Ensuring Data Integrity During Health Information Exchange

By Mary Butler

When handled poorly, the process of health information exchange can mimic the classic childhood game “Telephone.” Even though the person who kicks off the game whispers a message as clearly as they can to the person next to them, by the time the message has been passed around the circle, the final recipient of the message often has heard something completely different. The game can become an object lesson for showing how gossip gets started and misinformation is shared. Without a layer of quality assurance, each link in the chain is an opportunity to muddle the truth.

This same thing could happen when a hospital is asked to share a patient’s record with a provider in the same system, or with another entity entirely, through an established health information exchange (HIE). Without strict data integrity measures in place or even a standardized method to improve patient identity matching, health data is vulnerable to corruption whenever it changes hands.

The “meaningful use” Electronic Health Record (EHR) Incentive Program succeeded in getting providers to switch from paper records to electronic ones, but it did very little to improve how those electronic records are shared. The Office of the National Coordinator for Health IT (ONC) has revamped “meaningful use” and given it a new name—the “Promoting Interoperability” program—which reflects the federal agency’s focus on improving health data exchange. The rise of accountable care organizations and planned crackdown on the practice of “information blocking” by the federal government has also increased the potential for health records to be exchanged.

The ongoing increase in health information exchange has raised questions about how health information integrity is preserved and ensured when exchanging records within a healthcare organization as well as between organizations (and with patients). This responsibility often falls on health information management (HIM) professionals, charged with balancing patients’ right to privacy with the need for access for legitimate uses.

As more health information exchanges (HIE as a noun) gain provider members, and providers start exchanging more health information amongst themselves (HIE as a verb), HIM professionals can use their information governance (IG), data governance, and HIPAA expertise to implement best practices in data exchange. In addition to looking at healthcare organization exchange, this article will examine how formal HIE organizations ensure data integrity—discussing their challenges and successes as health information exchange steps into the national spotlight.

Protecting the Data through Integrity Challenges

While the ultimate goal of HIE is to make sure that health data is accessible wherever and whenever it’s needed, it’s useless at best—life-threatening at worst—if it’s not accurate. HIM professionals are the experts at preserving data integrity, whether it’s staying on top of duplicates and overlays in EHRs, managing the master patient index, or acting as strong stewards of data by monitoring core clinical systems.

Lou Galterio, president of Suncoast RHIO, a for-profit HIE organization based in Florida, says the extent to which an exchange is responsible for data integrity depends on what type of exchange they are. Some HIEs just consider themselves to be data repositories whereas others have a more hands-on approach and are directly involved with the exchange of information. His regional health information exchange is required by the Centers for Medicare and Medicaid Services (CMS) to thoroughly audit a certain percentage of the data that goes through his doors.

“When we work with CMS or physicians we have a statistical approach that says we’ll randomly look at a percentage of the data we get and we’ll audit it to death. And we do that… if we see red flags or indicators that suggest fraud, we have to let CMS know,” Galterio says, specifying that this auditing is focused on quality measure reporting.

Galterio works with several contracting firms for help in this auditing, which he says can only be done by individuals with clinical backgrounds, which includes HIM professionals who know the ICD-10 and CPT codes, and who can abstract and evaluate quality measure specifications. “I would need four or five strongly qualified people and skilled technical people. There’s no way to do this without clinical people looking at it. No artificial intelligence program will do this. Every doctor is different,” Galterio says.

Arguably, one of the biggest challenges in maintaining data integrity is the lack of a standard for patient identity. Tamara Montroy, MS, RHIA, CCS, the executive director of HIM services at Drexel Medicine, in Philadelphia, PA is her organization’s contact for the regional health information exchange, called HealthShare Exchange (HSX). Montroy says she’s proud to work for an organization that recognizes HIE as a core function of HIM professionals. Like many HIM professionals working with HIEs, she laments the lack of standardization for patient naming conventions.

“To a certain extent, it would be great if we could all get on the same page with the standard data we collect at registration, at least insofar as our region within [the] HIE. One day we need to get there at the national level because it’s getting easier and easier to share information, but without standards it’s pretty labor-intensive to make sure the integrity of the data you’re sharing is there,” Montroy says. “I really think we need to come to an agreement on how we name patients.”

Another issue is “identifying whether patients are still ours,” Montroy says. “Our patients won’t be seen in our practices for five to seven years, but we’ll get a document from another hospital that files into our EMR, and we need to figure out some rules about whether to accept that,” because a lot of time gets misspent following up on records improperly entered into the exchange.

For instance, Drexel Medicine has a population health team that acts on information they see in the exchange. If they see that one of their patients was admitted to another hospital in the region, they will call that patient and ask if they want to make a primary care appointment. And, as is often the case, that patient will have long ago switched primary care physicians (PCP), but their intake forms at the other hospital listed an outdated PCP.

“I really struggle when people compare this to banking—they say ‘Why don’t you use the banking model?’ It’s because everybody needs healthcare and not everybody uses a bank. So it really puts the ownership on the patient to make sure that when they’re being treated, they’re given the right information,” Montroy says.

Patient matching isn’t just a problem for the individual providers participating in HIE—it’s a challenge for exchanges themselves. Joanna Pardee-Walkingstick, an integrations specialist at the Georgia Regional Academic Community Health Information Exchange (GRAChIE), says their team does a lot of manual maintenance of duplicates, a process that includes engaging HIM professionals for help.

“The capturing of the information does start at the provider level. The aggregation merging and pulling together records for individual patients does land on the shoulders of the HIE. The health information exchange can leverage technical tools available within the system and institute administrative polices to help kind of make sure that the patient ID MPI manager stays clean and doesn’t get overloaded with duplicates,” Pardee-Walkingstick says.

Particularly problematic are when the records of twins are entered into the exchange. She recalls one specific case of twins where the parents gave the babies different names, though the spellings were nearly identical. Baby One was Michaela (pronounced mi-kay-la) and Baby Two was Michayla (pronounced mi-kai-la).

“From the twin set, it’s easier to manage as they become adults—they’ll have different addresses, which helps, but when they’re still part of the pediatric population, the young pediatric population, it can be a challenge and we have to be diligent,” Pardee-Walkingstick adds.

Another important data integrity function involves keeping sensitive health information—chemical dependence records, HIV status, mental health notes, etc.—properly protected.

This was a particular problem when Lee Wise, MS, RHIA, CSCO, currently the director of HIM at Clinch Valley Medical Center, worked at an AIDS clinic in California where she was involved in setting up a HIE. This facility was cutting-edge in every sense—from technology to free mental health services. However, this made virtually all of the information generated at the clinic fall into the “sensitive” category.

“The HIE wanted to have everybody automatically opt [their information] into the exchange. They didn’t want to give them the opportunity to opt out. That would’ve made all of the data flow into the HIE. The big concern there was that information would be sitting in a big pool—which is preferable when you’re looking to the hospital they get admitted to all the time,” Wise says.

To get as much information into the exchange as possible, each patient was asked during each encounter whether they wanted to opt in and have that visit’s information added to the exchange. If a patient came in for something like a colonoscopy, they would say “No way, don’t include this information,” Wise says. But if the patient was coming in just for a medication check, they would tell Wise they wanted to opt in the information. This struck Wise as counterintuitive for a patient with HIV, as anybody looking at their medication list would assume just based on the names of the drugs that the patient was HIV positive. Yet the patients felt colonoscopy notes were more sensitive. On the occasions where key information wasn’t added to the exchange because the patient opted out but required follow up, Wise would end up faxing the test results to the other provider, defeating the efficiency a HIE is designed to facilitate. Plus, faxing documents isn’t necessarily a more confidential means of exchanging records, Wise notes, given that she’s seen cases where providers may reconfigure their fax numbers, leading sensitive information to be sent somewhere else entirely.

“So it [the data ultimately put in the exchange] wasn’t a complete picture of the patient. You could have the results from an endoscopy that uncovered serious issues and they’d be sent for follow-up, but they wouldn’t go to the follow-up and the receiving doctor wouldn’t have access to that report and wouldn’t have info on a serious issue,” Wise says.

Another integrity issue Wise encountered was letting a release of information (ROI) vendor handle data exchange. She says a vendor she employed lacked a requisite layer of quality assurance.

Wise now works in a rural facility in Virginia, where most providers’ EHRs aren’t robust enough to enable information exchange—and even sharing information within the same organization is still difficult.

“I can give you an example. We do nerve conduction studies and because they’re paper records, they scan them in [into the system] and courier them over to a physician’s office… because we don’t have an exchange set up here. The exchange is Mr. Courier getting into his car,” Wise explains.

Another lingering data integrity challenge for HIEs is just keeping track of where all of the data and records live in an organization’s systems, and being able to data map that info between an organizations’ different systems. This is critical because when it comes time to exchange records, one knows where to pull all the info. “Make sure they [systems] speak the same language internally, which will help preserve the integrity,” says Kristi Fahy, RHIA, information governance analyst at AHIMA. “There is a lot of work to do to make sure that data mapping and system mapping actually function properly.”

This is achieved by having good data stewardship. A best practice is the need to assign data stewards to core clinical systems, since they can then help set accountability and manage how records should be maintained.

A data steward is a formal role or set of roles that include responsibility and accountability for data across the lifecycle and enterprise, and includes a number of tasks, according to Fahy. Organizations can also hire a data integrity analyst who works with the data every day. These data stewards are quality monitors. An HIM director would be the data owner, and then staff would be assigned for stewardship. In short, good information governance practices are key to ensure data integrity during health information exchange.

Benefits of HIE

Providers may not see immediate, tangible, or financial benefits to participating in a HIE. Likewise, HIE proprietors aren’t likely to see an immediate return on their investment when they launch one. However, when a hospital finds that they have been able to prevent a patient from bouncing back into the hospital within 30 days of discharge due to swifter care coordination with an inpatient rehab facility, the savings should be persuasive. A big driver for HIE is healthcare’s Triple Aim: improving the patient experience (including quality and satisfaction); improving the health of a population; and decreasing per capita costs.

Lou Galterio, president of Suncoast RHIO, a for-profit HIE organization based in Florida, likens the experience of participating in a regional health information exchange like his to using the post office. “People don’t just send letters to the post office—there’s got to be a purpose behind it. They’ll only send a letter when they know there will be a recipient at the other end,” Galterio says. By the same token, Galterio explains that providers and the hospitals that are his RHIO clients don’t see any value in giving all their data to Suncoast without a specific request because their data is their own strategic asset. Likewise, he doesn’t see value in taking his clients’ data—he just passes it along where it needs to go, as needed.

“The only time they see value is when there’s a transaction that takes place. They have to exchange data in order to have that transaction occur,” Galterio says.

That transaction comes in the form of savings when a hospital doesn’t have to do a redundant diagnostic test on a patient, like a MRI or EKG, because it’s able to access a new patient’s record through a HIE. Medicare’s successful bundled payment programs for procedures such as joint replacements is fruitful territory for HIEs as well. In that payment model, Medicare pays providers a lump sum for the entire procedure and aftercare, rather than paying a provider for each service. This payment structure rewards information sharing—for the hospital or surgical center where the surgery was performed, the inpatient or outpatient rehab center the patient goes to for physical therapy, and their primary care provider who oversees their care. Galterio says Suncoast is working on a project with the Centers for Medicare and Medicaid Services (CMS) that uses Direct protocol to track patients when they’re discharged. Galterio thinks HIEs and bundled payments hold promise for the future.

Natural disasters have proven to be an ideal testing ground for HIEs. Such was the case with the Georgia Regional Academic Community Health Information Exchange (GRAChIE) when Hurricane Irma forced evacuations in parts of Georgia, Florida, and coastal areas of South Carolina in 2017. During Hurricane Irma, GRAChIE’s goal was to connect with networks located in evacuation zones to make patient data available to providers for continuity of care as evacuees sought treatment and medication refills.

GRAChIE rates its own success and performance during a crisis like this by counting “patients discovered,” which refers to the initial communications between networks and across state lines known as the patient discovery, according to Joanna Pardee-Walkingstick, an integrations specialist at GRAChIE.

“At GRAChIE, we track successful patient discoveries as a focus of our metric and activity reporting. A successful patient discovered equals a patient match in both systems and is most likely to be followed by clinical document exchange,” Pardee-Walkingstick says. “‘Patients discovered’ is the most consistent metric we’ve found for tracking clinical data exchange between networks as the count is within the context of the patient rather than message count or clinical document count.”

She notes that one clear-cut example of the HIE’s success came when one connected hospital, Memorial Health, in Savannah, GA, evacuated at least 60 NICU patients to another connected hospital closer inland in Augusta, GA.

“That was a very specific use case where members immediately said, “All of that patient’s information is available here in GRAChIE, let’s use them in your system, it’ll pull everything from us.’ So that’s a very good example of how it acted in a mass evacuation example,” Pardee-Walkingstick says.

Measuring Success in HIEs

There is wide variation in the size, scale, and types of health information exchanges. Suncoast RHIO is supported by paying clients who may well be subscribed to several exchanges. GRAChIE thrives on member and EHR vendor fees without assistance from federal grants. Then there are other models, such as the Sequoia Project, a non-profit/private collaborative with member entities including the biggest EHR vendors, providers, retail pharmacies, ROI vendors, insurers, state exchanges, and government entities such as the Social Security Administration, the US Department of Defense, and numerous others.

Mariann Yeager, MBA, CEO of the Sequoia Project, says it’s difficult to characterize the financial health of exchanges due to the diversity of the regions they serve and the value proposition they provide locally. “HIEs, for profit or nonprofit in our mind, based on my experience with these folks, is that successful HIEs have figured out the business value and the services and the information that they can deliver to those who use it. They’re very tied into the healthcare provider/patient/payer community. They’re tech-savvy, too, and they tend to not entirely outsource technology to a vendor,” Yeager says.

The perceived success of a HIE isn’t based on financials alone. Another indicator is the number of providers and patients a HIE is able to serve and serve well. By that measure, HIEs like Sequoia are succeeding. Due to the variety of its members, Sequoia Project has more influence over the “rules of the road.” Since they represent so many types of providers and payers and encompass so many stakeholders, the consensus they can build around data integrity can set an example for other exchanges trying to do the same thing.

“The first thing is to get everyone to agree to what is appropriate and reasonable and that does require some concessions and nuances. I think any top-down edict—without it being shaped and formed and defined by the communities—has the risk of being a little disconnected. And the thing is, we won’t always get it right… these rules have been tweaked and refined,” Yeager says.

For example, Sequoia member organization Intermountain Healthcare conducted an in-depth analysis of patient matching practices. Based on what Intermountain found, Sequoia was able to collaborate with the communities they work with and publish a set of rules for public comment and convened another workgroup to further update the rules. “The idea was to create resources HIM professionals can use internally to really have a sense of how they can improve patient matching rates when they’re exchanging with other organizations,” Yeager says.

While major challenges like patient matching and the protection of sensitive information won’t be solved overnight, having so many parties working together to reach a consensus bodes well for the future of HIE. The bottom line is that HIM professionals still have a strong role in this vision for HIE.

Mary Butler (mary.butler@ahima.org) is associate editor of the Journal of AHIMA.

Article citation:
Butler, Mary. “Ensuring Data Integrity During Health Information Exchange.” Journal of AHIMA 89, no. 10 (November-December 2018): 14-17