Practice Brief: Health Informatics
Standards and Information Transfer: Exploring the HIM Role
HIM professionals need knowledge and tools to advance the use and value
of health information. Technology can improve methods to collect, maintain,
and transfer patient health information in electronic formats. To take
advantage of what technology has to offer, we need to develop uniform
practices, common techniques, or standards so that information can be
communicated between individuals or points of care with disparate information
systems. Institutional and inter-institutional strategies help the HIM
industry to move beyond paper to safe, secure electronic methods to exchange
health information. Standards development organizations help by offering
guidelines and the experience of others for benchmarking change.
Framework for Developing Standards in the United States
Standards are models approved by an authority or by
general consent and specify hardware or software, communications protocols,
or data definitions (1). They
are detailed guides that address health information and technology for
text, images, instrumentation, and more. We adopt these standards to:
- enable the electronic exchange of data between two or more computer
systems by establishing the format and sequence of data during transmission
to more efficiently accomplish interoperability between computer systems
- reflect the existing clinical and administrative data contained in
both paper and electronic data systems to maintain patient data consistently
in growing electronic health record systems
- transfer health data using predictable business processes and accommodate
necessary ethical and regulatory demands
- foster electronic transmission as a business strategy
- promote efficient information sharing among individual computer systems
Standards are organized in four general categories:
vocabulary, structure and content, messaging, and security. The categories
of standards related to information transfer discussed in this practice
brief are messaging and security standards and, in particular, selected
organizations involved in these standards. "Relationships Between Standards"
on page 68B illustrates how diverse standards relate (2).
Standards oversight in the United States is managed
through the American National Standards Institute (ANSI), a private, nonprofit
membership organization that serves as a clearinghouse for nationally
coordinated voluntary standards, provides information on foreign standards,
and represents US interests in international standardization work. In
addition, ANSI is the sole US representative and member of the two non-treaty
international standards organizations: the International Organization
for Standardization (ISO) and the International Electrotechnical Commission
Standards development organizations (SDOs) address a variety of aspects
of health information and informatics. For example, the American Society
for Testing and Materials (ASTM) and Health Level 7 (HL7) target clinical
data standards. Insurance and remittance standards are a focus of the
Accredited Standards Committee (ASC) X12N Insurance Subcommittee. Standards
to transmit diagnostic images are developed through ACR-NEMA, also known
as DICOM (Digital Imaging and Communications in Medicine). Community pharmacy
messages are represented by the National Council on Pre- scription Drug
Programs (NCPDP.) The Institute of Electrical and Electronics Engineers
(IEEE), HL7, ASTM, and others develop data models and frameworks.
History tells us that legislation and regulation rely on established
standards to form the expectations of the industry and the public. Regulatory
developments frequently correspond to recognized healthcare standards
such as those of the Joint Commission on Accreditation of Healthcare Organizations.
Accreditation requirements for the Joint Commission and the National Committee
for Quality Assurance (NCQA) call for specified content of patient records
as well as contain policy requirements for confidentiality and security.
The most recent and major regulatory requirements for
standards applications are contained in the Health Insurance Portability
and Accountability Act of 1996 (HIPAA) (4).
This legislation and resulting regulations call for data standards
in the following eight claims and billing transactions as well as security
standards in preparation and implementation of these transactions:
- healthcare claim or encounter
- enrollment and disenrollment in a health plan
- eligibility for a health plan
- healthcare payment and remittance advice
- health plan premium payments
- health claim status
- referral certification and authorization
- coordination of benefits
The mandatory transaction standards are adopted from
the ASC X12N. In addition to these, standards for retail pharmacy transactions
were adopted from NCPDP (5).
Explicit mandatory standards in the area of privacy
and security were released in the proposed HIPAA privacy and security
rules. ASTM standards that address policy and technical provisions for
confidentiality and security generally correspond to the privacy and security
provisions contained in the HIPAA legislation. Of particular interest
in this area are the ASTM standards that address electronic authentication
of healthcare information, guides for confidentiality, privacy, access
and data security principles, authentication of healthcare information
using digital signatures, technical security frameworks, information access
privileges and more. Refer to The Annual Book of ASTM Standards for a
more detailed listing (6).
A voluntary consensus process gathers interested individuals from industry,
consumer groups, specialty domains, agencies, professional organizations,
and vendors to develop a concept and express it in a recommended course
of action or standard. Then, a document is drafted to further refine the
concept and work through details by an interactive voting process to assure
that the completed standard has been accorded fair review prior to publishing.
The particular value in this process is that it brings together key players
and allows the industry at large to come to agreements. When this happens
in ways that further the public good, the federal government tends to
look to these standards when regulation needs arise. Even though progress
is in evidence in the HIPAA requirements' application of X12N transactions
standards and PCPDP pharmacy transactions standards, voluntary work continues
to develop standards for the benefit of the industry in vocabulary, structure
and content, messages, and security. Refinements of existing published
standards are ongoing; new standards are proposed as needs are identified.
Information Transfer and Selected Standards Development
Message format development is addressed by the following organizations:
ASC X12N, ASTM, DICOM, HL7, IEEE, and NCPDP. We will consider the following
SDOs for their role in information transfer:
ISO: An ISO standard for worldwide
communication, the open systems interconnection (OSI) reference model
is designed to organize standards within seven layers to provide a framework
that ensures that devices and software from different vendors can work
together (7). This model defines
the rules for transmitting data across a network. Note the levels and
their function in "Levels for Transmission of Healthcare Data," page
68C. Each layer is responsible for a particular aspect of com- municating
data. While transmission details for the lower levels may be used across
industries and applications outside of healthcare, HL7 has developed
standards to address the specific application level for healthcare (8).
ASC X12N: the ASC X12N Insurance Subcommittee
develops and maintains X12 standards, standards interpretations and
guidelines, and UN/EDIFACT* messages relating to personal and corporate
insurance, pension funds, medical records associated with insurance
administration, state and federal reporting requirements, and reinsurance
administration. These standards are identified for use with HIPAA implementation
ASTM: organized in l898, ASTM publishes standard
test methods, specifications practices, guides, terminologies, and classifications.
ASTM E1384 and E1633 Standard Coded Values for Electronic Health Record
Data provide a model for data dictionary development for institutional
electronic health records (10). These
standards specify data dictionary definitions and characterizations
that have been reconciled with data elements in HL7 and X12N. ASTM E1869
Standard Guide for Confidentiality, Privacy, Access, and Data Security
Principles for Health Information Including Computer Based Patient Records
provides explicit direction to policy design in this area. Examples
of additional E31 standards subjects are transcription, XML, terminology,
personal health records, and technical security provisions.
HL7: founded in l987, HL7 refers to the application
level or the highest level of the ISO model for worldwide communication
(11). HL7 has developed detailed
messaging standards, which enable the electronic exchange of data between
two or more disparate computer systems by establishing the format and
sequence of data during transmission. These provide specifications for
exchanging information among computer systems and when sending information
between organizations. The term "HL7 compliant" refers to vendor capability
to offer interoperability using HL7 standards and the language HL7 compliance
may be included in contract language for commercial vendors.
NCPDP: NCPDP develops standards that define
how to send prescription information from pharmacies to payers, for
prescription management services, and for receiving approval and payment
information back in near real time. By the late 1990s, more than 90
percent of community pharmacies and nearly 70 percent of outpatient
prescription services used NCPDP standards. Like ASTM, this organization
strives to coordinate and work with HL7 and X12N to improve coordination
of drug prescription messages of HL7 and billing messages of X12 (12).
Practical Actions for HIM Professionals
Health informatics standards will play significant roles as electronic
data management increases. It is important that HIM professionals move
beyond general familiarity with informatics standards to specific knowledge
acquisition in order to serve as a profesisonal resource to healthcare
organizations. Following are practical steps to consider:
- Establish a file on health informatics standards and begin to build
your knowledge level in this area. Become an expert on standards
that affect patient data and health information business processes.
Even though standards are evolving, we can not afford to defer to others
on this topic. At a minimum, understand the relationship and major topic
areas for X12N, ASTM, HL7, and NCPDP. Exploring additional standards
- Acquire information about the HIPAA regulatory
requirements for eligibility, claims processing, and billing. Become
familiar with HIPAA compliance plans and understand how these requirements
affect your organization. Understand the implementation timelines (13).
- Investigate the data systems in your organization that are used
in eligibility, claims, and billing processes governed by HIPAA.
Verify HIM business processes that connect to these functions. Determine
whether data definition or format changes need to be planned in preparation
for regulatory implementation. See that related HIM processes are updated
- Investigate the ASTM policy
and technical standards for confidentiality and security. Correlate
these with the HIPAA privacy and security regulations to help develop
organizational compliance plans (14).
Serve as a resource to your organization for requirements on
privacy principles and practices, patient authorization, notification,
and other provisions. A recent HealthKey Privacy Advisory Group report,
"A Framework and Structured Process for Developing Responsible Privacy
Practices," includes tables that compare HIPAA requirements with several
SDOs' recommendations (15) .
- Access information on HL7 and understand how HL7 fits into
the information systems environment generally in healthcare organizations.
- Determine if HL7 standards are used in your organization. Note
that although HL7 message standards may be adopted in your organization,
the manner in which the standards are used can be highly customized
so those vendors can accommodate product variability, among other reasons.
Investigate how your organization uses message standards.
- Keep pace with the healthcare industry's standards development
and professionally endorse these efforts. NCVHS calls for recommendations
to strengthen government roles in standards development and acceleration
though funding and agency accountability. The Guiding Principles for
Selecting Patient Medical Record Information Standards for NCVHS Use
employ the following criteria and more:
- improve the efficiency and effectiveness of the health system
for delivering high-quality care
- meet the data needs of the health community, particularly providers,
patients, health plans, clearinghouses, and public health organizations.
- will support making patient data available in the least personally
identifiable form practical when used or disclosed for intended
- will include strong protections for privacy of patients where
- will be consistent with the other HIPAA standards
- Join a standards development organization. HIM professionals'
contribution to this work is essential to assure comprehensive attention
to health information business processes. Membership fees are often
nominal and progress can be tracked through mailings or through personal
participation in development sessions. ASTM meetings are held in conjunction
with the American Medical Informatics Association and the "Toward An
Electronic Patient Record" annual meetings.
HIM professionals are in a position to reinforce the application of standards
in the healthcare community and educate their colleagues about them. Their
priorities and emphasis on health informatics standards helps set expectations
for health information customers-from patients to providers of all kinds.
Standards advocates contribute to the longitudinal view of health information
within and among systems by calling for unified expectations about how
data is defined, stored, and transferred to meet the users' needs. Become
an activist in development and application.
Gretchen Murphy, MEd, RHIA
Mary Brandt, MBA, RHIA, CHE
Gwen Hughes, RHIA
Karen Grant Harry Rhodes, MBA, RHIA
1. Brandt, Mary D. "Health Informatics Standards: A User's
Guide." Journal of AHIMA 71, no. 4 (2000): 39-43. Available at
2. Murphy, Gretchen M., Mary Alice Hanken, Kathleen A.
Waters. Electronic Health Records: Changing the Vision. Philadelphia,
PA: W.B. Saunders, 1999, page 100.
3. International Organization for Standardization Web
4. Health Insurance Portability and Accountability Act
of 1996. Public Law 104-191.
5. Frequently Asked Questions About Electronic Transaction
Standards Adopted Under HIPAA, updated September 8, 2000. Available at
6. American Society for Testing and Materials. Annual
Book of ASTM Standards, vol. 14.01. West Conshohocken, PA: American
Society for Testing and Materials, 2000.
7. Amatayakul, Margret. "Settings Standards in Health
Care Information." CPRI Toolkit, section 3.6. Available at http://www.cpri-host.org/toolkit/3_6.html.
8. Electronic Health Records: Changing the Vision, p.
9. Ibid, p. 99.
10. Annual Book of ASTM Standards, ASTM, vol.
11. Electronic Health Records: Changing the Vision,
12. Ibid, p. 104.
13. Frequently Asked Questions about Electronic Transaction
Standards Adopted Under HIPAA.
14. Cassidy, Bonnie. "HIPAA: Understanding the Requirements."
Journal of AHIMA 71, no. 4 (2000): 16A-D.
15. Available at www.healthkey.org.
16. Amatayakul, Margret. "Report on Uniform Data Standards
for Patient Medical Record Information." The National Committee on Vital
Health Statistics. Available at http://ncvhs.
Murphy, Gretchen, and Mary Brandt. "Health Informatics Standards and Information Transfer: Exploring the HIM Role (AHIMA Practice Brief)." Journal of AHIMA 72, no.1 (2001): 68A-D.