Department of Health Informatics and Information Management
FINAL PROJECT: Health Information Exchange
Focus on CONSENT for Use and Exchange of Health Information
I. Objectives ? The purpose of this case study is to:
1. Provide critical thinking and problem solving skills related to interoperability.
2. Demonstrate proficiency in data extraction and display.
3. Improve knowledge and understanding of regulatory implications related to exchange of PHI.
4. Demonstrate an understanding of project management skills.
5. Apply analytical skills in creating policy.
II. Organizational Description:
The Health Information Exchange Organization (HIEO) was launched several years ago with the goal of helping lowering the state?s staggering healthcare expenses and improve the state?s consistent poor rankings in leading health indicators, including obesity, smoking, diabetes and heart disease. Improving healthcare through enhanced use of information technology and data exchange is the heart of what we do. We manage one of the country?s largest and most successful health information exchange (HIE) networks, provide advisory services that help healthcare professionals effectively use technology and improve care delivery, and supply health plans and accountable care organizations (ACOs) with valuable data that enhance analytics and population health programs. We?ve been in existence for several years and now have the majority of the state?s hospital providers and have many physician, reference lab, diagnostic radiology centers, mental health providers and other providers participating in our exchange. All participating organizations send electronic health information to the exchange including hospital transcribed documents (H&Ps, Discharge Summaries, Operative Reports, etc.), lab results, diagnostic radiology results and other clinical documentation.
As an independent, nonprofit organization, we are dedicated to serving all of the state?s healthcare stakeholders including physicians, hospitals, behavioral health, emergency medical services, public health, long-term care, laboratories, imaging centers, health plans, communities and patients. We are self-sustaining and our funding comes from a fee-based subscription model. We were previously the recipient of three grants focused on building capacity for statewide health information exchange, including two grants from the American Recovery & Reinvestment Act (ARRA) HITECH program.
Our Mission is: Through information exchange we improve health and healthcare.
Our Vision is: Patients will be measurably healthier as organizations and individuals that contribute to health and healthcare effectively utilize information provided by the HIEO to continuously improve patient care and population health.
1. Type of organization: State Health Information Exchange
2. Number of patients served, number of admissions etc.: Over 4.5M patients are represented in our exchange database, representing over 75% of the state?s population.
3. Staff: The executive team is comprised of our CEO, CIO and CFO. We also have marketing and sales staff, administrative and finance staff and technology staff who support our exchange database and create and manage HL7 interfaces between our database and each participating organization?s system. In the past year, with the launch of our Information Governance (IG) program, we have added a Chief Data Officer (CDO) and five Data Integrity Specialists to our team.
II. IG Program Description:
In partnership with the communities and people we serve, we have expanded our data use policies with the goal of improving the integrity and quality of the data we store on each patient. We created an HIM Steering Committee, chaired by the CDO, to provide oversight to our IG activities and it is comprised of HIM and IT professionals from our member organizations. This Steering Committee creates a report on a quarterly basis that is presented at the HIEO board?s meeting and a more detailed report presented monthly to the HIEO?s executive team. We have developed policies and procedures to guide our Data Management processes. These policies cover data management oversight, data management responsibilities, types of data management staffing required, staff training requirements, quality assurance processes and reporting, and accountability and authority of the HIEO, the Steering Committee and the CDO.
We are also a participant in the eHealth Exchange initiative, a group collaborating on and working toward interoperable health information exchange, and DirectTrust, a non-profit, competitively neutral entity created by and for participants in the Direct community, including HISPs, CAs and RAs, doctors, patients, and vendors.
1. Staff: Currently 6 FTEs; Chief Data Officer is required to be a Registered Health Information Administrator
2. How long in place: Chief Data Officer for 2 years; Data Integrity Specialists for 2-6 months
3. Culture: The first few years of the HIEO?s existence showed an entrepreneurial culture where each employee was empowered to make decisions to support growing the HIEO. While initially supportive of the growth, after time as it grew, the organization became disorganized as their efforts were too much in silos. We began receiving complaints from our members about not being able to find all of one patient?s information in the database. The executive team pulled together and developed a strategic plan to not only focus on growth but also on developing a culture of teamwork, mutual trust and quality services.
4. Data System: The HIEO utilizes a centralized model for its data exchange. It stores the clinical data for each patient and organizes that data in a single record for the patient. This is accomplished through the databases ?backbone?, its Enterprise Master Patient Index (EMPI). Its exchange capability provides the sharing of continuity of care documents (CCD), results, transcribed documents, medication and problem lists and links to diagnostic images.
III. Prior State Analysis:
1. How was information organized prior to the IG program?
Participating organizations send interface transactions into the HIEO?s database and contain information such as lab results, diagnostic imaging results, etc. These interface transactions had to meet basic record match criteria such as matching on the Assigning Authority from the sending organization and medical record number (or other unique patient identifier for that organization.) If the transaction did not meet that first level of record match a demographic data match was attempted. The last name, first name, date of birth and address was used to determine if a record for that patient already existed in the database. If these four elements matched exactly, the transaction was posted to the existing record. If it did not meet these four criteria, a new person/patient level record was created in the HIEO database and the transaction information posted to the new record.
Additionally, transactions were evaluated to determine that minimum record and patient identity data fields were populated including assigning authority, medical record number (or corporate medical record number), patient?s last name, first name, date of birth and gender. If these basic minimum requirements did not exist, the transaction failed to post to the HIEO database.
No communication was sent to the participating organization regarding failed messages. Additionally, no data integrity assessment was done on transactions received to determine whether data values were populated with default data values and therefore no reporting was provided back to the sending organization on the quality of the data they sent.
Describe data management program:
Following the completion of the HIEO?s new strategic plan, the CDO was hired to implement a new data management program. Initially she had queries run on the HIEO database to identify the volume of records with inadequate population of key record matching data fields including the patient?s last name, first name, middle name, date of birth, gender, last four of the SSN, address and telephone number. She analyzed the results of these queries to stratify them by member, date ranges of transactions received and each individual data field.
New policies and procedures were then developed to describe minimum data requirements for patient identity, record matching guidelines, duplicate record validity decision-making, interface requirements related to minimum data and data mapping, interface test plans with scenario use cases and testing scripts, data integrity evaluation and maintenance processes, record correction/merging procedures, reporting of data integrity issues and duplicates to provider members and data integrity reporting. These policies and procedures were presented by the CDO to the executive team. Following the initial approval by the executive team, the CDO presented the program and the policies to the full board and they were approved. The data management program was now official.
Eighteen months ago the CDO began presenting to the executive team monthly reports on member data integrity and quality. A high-level data integrity report was provided a year ago to the HIEO board which showed by member (anonymously) the percent of transactions the HIEO received with blank or default values on key demographic data values. Additionally, research into new record matching algorithm and data integrity products was completed and a product was selected that can be integrated into the existing HIEO platform. After receiving the data integrity report and the financial proposal for the record matching/data integrity product (?identity management? product), the board approved the acquisition of this new technology. This new product utilizes an advanced record matching algorithm that is error-tolerant of typical data discrepancies across multiple records for the same patient. It also has a workflow tool that allows for efficient review of possible duplicate records, error queues for data integrity issues and the evaluation and reporting of such and to support management reporting needs. It was implemented six months ago.
Additionally, in the past year, the CDO began hiring data integrity staff to monitor the daily error logs and aggregate results from these error logs weekly and provide this data to the CDO. Initially these specialists were only able to monitor and aggregate results from the error logs. Subsequent to the implementation of the new identity management product the specialists are now reviewing the potential duplicate queue in addition to working the transaction error queues. One specialist was appointed as Data Manager and she is responsible for compiling the reports to each member organization regarding the summary of data integrity issues on a monthly basis. Additionally, she provides a list of the data integrity issues for the applicable member?s records. Another responsibility she has is to summarize the intra-facility duplicates sent to the HIEO by each organization and provide that report monthly to the CDO. She also provides each member with a list of their intra-facility duplicates in order for the member organization to resolve these possible duplicates in their source system.
The CDO designed dashboard reports for presentation to the executive team and the board generated from the identity management product. These reports will address the HIEO?s strategic initiatives and goals set forth by the executive team, HIM steering committee and board.
After the implementation of the identity management product a data analysis of the entire HIEO EMPI database was completed. This analysis identified a 30% cross-organization duplicate rate, intra-organization duplicate rate of 8% and several data integrity issues including 35% of the records having a blank value in the last 4 digits of the SSN, 70% of the records missing a middle name value and 10% having a default value in the date of birth field. All of these data integrity issues severely compromise the HIEO in successfully matching records for the same patient from different member organizations. The HIEO set a goal of reducing cross-organization duplicate rates to less than 5% which was approved by its board and communicated to its members.
The CDO created a plan to resolve the duplicates, work with member organizations to improve patient identity data capture processes in each organization and begin a monthly reporting process to the members, the executive team and the board. The plan included creating a data dictionary with definitions of key patient identity demographic data elements to be shared with all members, documenting the HIEO?s EMPI data model, working with the HIEO technical team to ensure appropriate data mapping of values in transaction messages sent into the HIEO, contracting with an identity management cleanup company to resolve cross-member duplicates, providing members with their intra-organization duplicates and summary reports. Summary reports included data integrity statistics and data patterns, member duplicate rates and overall cross-organizations duplicates with the HIEO database created due to incomplete or discrepant data.
Following the initiation of the reporting and post the cleanup, the HIEO was able to reduce the cross-organization duplicate creation rate to less than 10%, and an improvement in data capture of SSN, middle name and date of birth. Intra-organization duplicate rates only dropped to 6%. These results allowed the data integrity team to successfully manage these issues and provided the needed information for the CDO to continue to work with member organizations on data integrity improvements in each organization. The number of complaints filed by member organizations and providers dropped 50% and it is expected they will continue to decrease as subsequent efforts by the HIEO and member organizations continues.
IV. IG Drivers:
The HIEO began to get complaints from participating physicians and other organization members regarding four major issues:
a. Results and other information from the incoming transactions were posting to the wrong patient (overlaid records)
b. Duplicate records existed in the HIEO?s database for the same patient sent from each sending organization.
c. Lack of accountability to ?cleanse? source system to assure information is valid.
d. No reporting back to sending organizations regarding the quality of the data they?re submitting or the sending organization?s duplicate records.
As specific examples were researched, a fifth challenge was identified. This was related to the HIEO?s system having immature tools to identify, resolve duplicate records and pull apart data from an overlaid record.
V. IG Program Structure
The Executive Vice President (EVP) for HIE Network Integration serves as the accountable executive for the exchange program. S/he shall have the authority to delegate strategic alignment to other accountable executives in the HIEO and has delegate. The Chief Data Officer (CDO) is the strategic executive charged with strategic development of the IG program as noted previously.
As a clinical data repository (CDR), our HIE is structured as a ?centralized? exchange model. Participating organizations shall sign a Business Associates Agreement (BAA) which outlines the accountabilities of the HIEO and the participant. Our organization has established an infrastructure and IT governance process that manages and keeps secure all data contained within the CDR. The HIEO is accountable for assuring version control of software, DURSA requirements for exchange, any necessary dispute resolution. The CDR meets all of the Direct Trust requirements for interoperability. The exchange of information is done via continuity of care documents (CCD?s) and a subset of information from each participating organizations electronic medical record (EMR). All organizations must have attested to meaningful use and have a fully functional EMR which can interface with the HIE; a ?common? EMR is not a requirement. The participant organization is responsible for managing all IT interface connection testing while incorporating the HIEO testing standards and ?build?. Participating organizations are responsible for managing their consent and authorization process consistent with state/federal requirements, maintaining appropriate auditing processes for users, maintaining secure log-on requirements and complex password maintenance. The HIEO and the provider organization will work in a collaborative manner to resolve any security threats or breach events that might result. The HIEO shall stipulate to ?good maintenance? requirements as a part of their oversight and administrative duties. Servers with maintain the CDR data is maintained off premise in the organizations data center with redundant servers located in a separate location.
The HIEO has an established information governance (IG) program to support the EMR and the CDR. The framework for IG follows the tenants described by the American Health Information Management Association (AHIMA) and the American Record Management Association (ARMA).
The IG program has established an HIM steering committee as its governing body. At the time of development, a project management (PM) approach was taken in order to assure stakeholder involvement and strategic alignment. This organization has a centralized approach to IG within the organization. There is a centralized authority led by the EVP and CDO with a secondary group of leaders from across the organization that provides control and decision-making authority for information obtained at the enterprise level. There are subgroups with responsibilities for data within their respective business areas, and additional staff can be brought into the program to design workflows. (from AHIMA IG toolkit).
Project components in establishing our IG program included: (from AHIMA toolkit)
? Identification of accountable executive
? Charter development: A charter provides the framework for a project and is intended to include and identify:
o Executive summary
o Project definition
o Project approach
o Measures of success
o Approval process
? Project Plan Development to include
o Initiation: The initiation phase sets up the framework for the program. Components to our initiation phase included creation of the charter, a communications plan, defining the core team and the accountable oversight committee, and identification of the project manager.
o Planning: The planning phase informed the development of our project plan. We initially created a preliminary scope statement to allow us to evaluate and prioritize ad hoc requests for work. An IG project plan was developed and continues to be updated as new initiatives are undertaken. The team defined time periods for planning and then adjusted as the project moved forward
o Execution: Execution for IG plans can take many forms. Our organization defined the project deliverables, focus, and quick wins we could achieve to keep the momentum going for all of our activities. Throughout the execution phase, the team focused on deliverables that built value and created a compelling story for success. We created processes, developed policies and procedures and trained our team.
o Monitoring/Control: Assessment of schedules, scope, budge and change management process was ongoing throughout the implementation of our IG program
o Project closure: project was completed, the project manager took steps to appropriately close each milestone and deliverable. As each deliverable was closed we updated the status report as well as identified any operational owners who will manage these steps in the future.
VI. Organizational Impact:
The IG program has created new synergy in managing information that supports care delivery for HIEO participants. The project plan, once implemented, created a standard for information maintenance and accountability. During the implementation period, there was significant focus on ?quick wins? for the program and notably, there were several challenges that were positively impacted.
After initiation of the project and a period of normalization, identified gaps in some of the types of analytic reports, deeper understanding of consent management, operational accountability for contributing partners for consent values and managing problem lists and medication reconciliation were identified. The initial project plan had identified ?accountability? but did not describe specific requirements and analysis needs. This has unfortunately resulted in unresolved redundant data in the EDW which has created dissatisfaction and concerns of data accuracy and integrity. Audit tools exist within the HIE process but the reports are difficult to interpret and need to be re-tooled to be more user friendly. Patient matching has worked well, however the process for individual organizations to manage respective EMR transactions has been problematic. Consideration is underway by the CDO to implement a new project plan to identify gaps and mediation strategies, specifically related to contributing partner consent management.
IG Challenges Resolved
a. Reporting as a result of the governance tactics employed and working with the respective provider groups, standard reports have been developed for each of the practices. These provide information related to numbers of individual patients contributed by the organization, query results, required fields which need completion, user ID access. Importantly, reporting has now expanded to include patients who appear to have duplicate records and need to be merged. These are provided to the organization in a ?work queue? daily in order to be addressed by the contributor.
b. Data Management: Patient consent management is a significant component of any exchange of information between providers. Best practice standards have been established by the HIEO, which are shared with the participating organizations for consideration in their doors to manage duplicate patients, problem lists, medication lists (expired vs current), allergies.
c. Patient Identity management solutions: Policies and procedures, rules related to patient identity, merge criteria, data correction/moves have been established by the HIEO. Individual participant organizations must develop P&P for management of their individual patient data. Measureable improvements in patient identity data quality were realized. The level of complaints from member organizations and providers dropped.
VII. Benefits Realized:
Following the implementation of the IG program and its related activities, the HIEO gained knowledge regarding key data quality initiatives needed to effectively manage its record matching. The staffing required to manage error queues and duplicates was able to be maintained with increases, even as the HIEO membership grew and volume of EMPI records increased. This was a direct cost savings to the organization. The HIEO?s reputation within the state improved and additional member organizations joined.
VIII. Summary: The IG program has created new synergy and partnership in managing information that supports care delivery for HIEO participants. Providers have a broader clinical profile that supports population health and works to decrease costs. Patient matching tools and initiatives have been implemented which has significantly improved the provider experience, patient experience, decreased the need for redundant testing and improved the care continuum for the patient.
IX. TASKS: Prepare an HIEO policy that provides clear guidance to all contributors in the HIEO on the use of patient consent. *Make sure to include all statutory citations identified.
Include the following elements:
1. Identifies authorization and consent management in alignment with HIPAA, federal requirements (e.g. 42 CFR, part 2), and the Minnesota (MN) local state statute.
2. Define required components for authorization versus consent for health information exchange purposes.
3. Consider ethical considerations for use and disclosure of any information held within the HIE and define the accountability of each contributing organization to access, use and disclose.
4. Provide clear guidance to all contributors in the HIEO on the use of patient consent. Identify how the consent value is managed by the contributing parties (e.g. collected, stored, updated and sent to the HIE).
5. Identify any other specific types of consent values which need to be considered for consent management (e.g. 42 CFR part 2 and others specific to the state of Minnesota (MN) such as HIV, STD and genetic testing).
Resources to consider:
Data Quality Maturity Model
Why Patient Matching is a Challenge
Data Quality Attributes Grid
Clinical Data Exchange Models
HIE/RHIO Clinical Data Exchange Chart
Managing the Integrity of Patient Identity in Health Information Exchange
HIM Principles in Health Information Exchange (Practice Brief)
HL7 Patient Administration ? V2.71 (Chapter 3), p. 58 HIM Concepts, Principle & Practices Text