual agreement containing sample language and descriptive notes on user agreements, general disclaimers, insurance requirements, and enforcement requirements.
  • Model subnetwork organization terms and conditions topic list: a general overview of the issues that health information sharing networks must address to increase their likelihood of success.
  • Model privacy policies and procedures: model privacy policies for networks that adopt Connecting for Health’s indexed, peer-to-peer architecture as part of a nationwide health information network. The model includes policies for use and disclosure of personal health information and for ensuring that patients can participate in the dissemination and control of their health information.

Other policy documents address such issues as how institutions should inform patients of their right to opt out of participation in an index; how to audit and log the transfer of health information across the network; how to handle breaches in confidentiality; mechanisms for cleaning up dirty, incomplete, and inaccurate data; and how to authenticate users of the network. Technical documents will include guidelines such as a description of the messaging types and formats a patient index must be able to handle.

The complete set of Connecting for Health policy and technical documents will be made available in early 2006. Visit www.connectingforhealth.org for more information. To receive notification as Connecting for Health releases documents, please register at www.connectingforhealth.org/ mailinglist.php.

Todd Stein (todd@todd-stein.com) writes about healthcare and technology from his home in the San Francisco Bay area.

Article citation:
Stein, Todd. "Writing the RHIO Fine Print: Model Policies and Specifications Speed Data Exchange Start-Ups" Journal of AHIMA 77, no.2 (February 2006): 38-42.