HIE Business and Technical Profiles A White Paper by HIMSS Healthcare Information Exchange Portfolio Task Force September 2010 2010 HIMSS 1
Table of Contents Introduction... 3 Approach and Methodology... 3 HIE Governance Profile... 4 Similarities... 4 Differences... 5 HIE Business Profile... 5 Similarities... 5 Differences... 5 HIE Technical Infrastructure... 5 Similarities... 5 Differences... 5 HIE Functional Capabilities... 6 Similarities... 6 Differences... 6 HIE Integration Capabilities... 6 Similarities... 6 HIE Security... 6 Similarities... 6 Conclusions... 6 Appendix A HIE Survey Participants... 8 Appendix B HIE Business and Technical Profile Survey... 9 Acknowledgments... 12 2010 HIMSS 2
Introduction Based on an organizational model, Health Information Exchange (HIE) organizations can be grouped into three broad and sometimes overlapping categories: Not-for-profit entity typically regional and community health information exchange organizations focusing their efforts on delivering business line services to its participants including electronic medical record (EMR,) electronic health record (EHR,) personal health record (PHR,) clinical decision support systems (CDSS,) data acquisition and presentation services, e-prescribing, clinical messaging, etc. Collaborative/public entity typically state-wide initiatives focused on delivery utility services including patient identity management, common services framework, registry services, public health reporting, etc. For-profit entity privately funded organizations with specific return on investment targets offering a combination of business line and utility services for financial benefit. Regardless of the organizational category, virtually every HIE initiative uses a domain-based enterprise architecture approach in fulfilling its ultimate goals to improve healthcare quality, reduce medical errors and lower care delivery costs. These architectural domains could be qualified as: Business architecture Technical architecture Functional/application architecture Data architecture By using flexible technology coupled with an adaptive set of processes, realization of HIE enterprise architecture domains results in a coherent data set directly supporting care collaboration and coordination as well as standards-based interoperability. The purpose of this paper is to provide a quantifiable set of measures applicable to any community, regional or state-based HIE entity and to provide a foundation for commonalities and differences analysis among HIE enterprise architectures nationwide. Approach and Methodology A survey was developed that asked organizations to describe HIE business, technical, functional/application and data architectures. The HIE Business and Technical Profiles Survey (see Appendix B) was administered to the initial set of five HIE organizations: Greater Rochester Regional Health Information Organization, Brooklyn Health Information Exchange, Long Island Patient Information Exchange, Nebraska State Health Information Exchange and Central Florida Regional Health Information Organization. Because of the recent increase in the number of community, regional and state HIE entities which are in the planning, implementation or 2010 HIMSS 3
operational stage, a decision was made to not exclude any HIE entity based on its operational stage. The process of HIE business and technical profiling could be viewed as a continuous process resulting in a Wiki-like reference tool populated with data in a proactive manner. Initially selected HIE organizations were contacted via email, face to face and telephone interviews inviting them to participate in the survey. This effort resulted in a collected data set from four HIE organizations. There were no additional follow-up discussions with responding HIE organizations on the data submitted. The survey results are summarized based on the questions content categories as outlined below. Questions were grouped into following categories: HIE Governance Profile HIE Business Profile HIE Technical Infrastructure HIE Functional Capabilities HIE Integration Capabilities HIE Security The table below shows the relationship between HIE enterprise architecture domains and survey question categories: Survey Categories HIE Architecture Domains Governance Profile Business Architecture Business Profile Business Architecture Technical Infrastructure Technical Architecture Functional Capabilities Functional/Application Architecture Integration Capabilities Data Architecture Security Technical Architecture Note: the complete HIE Business and Technical Profile survey can be found in Appendix B HIE Governance Profile Similarities All survey participants indicated that their respective HIE organizations were formed as multistakeholder entities including integrated delivery networks (IDNs,) hospital, health plan, employer, consumer and provider representation. All HIE organizations are being governed by an HIE board with standing specialty committee bodies responsible for subject matter expertise and operational aspects in the areas of finance, technology, communication and clinical priorities. Although the HIE organizational constituency has a large participation footprint, not all entities contribute data. Additionally, some HIE participants are being granted view only access to HIE-wide resident data. The majority of the users accessing patient data are physicians with a 2010 HIMSS 4
smaller number of other clinical champions such as nurses, pharmacists, care managers, and quality assurance managers, as well as intake and discharge planners. All survey participants indicated that their respective organizations are either being designated as state level HIE service providing entities or are part of the larger state level health information network backbone. Differences Only one survey participant indicated their involvement with the National Health Information Network (NHIN,) namely provisioning New York State NHIN Gateway for connecting with the Tennessee RHIO. HIE Business Profile Similarities All survey participants qualified their respective HIE organization as a not-for-profit 501(c)(3) covered entity with existing executive staffing responsible for day-to-day operations. All survey participants indicated that the larger portion (65%-70%) of funds needed for HIE implementation and operation are coming from state/federal grant programs. Differences With respect to business sustainability planning, only one survey respondent qualified their organizational business plan as being implemented with evident positive outcomes, with 35% of the budget coming from non-participant fees and HIE business line of services. HIE Technical Infrastructure Similarities HIE support and operations are achieved through a combination of in-house and vendor support with business continuity being enabled via high available and distributed provisioning on hardware and system architecture levels. Differences HIE deployment models adopted by respondent HIE entities cover all possible deployment models (federated, centralized, hybrid) driven by respective organization privacy and security requirements. Although several respondents indicated willingness to either support or incorporate open source components into the HIE product roadmap, only one had already adopted several open source 2010 HIMSS 5
components, namely Universal Description, Discovery and Integration (UDDI) and computergenerated imagery (CGI.) HIE Functional Capabilities Similarities All survey participants indicated that the provider level consent is required to access patient data. Moreover, the NHIN Access Policy has been adopted by some organizations along with breakthe-glass capability, enabling HIE users to access patient data in case of emergency. Differences Aside from adopting and implementing a consent model governing access to patient data, surveyed HIE entities are currently in different stages of implementation of other HITSP IS 107- based functional capabilities. HIE Integration Capabilities Similarities All survey participants indicated support for established and emerging industry interoperability standards (IHE, HITSP, and HL7 standards). HIE Security Similarities All survey participants indicated the use of role-based access controls and combination of available security industry standards Hypertext Transfer Protocol Secure (HTTPS,) Secure Socket Layer (SSL), Security Assertion Markup Language (SAML,) and Audit Trail and Node Authentication (ATNA.) Conclusions The collected data set, although limited, clearly shows that evaluated HIE organizations share more similarities than differences. Survey results suggest that a significant amount of effort has been put into place to achieve secure and interoperable HIE solutions based on the adoption of industry practices and standards. Governance profiles are also similar between responded HIE entities: non-profit organizations with 501(c)(3) filing status. All responding HIEs have primary care physicians and specialty care physicians as a part of the core stakeholder user group. Survey data also suggests that HIE business sustainability remains to be one of the most challenging aspects of implementing, operating and maintaining HIEs. Although all respondents 2010 HIMSS 6
indicated the existence of the membership fee model and active business planning initiative, the significant dependency on state and federal grants funds is still present and poses significant risk on HIE long-term sustainability. 2010 HIMSS 7
Appendix A HIE Survey Participants Brooklyn Health Information Exchange BHIX Irene Koch, Executive Director Central Florida RHIO Michael Kovner, Project Director Rochester RHIO Jill Eisenstein, Associate Director Nebraska RHIO Deborah Bass, Interim Executive Director 2010 HIMSS 8
Appendix B HIE Business and Technical Profile Survey HIE Governance Profile Describe HIE governance structure (including decision making authority body and subject matter expert subgroups). Describe HIE involvement, if any, in state level (State HIE) and/or national level (NHIN) initiatives. Describe HIE constituency (large IDNs, hospitals, primary care organizations, long/short term care organizations, home care agencies, payors, employers, consumer organizations). Describe data contributors and data users of the HIE systems: Do all HIE participants contribute data to HIE? What role(s) the majority of the HIE users fall under (physicians, nurses, pharmacists, administrators, etc)? HIE Business Profile Qualify HIE organization type (501-C3, etc.) Describe HIE staffing compliment (please include organizational chart) How do you qualify HIE sustainability plan (if possible provide details): Plan has been developed and is being implemented, positive outcomes are evident Plan has been developed and is being implemented, positive outcomes not evident Plan has been developed but not implemented Plan is under development If possible, quantify the percentage share of operational budget coming from grants, HIE participant fees, business line services HIE Technical Infrastructure Describe HIE model deployed/selected (federated, centralized, hybrid). What was the rationale behind selecting the specific HIE model? Describe HIE framework components/applications deployed/selected: empi, RLS, Portal, PHR, EMR, e- prescribing, CDS, other. How would you characterize your HIE system: open framework, productized framework, closed product. Is Open Source technology being used? If yes, provide details. 2010 HIMSS 9
Describe HIE hardware footprint. Describe how system HA and/or DR being provisioned for HIE. Describe HIE technical operations/support model (HIE in-house support, third party support, vendor support) HIE Functional Capabilities Describe which/how clinical priorities can be supported by HIE framework: Consumer Consent Management Administrative Benefits and Eligibility Management Medication Management Clinical Data Exchange (including laboratory and imaging data) Quality Measure Management Immunization Management Case Reporting and Biosurveillance Emergency Resource Utilization HIE Integration Capabilities Describe HIE data model support for: Structured and unstructured clinical data User defined/custom data elements Integration with Business Intelligence, querying and reporting tools Describe HIE data integration, transformation and normalization support in terms of: Support for multiple message transport mechanisms (FTP, TCPIP, HTTPS, etc.) Support for established healthcare standards (HL7 v2.x, HL7 v3, CCD, CCR, CDA) Support for IHE profiles and HITSP IS Support for data normalization to existing standard nomenclature (LOINC, SNOMED, etc.) Support for data anonymization HIE Security Describe HIE security approach to: User identity management Data access management Infrastructure access management References for Data Collected 2010 HIMSS 10
List specific names, titles, articles, websites, etc. 2010 HIMSS 11
Acknowledgments Members of the HIMSS 2009 2010 HIE Portfolio Task Force, who spearheaded the development of this white paper, include: Diane Capaldo, MHA RN Dearborn Advisors Boris Mamkin HIE Specialist Courtyard Group Joe Wagner, MPA, FHIMSS Principal Courtyard Group Michael Kovner Project Manager Central Florida RHIO Mark Muthing Project Development Layer 8 Group Pam Matthews, CPHIMSS, FHIMSS Senior Director, Regional Affairs HIMSS Staff Support pmatthews@himss.org Holly Gaebel Coordinator, Regional Affairs HIMSS Staff Support hgaebel@himss.org The inclusion of an organization name, product or service in this publication should not be construed as a HIMSS endorsement of such organization, product or service, nor is the failure to include an organization name, product or service to be construed as disapproval. The views expressed in this white paper are those of the authors and do not necessarily reflect the views of HIMSS. 2010 HIMSS 12