Practice Brief: Health Informatics Standards and Information Transfer: Exploring the HIM Role

HIM professionals need knowledge and tools to advance the use and value of health information. Technology can improve methods to collect, maintain, and transfer patient health information in electronic formats. To take advantage of what technology has to offer, we need to develop uniform practices, common techniques, or standards so that information can be communicated between individuals or points of care with disparate information systems. Institutional and inter-institutional strategies help the HIM industry to move beyond paper to safe, secure electronic methods to exchange health information. Standards development organizations help by offering guidelines and the experience of others for benchmarking change.

Framework for Developing Standards in the United States

Standards are models approved by an authority or by general consent and specify hardware or software, communications protocols, or data definitions (1). They are detailed guides that address health information and technology for text, images, instrumentation, and more. We adopt these standards to:

  • enable the electronic exchange of data between two or more computer systems by establishing the format and sequence of data during transmission to more efficiently accomplish interoperability between computer systems
  • reflect the existing clinical and administrative data contained in both paper and electronic data systems to maintain patient data consistently in growing electronic health record systems
  • transfer health data using predictable business processes and accommodate necessary ethical and regulatory demands
  • foster electronic transmission as a business strategy
  • promote efficient information sharing among individual computer systems and institutions

Standards are organized in four general categories: vocabulary, structure and content, messaging, and security. The categories of standards related to information transfer discussed in this practice brief are messaging and security standards and, in particular, selected organizations involved in these standards. "Relationships Between Standards" on page 68B illustrates how diverse standards relate (2).

Standards Organizations

Standards oversight in the United States is managed through the American National Standards Institute (ANSI), a private, nonprofit membership organization that serves as a clearinghouse for nationally coordinated voluntary standards, provides information on foreign standards, and represents US interests in international standardization work. In addition, ANSI is the sole US representative and member of the two non-treaty international standards organizations: the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) (3).

Standards development organizations (SDOs) address a variety of aspects of health information and informatics. For example, the American Society for Testing and Materials (ASTM) and Health Level 7 (HL7) target clinical data standards. Insurance and remittance standards are a focus of the Accredited Standards Committee (ASC) X12N Insurance Subcommittee. Standards to transmit diagnostic images are developed through ACR-NEMA, also known as DICOM (Digital Imaging and Communications in Medicine). Community pharmacy messages are represented by the National Council on Pre- scription Drug Programs (NCPDP.) The Institute of Electrical and Electronics Engineers (IEEE), HL7, ASTM, and others develop data models and frameworks.

Mandatory Standards

History tells us that legislation and regulation rely on established standards to form the expectations of the industry and the public. Regulatory developments frequently correspond to recognized healthcare standards such as those of the Joint Commission on Accreditation of Healthcare Organizations. Accreditation requirements for the Joint Commission and the National Committee for Quality Assurance (NCQA) call for specified content of patient records as well as contain policy requirements for confidentiality and security.

The most recent and major regulatory requirements for standards applications are contained in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (4). This legislation and resulting regulations call for data standards in the following eight claims and billing transactions as well as security standards in preparation and implementation of these transactions:

  • healthcare claim or encounter
  • enrollment and disenrollment in a health plan
  • eligibility for a health plan
  • healthcare payment and remittance advice
  • health plan premium payments
  • health claim status
  • referral certification and authorization
  • coordination of benefits

The mandatory transaction standards are adopted from the ASC X12N. In addition to these, standards for retail pharmacy transactions were adopted from NCPDP (5).

Explicit mandatory standards in the area of privacy and security were released in the proposed HIPAA privacy and security rules. ASTM standards that address policy and technical provisions for confidentiality and security generally correspond to the privacy and security provisions contained in the HIPAA legislation. Of particular interest in this area are the ASTM standards that address electronic authentication of healthcare information, guides for confidentiality, privacy, access and data security principles, authentication of healthcare information using digital signatures, technical security frameworks, information access privileges and more. Refer to The Annual Book of ASTM Standards for a more detailed listing (6).

Voluntary Standards

A voluntary consensus process gathers interested individuals from industry, consumer groups, specialty domains, agencies, professional organizations, and vendors to develop a concept and express it in a recommended course of action or standard. Then, a document is drafted to further refine the concept and work through details by an interactive voting process to assure that the completed standard has been accorded fair review prior to publishing.

The particular value in this process is that it brings together key players and allows the industry at large to come to agreements. When this happens in ways that further the public good, the federal government tends to look to these standards when regulation needs arise. Even though progress is in evidence in the HIPAA requirements' application of X12N transactions standards and PCPDP pharmacy transactions standards, voluntary work continues to develop standards for the benefit of the industry in vocabulary, structure and content, messages, and security. Refinements of existing published standards are ongoing; new standards are proposed as needs are identified.

Information Transfer and Selected Standards Development Organizations

Message format development is addressed by the following organizations: ASC X12N, ASTM, DICOM, HL7, IEEE, and NCPDP. We will consider the following SDOs for their role in information transfer:

ISO: An ISO standard for worldwide communication, the open systems interconnection (OSI) reference model is designed to organize standards within seven layers to provide a framework that ensures that devices and software from different vendors can work together (7). This model defines the rules for transmitting data across a network. Note the levels and their function in "Levels for Transmission of Healthcare Data," page 68C. Each layer is responsible for a particular aspect of com- municating data. While transmission details for the lower levels may be used across industries and applications outside of healthcare, HL7 has developed standards to address the specific application level for healthcare (8).

ASC X12N: the ASC X12N Insurance Subcommittee develops and maintains X12 standards, standards interpretations and guidelines, and UN/EDIFACT* messages relating to personal and corporate insurance, pension funds, medical records associated with insurance administration, state and federal reporting requirements, and reinsurance administration. These standards are identified for use with HIPAA implementation (9).

ASTM: organized in l898, ASTM publishes standard test methods, specifications practices, guides, terminologies, and classifications. ASTM E1384 and E1633 Standard Coded Values for Electronic Health Record Data provide a model for data dictionary development for institutional electronic health records (10). These standards specify data dictionary definitions and characterizations that have been reconciled with data elements in HL7 and X12N. ASTM E1869 Standard Guide for Confidentiality, Privacy, Access, and Data Security Principles for Health Information Including Computer Based Patient Records provides explicit direction to policy design in this area. Examples of additional E31 standards subjects are transcription, XML, terminology, personal health records, and technical security provisions.

HL7: founded in l987, HL7 refers to the application level or the highest level of the ISO model for worldwide communication (11). HL7 has developed detailed messaging standards, which enable the electronic exchange of data between two or more disparate computer systems by establishing the format and sequence of data during transmission. These provide specifications for exchanging information among computer systems and when sending information between organizations. The term "HL7 compliant" refers to vendor capability to offer interoperability using HL7 standards and the language HL7 compliance may be included in contract language for commercial vendors.

NCPDP: NCPDP develops standards that define how to send prescription information from pharmacies to payers, for prescription management services, and for receiving approval and payment information back in near real time. By the late 1990s, more than 90 percent of community pharmacies and nearly 70 percent of outpatient prescription services used NCPDP standards. Like ASTM, this organization strives to coordinate and work with HL7 and X12N to improve coordination of drug prescription messages of HL7 and billing messages of X12 (12).

Practical Actions for HIM Professionals

Health informatics standards will play significant roles as electronic data management increases. It is important that HIM professionals move beyond general familiarity with informatics standards to specific knowledge acquisition in order to serve as a profesisonal resource to healthcare organizations. Following are practical steps to consider:

  • Establish a file on health informatics standards and begin to build your knowledge level in this area. Become an expert on standards that affect patient data and health information business processes. Even though standards are evolving, we can not afford to defer to others on this topic. At a minimum, understand the relationship and major topic areas for X12N, ASTM, HL7, and NCPDP. Exploring additional standards can follow.
  • Acquire information about the HIPAA regulatory requirements for eligibility, claims processing, and billing. Become familiar with HIPAA compliance plans and understand how these requirements affect your organization. Understand the implementation timelines (13).
  • Investigate the data systems in your organization that are used in eligibility, claims, and billing processes governed by HIPAA. Verify HIM business processes that connect to these functions. Determine whether data definition or format changes need to be planned in preparation for regulatory implementation. See that related HIM processes are updated as necessary.
  • Investigate the ASTM policy and technical standards for confidentiality and security. Correlate these with the HIPAA privacy and security regulations to help develop organizational compliance plans (14). Serve as a resource to your organization for requirements on privacy principles and practices, patient authorization, notification, and other provisions. A recent HealthKey Privacy Advisory Group report, "A Framework and Structured Process for Developing Responsible Privacy Practices," includes tables that compare HIPAA requirements with several SDOs' recommendations (15) .
  • Access information on HL7 and understand how HL7 fits into the information systems environment generally in healthcare organizations.
  • Determine if HL7 standards are used in your organization. Note that although HL7 message standards may be adopted in your organization, the manner in which the standards are used can be highly customized so those vendors can accommodate product variability, among other reasons. Investigate how your organization uses message standards.
  • Keep pace with the healthcare industry's standards development and professionally endorse these efforts. NCVHS calls for recommendations to strengthen government roles in standards development and acceleration though funding and agency accountability. The Guiding Principles for Selecting Patient Medical Record Information Standards for NCVHS Use employ the following criteria and more:

    - improve the efficiency and effectiveness of the health system for delivering high-quality care

    - meet the data needs of the health community, particularly providers, patients, health plans, clearinghouses, and public health organizations.

    - will support making patient data available in the least personally identifiable form practical when used or disclosed for intended purposes

    - will include strong protections for privacy of patients where applicable

    - will be consistent with the other HIPAA standards (16)

  • Join a standards development organization. HIM professionals' contribution to this work is essential to assure comprehensive attention to health information business processes. Membership fees are often nominal and progress can be tracked through mailings or through personal participation in development sessions. ASTM meetings are held in conjunction with the American Medical Informatics Association and the "Toward An Electronic Patient Record" annual meetings.

HIM professionals are in a position to reinforce the application of standards in the healthcare community and educate their colleagues about them. Their priorities and emphasis on health informatics standards helps set expectations for health information customers-from patients to providers of all kinds. Standards advocates contribute to the longitudinal view of health information within and among systems by calling for unified expectations about how data is defined, stored, and transferred to meet the users' needs. Become an activist in development and application.

Prepared by

Gretchen Murphy, MEd, RHIA
Mary Brandt, MBA, RHIA, CHE


Gwen Hughes, RHIA
Karen Grant Harry Rhodes, MBA, RHIA


1. Brandt, Mary D. "Health Informatics Standards: A User's Guide." Journal of AHIMA 71, no. 4 (2000): 39-43. Available at


2. Murphy, Gretchen M., Mary Alice Hanken, Kathleen A. Waters. Electronic Health Records: Changing the Vision. Philadelphia, PA: W.B. Saunders, 1999, page 100.


3. International Organization for Standardization Web site:


4. Health Insurance Portability and Accountability Act of 1996. Public Law 104-191.


5. Frequently Asked Questions About Electronic Transaction Standards Adopted Under HIPAA, updated September 8, 2000. Available at


6. American Society for Testing and Materials. Annual Book of ASTM Standards, vol. 14.01. West Conshohocken, PA: American Society for Testing and Materials, 2000.


7. Amatayakul, Margret. "Settings Standards in Health Care Information." CPRI Toolkit, section 3.6. Available at


8. Electronic Health Records: Changing the Vision, p. 103.


9. Ibid, p. 99.


10. Annual Book of ASTM Standards, ASTM, vol. 14.10.


11. Electronic Health Records: Changing the Vision, p. 102.


12. Ibid, p. 104.


13. Frequently Asked Questions about Electronic Transaction Standards Adopted Under HIPAA.


14. Cassidy, Bonnie. "HIPAA: Understanding the Requirements." Journal of AHIMA 71, no. 4 (2000): 16A-D.


15. Available at


16. Amatayakul, Margret. "Report on Uniform Data Standards for Patient Medical Record Information." The National Committee on Vital Health Statistics. Available at http://ncvhs.


Article citation:
Murphy, Gretchen, and Mary Brandt. "Health Informatics Standards and Information Transfer: Exploring the HIM Role (AHIMA Practice Brief)." Journal of AHIMA 72, no.1 (2001): 68A-D.