New Health Information Exchange Networks Pop Up Despite Recent Breach

Highmark, Inc. is the next health insurance company to develop its own network that would allow doctors and hospitals across Pennsylvania to easily share electronic health records. Although details on the plan have not yet been released, Aaron Billger, spokesman for the company, said the network is planned to be available to hospitals and doctors across the state. With statewide membership, the company is Pennsylvania’s largest insurer of health.

According to a recent article, Pennsylvania state officials had been considering one centralized exchange for all hospitals and doctors within the state, but officials have since backed away from that model in favor of letting hospitals decide for themselves if they want to create an exchange and how to do it, said Dan Egan, a spokesman for the state’s E-Health Collaborative that is now developing the communication standards.

This newest move in the development of health information exchange was sparked by a $17.1 million grant  to the Pennsylvania Office of Health Care Reform last year from the U.S. Health and Human Services Department. The grant is intended to create standards for sharing electronic medical records in Pennsylvania. The office has estimated that sharing medical records around the state could reduce health care spending in Pennsylvania by $2.8 billion over five years.

Pennsylvania is not the only state benefiting from the grants. Development of organizations to promote health information exchanges is being supported financially by statewide health grants from the Office of the National Coordinator for Health Information Technology. These grants were legislated into the HITECH components of the American Reinvestment and Recovery Act in 2009. These organizations (sometimes referred to as  Regional Health Information Organizations, or (RHIOs)) are usually geographically defined entities which develop and manage a set of contractual conventions and terms, arrange for the means of electronic exchange of information, and develop and maintain HIE standards.

New Hampshire is another state to take advantage of the funding to launch its Health Information Organization, the NH-HIO, developed with the help of the New Hampshire Department of Health and Human Services Office of Health Information Technology, the Massachusetts eHealth Collaborative, and the New Hampshire Institute for Health Policy and Practice, as well as over 80 stakeholders.  

 These exchanges and electronic medical records are being promoted by the federal government as a way to reduce medical errors, prevent duplicative treatments and reduce costs. An exchange would allow a doctor to quickly pull medical records for a patient he or she is treating, no matter where that patient may have been treated in the past, and have access to all of a patient’s medical information.  

“If I could snap my finger and have one thing transform the quality of care in the country, it would be that everyone would have an electronic health record that would be universally accessible,” Joseph McCannon, Senior Advisor to the Administrator, Centers for Medicare & Medicaid Services (CMS). The Department of Health and Human Service’s ONC recently released a video, “The Future of Health Care: Electronic Health Records,” which highlights the benefits of electronic health records (EHRs) using commentary from various leaders in health information technology.  

With all the hype over electronic health information, however, there is still much room for concern, as evidenced by the recent incident with KPMG, Inc. showing that even HIPAA monitors can have a data breach.  The breach occurred in June 2010, when a KPMG employee lost an unencrypted flash drive that may have contained a list with patient names and information about their care. Eight months later, KPMG was chosen by the Office of Civil Rights to develop a HIPAA auditing protocol and conduct audits on 150 covered entities and business associates before Dec. 31, 2012.  

It it still human error that leaves the most room for concern. It is too easy for health care providers to copy patient information onto flash drives, laptops or other unencrypted devices and these are easily lost or stolen.  Somehow, health care organizations must develop a way to monitor these situations and keep the breaches under control. Perhaps the new Information Technology graduate program will help, as they are part of an innovative program aimed at using modern data technology to dramatically improve the U.S. health care system, funded significantly by ONC. With the proper training and tools, breaches like KPMG will hopefully be fewer, and the electronic health records initiative will continue to grow.