eHealth Initiative

HiMSS logo

National Committee on Vital and Health Statistics (NCVHS)
Statement of Blackford Middleton, MD, MPH, MSc, FACMI, FACP, FHIMSS
Corporate Director of Clinical Informatics Research & Development, and Chairman, Center for IT Leadership, the Partners Healthcare System; Assistant Professor of Medicine, Harvard Medical School, and of Health Policy and Management, Harvard School of Public Health
Testifying on Behalf of the eHealth Initiative and the Healthcare Information and Management Systems Society
Testimony Before the NCVHS Ad-Hoc Workgroup on the Nationwide Health Information Network
Functional Requirements for the Nationwide Health Information Network
July 26, 2006


Distinguished members of NCVHS and its Ad-Hoc Workgroup in the Nationwide Health Information Network, I am honored to be here today to testify on the following:

  • An overview of health information exchange (HIE) and Regional Health Information Organization (RHIO) development across the United States;
  • Lessons learned from eHealth Initiative (eHI) and the Health Information Management and Systems Society’s (HIMSS) work in this area; and
  • Joint recommendations from HIMSS and eHI on the core functions appropriate for the initial roll-out of the Nationwide Health Information Network (NHIN) within the NCVHS draft NHIN conceptual framework, as seen through the lenses of HIEs and RHIOs and accompanying policy recommendations.

My name is Blackford Middleton. I am the Corporate Director of Clinical Informatics Research & Development and Chairman at Center for IT Leadership in the Partners Healthcare System. I am also an Assistant Professor of Medicine at Harvard Medical School, and of Health Policy and Management at the Harvard School of Public Health.  I am testifying today on behalf of both eHI and HIMSS.  eHI is a national, non-profit, multi-stakeholder organization whose mission is to improve the quality, safety and efficiency of health and healthcare through information and information technology. HIMSS is the healthcare industry’s membership organization focused on providing leadership for the optimal use of healthcare information technology (HIT) and management systems for the betterment of human health.   I have provided leadership at the Board level to both organizations, most recently serving as the Chairman of HIMSS Board of Directors until June 30th of this year. Both HIMSS and eHI are doing vital work and advocating for better quality patient care through HIT. It is my pleasure to present this joint statement on behalf of eHI and HIMSS.

In my remarks today, I will share insights from these two organizations, as well as those that I have gained through my own research in designing and implementing healthcare information technologies in academic and commercial settings, and results from our value-based technology research.

Overview of U.S. Health Information Exchange and RHIO Activity

The US healthcare delivery system is in the midst of a fundamental transformation. Numerous reports from the Institute of Medicine suggest that the adoption of HIT is a fundamental and required step towards improving healthcare delivery efficiency, improving patient safety through reduction of medical errors, and improving the quality of care. Studies we have done at the Center for IT Leadership in Boston suggest that electronic health records with advanced computerized provider order entry capabilities could save the country $44 billion if adopted nationwide. These tools when well designed and implemented can impact physician behavior and decision-making at the point of care. However, to achieve maximal value from healthcare information technology, we need not only to adopt tools that improve clinical information management and decision-making at the point of care, but also to link these systems to one another so that appropriate healthcare information is available wherever and whenever it is needed for patient care. This creates an interconnected, electronic healthcare system, and produces significant additional value for the US healthcare delivery system. In our analysis of the value of healthcare information exchange and interoperability at the CITL, we find that if clinical information were readily shared across key members of the healthcare delivery system (doctors’ offices, hospitals, laboratory centers, radiology centers, payers, and public health agencies) an additional $78 billion potential savings is available. This economic motivation, along with pressure to improve patient care quality and safety, is driving broad interest in health information exchange and RHIOs.

In conjunction with activities at the national level, over the last year there has been a significant increase in the amount of activity at both the state and regional levels, to create an interconnected, electronic healthcare system and drive improvements in healthcare quality and effectiveness. State, community and regional health information exchange (HIE) initiatives and organizations are becoming the underpinnings for a system that will improve how healthcare is practiced.  These entities recognize that healthcare is local and seek to improve the care delivered to patients through achieving care transformation in their own communities. The number of HIEs is growing notably. eHI’s Connecting Communities membership now includes representatives from more than 280 state, regional or community-based collaboratives engaged in health information exchange. [1] “Health information exchange” is defined as the mobilization of healthcare information electronically across organizations and disparate information systems within a region or community. Health information exchange initiatives are designed to support interoperability and facilitate access to and retrieval of clinical data, privately and securely, to provide safer, more timely, efficient, effective, equitable, patient-centered care.[2]

Both eHI and HIMSS are active in supporting HIEs coast-to-coast in our country. eHI’s Foundation, with funding support from the Department of Health and Human Services (DHHS), supports multi-stakeholder HIE collaboration at the state, regional and community levels through both the Development of Regional Health Information Organizations: Support of Gulf Coast Health Information Activities contract with DHHS and the Connecting Communities program, which is supported by a cooperative agreement with the Health Resources Services Administration Office of the Advancement of Telehealth (HRSA/OAT).  These programs, in combination, the latter of which has been in operation since 2003,  provide both seed funding and technical assistance to state and local HIE efforts and produce informative research, and practical tools, and resources valuable to emerging health information exchanges regarding the organizational, legal, financial, clinical and technical aspects of HIE.


In conjunction with the program, eHI has built a “community” of more than 280 state, regional and community-based multi-stakeholder collaboratives  working on HIE within the U.S. who regularly share insights and work to effect change.  In addition to other issues, Connecting Communities is focused on the development of sustainable business models for HIE and building healthcare purchaser and payer awareness of the value that HIE provides. Connecting Communities also provides resources through its “Connecting Communities Toolkit”, initially developed with funding from HRSA/OAT, which is a unique, one-stop resource offering a structured, “how-to” synthesis of principles and tools designed to equip states, regions and local communities with the information and expertise needed to engage in health information exchange. eHI has also provided considerable support to HIE activities in its role as subcontractor to National Opinion Research Center in support of the Agency for Healthcare Research and Quality’s National Resource Center for Health Information Technology.

Since October 2005, the HIMSS RHIO Federation has fostered the RHIO/HIE industry’s development through education, outreach, networking, tools, resources and advocacy activities at the local, state and federal level. The HIMSS RHIO Federation has grown to 58 member organizations across the U.S., Puerto Rico, and in Israel.  The Federation works closely with the 45 HIMSS regional chapters to leverage local and national HIMSS member subject matter expertise.  Through these professional interactions, RHIO Federation members have been able to achieve greater success in three key areas of RHIO/HIE development: business rules, harmonization and chain of trust. Members of the RHIO Federation are supported by a 100+ HIMSS-member task force, chaired by our friend and colleague, Dr. Martin Harris at the Cleveland Clinic Foundation.    Under Martin’s leadership, Work Groups are developing a RHIO Guidebook, special projects demonstrating the applicability of technologies and services that RHIOs can use today, and hands-on RHIO tools for issues such as Privacy & Security. Through HIMSS chapter outreach programs, the 20,000 individual HIMSS members working across the nation are actively connected with RHIO/HIE development in their region.  In addition, HIMSS provides monthly webinars on key RHIO issues, regionally-based RHIO conferences, and national RHIO Symposiums.

The HIT Dashboard ( is the result of a collaborative effort between HIMSS and the Center for Health Information and Decision Systems (CHIDS) at the Robert H. Smith School of Business, University of Maryland. The project was undertaken due to an identified need by many constituents currently serving the HIT industry. The HIT Dashboard provides a color-coded, easy-to-read visual interface that tracks over 500 state, federal, and private HIT initiatives. Our team has been collecting data on several HIT projects for over a year and will continue to update quarterly. Projects being tracked in the HIT Dashboard are AHRQ HIT Grants, DOQ-IT, Medicare Health Support program, RHIOs, Health Information Exchanges, Bridges to Excellence and Private HIT Projects

Another tracking effort is an eHI Foundation survey conducted   on state, regional and community-based HIE efforts since 2004.  This survey serves as a yearly “report card” on the current state of activities related to interoperability and HIE across the U.S..  The latest survey results indicate a dramatic increase in the level of interest in and activity related to mobilizing information electronically across markets to support health and healthcare. Results show that a number of new HIEs have emerged, and in general, such efforts have matured considerably with respect to engagement of key stakeholders, organization and governance, the range of functionality provided, and the technical aspects of health information exchange. These initiatives typically involve a broad range of participants, including hospitals and other healthcare providers, physician practices, health plans, employers and other healthcare purchasers, laboratories, pharmacies, public health agencies, state and local governmental agencies, and most importantly, patients.

Among the HIE efforts identified by the 2005 survey, there was clear evidence of rapid maturation and movement along six distinct developmental stages, with 40 respondents in the “implementation” phase and 25 “fully operational”—up from the nine efforts considered fully operational in 2004.  The key driver moving states, regions and communities toward health information exchange is perceived provider inefficiencies. Seventy-seven percent of all respondents cited “provider inefficiencies due to lack of data to support patient care” as a significant driver for their health information exchange efforts, with 99 percent of all respondents citing this as a significant or moderate driver for their efforts. Additionally, rising healthcare costs was a significant driver for both early stage and advanced stage health information exchange efforts, with 60 percent of respondents citing this as a significant driver.[3]  Some common challenges cited by HIE initiatives surveyed included the need for increased funding and a realignment of incentives and the important role of standards and interoperability in mobilizing information electronically across the healthcare system.  Not surprisingly, these are similar to the challenges inherent in developing a Nationwide Health Information Network.

Overview of Relevant State-Level Activity

In regard to states, the eHealth Initiative has supported 21 states across the country–15 directly and six through its work supporting the AHRQ National Resource Center State and Regional Demonstration program, by helping state leaders engage stakeholders, conduct needs assessments, and develop plans or roadmaps for mobilizing information in their states to improve health and healthcare.  The goal of eHI’s technical assistance efforts is to help state officials and key stakeholders in the healthcare and business communities develop state policy agendas and frameworks which support improvements in health and healthcare in their states through the rapid development and implementation of healthcare information technology and exchange.  State leaders are increasingly recognizing that information technology can help to address many of the healthcare systems toughest challenges.

In fact, research compiled in the new eHI report, States Getting Connected: Quality and Safety Driving Health IT Planning in a Majority of the States in the U.S. reveals that:

  • Health information technology planning in states is on the rise, with 28 states initiating or in the process of planning, and an additional seven states with plans completed and implementation underway;
  • About half of the states in the U.S. have either an executive order or a legislative mandate in place that is designed to stimulate the use of HIT to improve health and healthcare;
  • Emphasis on quality, patient safety and curbing rising healthcare costs rank high as the primary drivers for state leadership around health information technology;
  • Most states are convening or participating in multi-stakeholder groups engaged in dialogue to develop plans for improving health and healthcare through HIT. And, increasingly states are providing grant funds to support not only regional and local HIE efforts, but also the development of plans; and
  • In most cases, either the Governor’s Office or the Department of Health is taking a leadership role in state-wide efforts related to HIT. States from the get-go are recognizing the importance of local efforts, and are taking steps to closely integrate state initiatives with efforts at the regional and local levels. [4]

Technological and data exchange aspects were of particular note. Eighty percent of state leaders surveyed cited “accurately linking patient data” as a very difficult or moderately difficult challenge while 65 percent said that addressing technical aspects, and even system/technology procurement were either very difficult or moderately difficult challenges. Also highlighted was the need for the identification and communication of common technical standards for interoperability, with the federal government playing a key role in assuring that consensus on standards is achieved in the near-term to continue to drive change at the state and local levels.

Survey data also shed light on the most common types of data currently being shared electronically which are laboratory, enrollment and eligibility, claims data, emergency department episodes, dictation and transcription, inpatient episodes (diagnoses, procedures, discharge summaries), outpatient laboratory results, outpatient episodes and outpatient prescriptions.  In addition, the survey highlighted the most common types of functionality for data exchange currently being provided which are clinical documentation, results delivery, consultation/referral, alerts to providers, electronic referral processing, disease or chronic care management, and reminders. [5] I would like to also highlight the current project conducted by our colleagues at the American Health Information Management Association (AHIMA) along with the National Conference of State Legislatures (NCSL) under contract to Office of the National Coordinator for Health Information Technology (ONC).  The purpose of this project is to identify practice and policy guidance for state –level RHIOs in the areas of governance, structure, financing and health information exchange policies. This work effort has included local, regional and state level RHIOs and HIE organizations as well as other industry organizations including HIIMSS and eHI. The results of this project will be published later this year and made available as public domain information.

A tangible set of tools available in the public domain to address health information exchange are the profiles created by IHE (  IHE is a multi-year, global initiative that creates the framework for passing vital health information seamlessly—from application to application, system to system, and setting to setting—across multiple healthcare enterprises. IHE brings together healthcare information technology stakeholders to implement existing industry-adopted standards for communicating patient information efficiently throughout and among healthcare enterprises by developing a framework for interoperability. More than 100 vendors have implemented and tested products based on IHE. IHE improves patient care by harmonizing healthcare information exchange where it matters – within the clinician’s workflow – and provides a common standards-based framework for seamlessly passing health information among care providers, enabling local, regional and national health information networks.  Because of its proven process of collaboration, demonstration and real world implementation of interoperable solutions, IHE is in a unique position to significantly accelerate the process for defining, testing, and implementing the standards-based interoperability that is necessary for a Nationwide Health Information Network.

This process repeats annually, promoting steady improvements in integration through a rigorous, proven process:

  •  Identify Interoperability Problems. Clinicians and IT experts work to identify common interoperability problems with information access, clinical workflow, administration and the underlying infrastructure.
  • Specify Integration Profiles. Experienced healthcare IT professionals identify relevant standards and define how to apply them to address the problems, documenting them in the form of IHE integration profiles.
  • Test Systems at the Connectathon. Vendors implement IHE integration profiles in their products and test their systems for interoperability at the annual IHE Connectathon. This allows them to assess the maturity of their implementation and resolve issues of interoperability in a supervised testing environment
  • Publish Integration Statements for use in RFPs. Vendors publish IHE integration statements to document the IHE integration profiles their products support. Users can reference the IHE integration profiles in requests for proposals, greatly simplifying the systems acquisition process.

Privacy, Security and Identity Considerations

Keeping health information private and secure while ensuring appropriate access is essential to consumer trust and the success of both HIEs and the NHIN.  The contract work conducted within the Department of Health and Human Services and the Office of the National Coordinator related to privacy and security, standards harmonization, certification, and architecture, all produce enormous learnings in this area and will help pave the way for improvements.

However, experiences in the field reveal the need for policies, tools, and frameworks for assuring that data is not only secure, but also that appropriate privacy and confidentiality safeguards are in place; as well as communications tools to effectively communicate with consumers regarding how these issues are being handled.

Important public-private sector partnerships, such as the Markle Foundation’s Connecting for Health initiative [see], with additional support from the Robert Wood Johnson Foundation, have provided a great deal of guidance on these issues as well as key principles and policies for information sharing. One key applicable product of this collaboration is the Connecting for HealthCommon Framework which provides an essential set of technical and policy resources for private and secure health information sharing among existing and developing health information networks. The Common Framework includes 16 technical and policy components developed by experts in information technology, health privacy law, and policy, and tested since mid-2005 by Connecting for Health prototype teams in Indianapolis, Boston, and Mendocino County, California.

The Framework was developed with input from  key public and private sector leaders and demonstrates how various health information networks can share information while protecting privacy and allowing for local autonomy and innovation. It contains information on an overall privacy architecture, policy recommendations regarding patient notification, how users can be correctly identified, audit responsibilities of HIEs, linking patient information from multiple sources, and what to do in the event of breaches of confidentiality.  To protect privacy, the Connecting for Health Common Framework architecture recommends use of a record locator service (RLS), an index that identifies where specific patient records are kept, but not what information the records contain. This approach allows records to be stored locally by doctors and hospitals and only shared electronically with other providers when appropriate and authorized by the patient. The Common Framework also relies on common, open web standards, making this approach both affordable and achievable.  One of the key functions of the Common Framework is to enable a diverse group of existing and developing networks to have a common way to share health information. The Common Framework makes it possible for health organizations working within regions, as well as those that are not limited to one geographic region, such as a group of specialty providers in multiple regions, to have a common way to communicate with one another.

Privacy, confidentiality and security issues continue to be a challenge at the state and local level. Indeed, seventy-six percent of state leaders recently surveyed cited addressing privacy and confidentiality issues as a very or moderately difficult challenge.[6]   These concepts are no longer theoretical. Many real-life observations are also beginning to emerge from communities engaging in health information exchange. A review of nine such communities found that when discussing policies for information sharing, the communities faced and resolved many issues.  An early decision required of the communities was whether their system should allow patients to opt-in or opt-out of data sharing.  Both methods were utilized by the communities under different circumstances.  Another issue addressed by the communities was whether patients would have access to their data within the HIE and whether they would be able to update or change the data.  Most communities chose not to implement patient access and decided instead to focus on access for participants.  Communities also established security practices that included: physical security, protecting against physical destruction or intrusion; administrative security, establishing administrative practices, such as user authentication methods, user permissions, and audit trails; and technical security, keeping unauthorized users from the data.  Next, the communities set out the policies for enforcement, including enforcement of business associate agreements and procedures for breach.  Finally, the communities established confidentiality agreements among the participants to encourage trust, despite the fact they may be direct competitors.  To enable the communities to address some of these issues, within the next few months the HIMSS Privacy & Security Steering Committee will be producing a security assessment tool for RHIOs designed to provide guidance and practical assistance.

When weighing data storage options and an HIE retrieval architectures, most communities chose a federated approach, which allowed participants to maintain control of their respective data repositories. Communities also had to find ways to match patients to records held by the participants. They identified methods to normalize the data so the data could be shared by the participants. This included normalization of messages at the application layer, most communities using the HL7 standard for clinical messages, and normalization of terminology and coding standards.  Finally, communities created an authentication mechanism for participants.  Communities used three different methods including: transitive trust, central authentication, and authentication at each source. [7]

When communities begin to implement privacy and security measures, they often look to their peers and industry colleagues for guidance and assistance.  Our experience has been that members of the Connecting Communities and RHIO Federation find value in information sharing amongst the groups.  The networking and relationship building leads to experience sharing that is trusted and effective.

Additionally, the HIMSS/CPRI Privacy and Security Toolkit [] has become an essential guide for privacy and security implementation. Developed by leading members of the healthcare privacy and security community, the HIMSS/CPRI Toolkit outlines general principles and provides best practice and examples of how health care providers should manage privacy and security. Sections of the Security Toolkit identify key activities to integrate into the process of managing information privacy and security, including:

  • Monitoring and adjusting to the changing laws, regulations, and standards;
  • Developing, implementing, and continuously updating privacy and security policies, procedures and practices;
  • Enhancing patient understanding of the organization’s information privacy and security efforts; and
  • Institutionalizing responsibility for information privacy and security.

Organizations have used the Security Toolkit since 1993.  The Security Toolkit has maintained its high level of recognition throughout the industry since 2002 when CPRI-HOST and HIMSS merged.

 Another important aspect of the privacy and security debate is testing and validating the feasibility of bringing to healthcare solutions that have been successful in other industries.  In June 2006, HIMSS and the General Services Administration began collaborating on a pilot project to address the E-Authentication Service Component of eGovernment (eGov) in the healthcare setting.  The pilot will attempt to transfer the success of the eGov Infrastructure to healthcare.  Using the eGov infrastructure as a foundation, the RHIOs will participate in the development of an interoperable and secure architecture that can be used to exchange patient health information within, and outside of, the RHIO setting.

The pilot program consists of seven RHIOs that are members of the RHIO Federation.  The RHIOs represent a high degree of technical competency, broad geographic coverage and diverse needs for E-Authentication services. Each RHIO is also in a different stage of implementation, from initial steps to broad applications.  A final report is expected to be shared with the GSA and the health care and health information technology industry by October 2006.

Recommendations on Core Functions for Initial Roll-Out of the NHIN (HIEs and RHIOs)

NCVHS requested that we address in our testimony recommendations on the core functions appropriate for the initial roll-out of the Nationwide Health Information Network (NHIN) within the NCVHS draft NHIN conceptual framework and standards to implement the core requirements, as seen through the lenses of HIEs and RHIOs. We feel compelled also to address certain policy and economic barriers as well and make recommendations in these areas in addition to technology recommendations.

The joint recommendations of eHI and HIMSS are below.  We believe that the initial roll-out of the NHIN should set a minimal level of standards for secure healthcare transactions over the internet and a minimal set of services to support those interactions, leaving the NHIN open to evolution over time in much the same way as the establishment of the ARPAnet enabled the evolution of the internet and the world-wide-web.  The Proposed Nationwide Health Information Network Functional Categories can be prioritized under this philosophy into three categories; those essential functions that must be established before “early adopter” health information exchange initiatives can take advantage of it, those early value functions that make it easier for HIE initiatives to take advantage of the network, and those “nice to have”functions that would provide extended functionality on the network.

At a minimum all message senders and receivers must be authorized and authenticated and all messages must be signed and encrypted.  These characteristics require the following functionality above and beyond the basic connectivity of the internet: Security.  The word security implies a world of policies, procedures, and technology that must act together to accomplish a simple goal; to ensure that information is used and disclosed only by appropriate people and for purposes that are authorized.  For this initial roll-out of the NHIN, however, this concept can be reduced to the security features that must be overlaid onto the internet to provide confidential communications between known participants in the NHIN; identity, authentication, electronic signature, encryption, and authorization.  Nationally accepted standards for these functions must be implemented by all who wish to communicate over the NHIN.  There are several standards, approaches, and technologies available today for each of these functions HITSP ( has established an initial process for resolving gaps and overlaps in the HIT standards landscape. In June 2006, with the involvement of nearly 200 stakeholder organizations, HITSP reduced 570 candidate standards to 90 appropriate standards for secure exchange of medication, lab, and demographic data. No later than September 29, 2006, HITSP will deliver unambiguous interoperability specifications which will enable vendors, hospitals and government to create software components for clinical data exchange. HITSP’s attempt to bring the consensus of the industry is a result of significant, directed activity by the federal government.  We believe that the NHIN functional categories of Confidentiality, Identity, Authentication, and Authorization should be give the highest priority, with the understanding that the standards for electronically signing (to assure non-repudiation) and encrypting (to preserve confidentiality) information are essential components of the secure infrastructure that must result.

1.      In addition to these standards and technologies to support security, agreement is required between the participants in the NHIN on basic principles, policies, and procedures to maintain confidentiality of the information that is being exchanged.  These are well described in the Connecting for Health Common Framework documents referred to earlier.

At the ‘early value’ priority level, having standards for some simple, high value potential use cases of health information exchange would be very useful.  These cover the functional categories of: Data content, Data retrieval (pull), Data transmission (push), Identity/information correlation, and Record location.  The Connecting for Health Common Framework also sets standards for an initial set of such functionality.  Such standards are also being refined and tested through the work of the HITSP and NHIN prototypes funded by the Office of the National Coordinator. Development of these standards will lead to many benefits including identification and effective implementation of minimum data sets shared across organizations representing patient clinical, demographic and payer information.  Universal identification and implementation of these standard data sets can support solving many healthcare delivery issues experienced today that arise from the lack of quality and consistent patient data exchanged across organizations.  The ability to exchange good solid information across all RHIO and HIE stakeholders including providers, patients, payers and employers will lead to successful integration with the NHIN.

2.      In addition, existing technology tools can be more effectively used such as with enterprise patient indexing which is a critical tool to manage specific patient records within organizations as well as facilitate effective use of record locator standards at other organizational levels.  In short, these efforts build the foundation for a consistent and standard technical environment supporting all the key stakeholders including patients, providers, payers as well as the NHIN. We consider the remaining NHIN functional categories to be ‘nice-to-have’ and expect them to be given a lower priority.

It is important to remember that, RHIOs developed from a grass roots level in many respects to fill a gaping hole for shared health information. These self-described RHIOs and HIEs formed with varying business missions, objectives and technical infrastructure.  Now, the “nuts and bolts” of how to share information needs to be developed in a consistent and standardized manner.

One view is that the essence of the NHIN is the constellation of these grassroots RHIOs that are interconnected over the internet using a common set of standards. Other services that support all participants may be added, but the interconnectivity and ability to securely exchange health information between state-level, regional, or otherwise affiliated health information exchange organizations is the core of the NHIN.  The implication for the NHIN for the relatively rapid development of such HIE initiatives around the country is that the standards that will allow them to interconnect must be set quickly in order that their efforts are not wasted on exchange methods that must be replaced when the interconnectivity standards are finally set.

If these recommendations are followed, the NHIN can truly fulfill its goal of fostering widely available services that facilitate the accurate, appropriate timely and secure exchange of health information.

The success of HIEs and RHIOs across America is, of course, not based on successful technical and information sharing practices alone but instead on a complex interplay of organizational, legal, governance, funding, sociocultural and workforce change issues. Underlying all of this must be informed public policy approaches that support and incent care system transformation, as well as further stimulate market mechanisms that support HIT adoption. While standards are a fundamental requirement, addressing these associated polices and issues are the crutch for the future success of RHIOs and HIEs as well as the subsequence integration with the NHIN.

The work of eHI, HIMSS and CITL with the multitude of stakeholders in healthcare as stakeholders involved in state, regional and community-based efforts across the U.S. reveal multiple policy barriers that impede widespread HIT adoption and health information exchange: the misalignment of incentives and lack of a sustainable business model for HIT and health information exchange investment and the need for standards adoption and interoperability are key among these.

Misalignment of Incentives and Lack of a Sustainable Business Model

As already mentioned, RHIOs developed from a grass roots level with varying business missions and objectives.  Already, experience has shown that their success is dependent on their to ability to articulate anddemonstrate a clear value proposition to those participating in the RHIO or HIE effort.  In short, “What are the benefits gained from participating in a data exchange effort as compared to the cost required to participate?”   To date, there has not been an “overall” economic incentive across the country to drive the local players and communities to participate in RHIOs and HIEs.   This lack of an overall economic incentive is also, impacting the ability of RHIOs and HIEs to develop business and financial plans that sustain their organizations over time.  More mature RHIO and HIEs are experiencing the challenge of finding solid business opportunities that will drive their long term financial sustainability as an organization.

In addition, there is the issue of not having HIT in place within local communities who would potentially be participants in RHIO and HIE data exchange efforts. Once again, this becomes a value and financial proposition for those local participants who need to purchase and implement these systems. For example, physicians currently face a significant financial hurdle when exploring the purchase of an EHR system for their practice. Costs may be significant and the implementation process can be complex, taking precious time away from direct patient care.  The difficulties arise from today’s current physician practice business model. On one front, physicians must secure funds for upfront HIT purchases and implementation costs, ongoing operational costs of the physician practice as well as cover costs require for integration into a future health information exchange. However, the physician must balance these costs with a revenue stream fraught with fundamental problems which stems from our nation’s prevailing reimbursement methods.  The current system rewards the volume of services delivered instead of either the outcomes or processes that would result in higher quality, safer, more efficient, or more effective healthcare. Research also suggests a fundamental misalignment of incentives between providers purchasing HIT and those who fund healthcare. Economic analysis suggests that the benefits of HIT do not accrue to those who invest in these technologies.

While the conflicting financial incentives of the healthcare system raise complex policy questions about who should pay for development and implementation, the misalignment of incentives and the economic imbalance that exists between those who purchase HIT and those who benefit from its use must be acknowledged and intelligently addressed through funding and incentive approaches that recognize the economic and distributive reality of HIT costs and benefits.  The most effective approaches will combine upfront funding for HIT and HIE—through grants, loans and other sources of capital—with changes in reimbursement.  Obviously, new funding and incentivizes should support those applications that are standards-based to enable operability and connectivity and recognize the evolving nature of standards and interoperability processes.  If incentives can be established to encourage these local efforts, and national standards can be established for them to adopt from the start, HIE networks may one day be knit together into a seamless, national health information network, although as we all know, this will not occur without some federal leadership.

It is important to note that in the area of misaligned incentives and sustainable HIE business models, that substantive work is being done this year to enhance current market assessment tools, build a more user friendly cost model for HIE and shed light on the components of a sustainable HIE business model. Stay tuned.

Other Public Policy Issues

Other public policy issues of note include the need to establish a business case and legal framework for HIE/RHIO formation to mitigate ‘first mover disadvantages’ and manage funds flow among value-chain participants in the healthcare delivery system.

Leadership is greatly needed to establish policy in regard to national medical and nursing licensure (including  reciprocal licensure or credentialing between states) so that HIE is supported for remote services potential across state boundaries. RHIO and HIE organizations have identified potential benefits and future opportunities in providing medical services to rural and underserved populations of our country through telemedicine and other data exchange avenues. These efforts will not continue until the licensure issue – specifically reciprocal licensure across states – is resolved.

Data ownership and stewardship policy issues must be addressed in order for RHIOs and HIEs to move quickly forward with data exchange after standards are defined and adopted.  From a legal and policy perspective, there must be final resolution to questions such as “who owns the patient data?” and “who has rights to share and use the patient data?” Patient consent laws and regulations play a critical role in answering these questions.  Currently, patient consent laws in regard to handling patient data is handled in various ways across the country.  In addition, the current HIPAA privacy and security laws are creating confusing on this landscape as well. Until these issues are clearly address both from a legal and regulatory perspective,  RHIOs and HIEs will continue to run into stumbling blocks and barriers at the local, state and national level prohibiting or limiting their ability to effectively provide data exchange.

In addition, other policy issues that must be addressed include creating new physician self-referral exceptions and Federal anti-kickback statute safe harbors which encourage appropriate, wider use of HIT, and promote or provide for the interoperability of healthcare information across healthcare settings.

The Administration, a number of members of Congress, some states, and several private sector efforts have introduced policies and initiatives designed to address the barriers that impede improving the quality, safety and efficiency of healthcare through HIT and HIE. Notable progress has been made through the efforts and visibility brought to the issued by President George W. Bush, Department of Health and Human Services Secretary Mike Leavitt, the American Health Information Community, Dr. David Brailer and the Office of the National Coordinator of Health Information Technology and the visionary leaders in other key government agencies.  However, much work remains.

Standards and Interoperability

The National efforts designed to achieve consensus on and promote the adoption of standards could not be more timelyHealth information exchange initiatives are in the midst of engaging in the difficult work related to getting organized; engaging stakeholders; defining goals, objectives, and priorities; and developing sustainable business models. As this work continues to migrate towards the implementation of technical networks, leadership on both the development of new and communication of the many existing standards at the national level will be critical to enable interoperability across markets. The Integrating the Healthcare Enterprise initiative has been providing the collaborative venue and leadership to assemble a technical framework that can be used to communicate the various standards necessary and detailed integration profiles for participants to implement.  The integration profiles that IHE has developed can be used as building blocks to achieve interoperability across these markets.

Innovative programs designed to facilitate public and private sector seed funding of emerging health information exchange efforts must be developed and implemented if goals related to widespread interoperability are to be achieved. While federal efforts can play a critical role in addressing this challenge, they should be designed to stimulate investment by the private sector as well as state and local government agencies to facilitate widespread interoperability.


In conclusion, I’d like to thank NCVHS for providing me the opportunity to share my insights and expertise and those of eHI and HIMSS today. There is a long road ahead but it is filled with the promise of better health for all Americans in their own communities if we work together and get it right.  Nothing could be more important and HIMSS and eHI will be there to help every step of the way.


Center for Information Technology Leadership: The Center for Information Technology Leadership is a not-for-profit research organization

based at Partners HealthCare in Boston. Using a rigorous, analytic approach, CITL assesses clinical information technologies and disseminates its findings to help provider organizations maximize the value of their IT investments, help technology firms understand how to improve the value proposition of their healthcare products, and inform national healthcare IT policy discussions. Chartered by Partners HealthCare, which was founded in 1994 by Massachusetts General Hospital and Brigham and Women’s Hospital, Dr. Middleton is Chairman of the CITL and supported by a strategic alliance with HIMSS, and assisted by teams of experts in healthcare delivery, business, and informatics.  For more information, visit

eHealth Initiative (eHI): The eHealth Initiative and its Foundation are independent, non-profit affiliated organizations who engage the multiple stakeholders in healthcare, including clinicians, employers, health plans, healthcare IT suppliers, hospitals, laboratories, patient groups, pharmaceutical and medical device companies, pharmacies, state, regional and community-based HIE initiatives and RHIOs, and public health agencies, to improve the quality, safety, and efficiency of healthcare through information and information technology. For more information, go to

HIMSS (Healthcare Information and Management Systems Society): HIMSS is the healthcare industry’s membership organization exclusively focused on providing leadership for the optimal use of healthcare information technology and management systems for the betterment of healthcare. Founded in 1961 with offices in Chicago, Washington D.C., and other locations across the country, HIMSS represents more than 20,000 individual members and over 300 member corporations that collectively represent organizations employing millions of people. HIMSS frames and leads healthcare public policy and industry practices through its advocacy, educational and professional development initiatives designed to promote information and management systems’ contributions to ensuring quality patient care. For more information, visit

[1] Emerging Trends and Issues in Health Information Exchange: Selected Preview Findings from the eHealth Initiative’s Third Annual Survey of State, Regional and Community-Based Health Information Exchange Initiatives and Organizations, July 2006

[2] Emerging Trends and Issues in Health Information Exchange: Findings from the eHealth Initiative’s Second Annual Survey of State, Regional and Community-Based Health Information Exchange Initiatives and Organizations, August 2005

[3] Emerging Trends and Issues in Health Information Exchange:  Selected Preview Findings from the eHealth Initiative’s Second Annual Survey of State, Regional and Community-Based Health Information Exchange Initiatives and Organizations, August 2005

[4] States Getting Connected: Quality and Safety Driving Health IT Planning in a Majority of the States in the U.S, eHealth Initiative, July 2006

[5] Emerging Trends and Issues in Health Information Exchange: Selected Preview Findings from the eHealth Initiative’s Third Annual Survey of State, Regional and Community-Based Health Information Exchange Initiatives and Organizations, July 2006

[6]States Getting Connected: Quality and Safety Driving Health IT Planning in a Majority of the States in the U.S, eHealth Initiative, July 2006

[7] eHealth Initiative Foundation Preliminary Evaluation of Period 1 Connecting Communities Contracts, July 2006