In Emerging Data Networks, a Role for HIM: Regional Data Exchange Presents New Questions for Fundamental HIM Issues

by Dan Rode, MBA, FHFMA

Health information exchange (HIE) has been the focus of much activity this year. There are currently more than 150 HIE projects under way, depending on who you ask and what you’re asking. A few HIEs are more than a decade old; most, however, have been initiated in the last few years.

Each project addresses the movement, storage, and sharing of personal health information (PHI), something that has been the purview of the HIM profession for decades. While HIEs are electronic in nature, the functions needed to manage the information are similar to those in a paper environment. Addressing these issues for electronic practice does require a new mind-set, but at root the issues are fundamental HIM concerns that require HIM involvement.

Privacy and Security

The HIM profession has prided itself on protecting patient confidentiality, maintaining the security of the paper record and managing access within and from outside the organization. With the onset of HIPAA, HIM professionals expanded their involvement with privacy, security, and release of information. EHR implementations have not lessened these responsibilities, but raised new challenges. And the advent of HIEs has raised even more new issues.

Confidentiality and security will be integral in the successful transformation from paper to electronic health data. AHIMA’s 2006 privacy and security survey, however, finds that some support for privacy activities has waned in the industry due to fewer resources. This comes at a time when consumers hear about security breaches and identity theft almost weekly. It also comes at a time when consumers have voiced concerns regarding discrimination due to possible PHI misuse.

In recent months, several groups have approached Congress seeking to repeal the HIPAA regulations in favor of stricter requirements that would constrain the movement of PHI, in some cases even within a healthcare organization. Presently, however, some in Congress are content to let the Office of the National Coordinator for Health Information Technology proceed with its studies of state-based privacy practices rather than reopen HIPAA. How privacy might be addressed in a new Congress once the results of the studies are completed remains to be seen.

The environment is changing, and the answers may need to be revisited from new perspectives. However, the basic principles for confidentiality remain, and projects, whether local or national, require HIM involvement to ensure that the questions and challenges are considered in light of consumer trust and confidence. Additionally, privacy and accessibility must be balanced. HIE projects must ensure that health information is available where it is needed.

Many Questions, Little Consensus Yet

HIEs bring additional challenges. Where should the data reside-in a central repository, in regional repositories? Or should electronic data stay in the originating organization? If so, what information should flow freely and what information needs additional protection (e.g., records related to mental health, substance abuse, or AIDS)?

If healthcare information related to an individual resides with multiple providers, as is often the case, how do we identify the individual so that all the needed information can be compiled? Should the patient’s identifier be national, state, or regional? Should it be a unique number or a collection of factors? State or regional networks suggest that there may be a need to exchange information across such networks. What process do we use in this case?

Authentication is another issue that is raised often but still has had limited answers and consensus. How do we know that the entity seeking the information has the right to receive it, whether the requestor is alleged to be the patient, patient representative, healthcare provider, or a government entity? How will subpoenas, court orders, and law enforcement requests be handled and authenticated in the electronic world of an HIE?

All of these questions are currently on the table, but not necessarily in each and every HIE project. To date there has been no national agreement on any of these needs, and it is not clear whether the answers will be national or local. What is clear is that the questions must be answered and PHI protected, or consumers, already leery of the security of their demographic data, will not want to participate in this new era of health information exchange.

Helping Find Answers, Ensuring Quality

Education and understanding are needed if communities of any size are going to address these issues. The HIM profession can bring decades of study and experience to new roles as community educators. HIM professionals must also be involved in ensuring data integrity. The electronic record must be built to meet the primary needs for clinical care. At the same time, demands are increasing for external or secondary reporting of health information for uses including quality measurement, injury reduction, research, public health, cost controls, and policy making.

In an environment where a record may be made up of a variety of information from different databases, not a single file, what should be produced if a record is requested for clinical, legal, or other reasons? At some point in the near future electronic records will need to be defined and accepted or the paper record as we know it will not go away. While AHIMA is working with others on this issue, this will become an issue that must be addressed in each state and to some degree in every organization that maintains health records.

HIM also has an important role advocating and advising on data quality. As electronic data exchange grows, ensuring appropriate application of coded data is emerging as a major issue. Congress and healthcare employers-the major payers of healthcare-are demanding data that provide a concise and accurate picture of individual or population health. Many projects announced over the past few months cite the use of claims data without noting the limitations of such data.

When and where today’s claims can appropriately be used is certainly in the realm of HIM expertise, as are the alternatives for data collection, storage, and disclosure for a variety of secondary purposes. While some uses of healthcare claims data may, for lack of more precise data, be appropriate, HIM professionals must lead the way to more accurate data in the future, so that the industry can make full use of quality information for quality health.

HIE projects and electronic data exchange, whether national or local, will be the defining entities for health information in the future. Today HIM professionals must become involved in such projects both as representatives of the profession as well as for their various sectors of healthcare. The opportunity to fashion the environment now and in the future depends on this involvement.

A Note of Thanks
Earlier this year AHIMA asked members to write members of Congress to support health IT legislation, including language to upgrade the ICD-9-CM classification to a 21st-century standard. Members sent more than 2,500 letters to the House of Representatives. Several state HIM associations also sent letters as a whole. These letters made a significant impression on Congress, as the House passed the Better Health Information System Act. A conference committee between the Senate and the House will iron out the differences between it and the Senate version. AHIMA would like to thank those who took the time to support this effort. Your support is greatly appreciated.

Dan Rode ( is AHIMA’s vice president of policy and government relations.

Article citation:
Rode, Dan. "In Emerging Data Networks, a Role for HIM: Regional Data Exchange Presents New Questions for Fundamental HIM Issues." Journal of AHIMA 77, no.8 (September 2006): 18,20.