Connecting HIEs: How to Address Security

Compliance With Standards Critical
Connecting HIEs: How to Address Security
Although the Nationwide Health Information Exchange standards eventually will help pave the way for HIEs to share information, security risks related to the "weakest link in the chain" must be addressed, says consultant Patti Dodgen.

"If every participating entity does what they should be doing, the risk will be very minimal," says Dodgen, who is advising HIEs in seven states plus Guam and Puerto Rico. "But if you've got several participating entities with security holes, it's just going to increase the risk. So the challenge will be to make sure we have the strong security protocols and standards and that we have compliance among the participating entities."

In an interview (transcript below), Dodgen:

  • Predicts that metadata tags within electronic health records, used for such purposes as to indicate patient consent for clinicians to view specific data elements, will help ease health information exchange. This approach, now being tested on a small scale, is advocated by the President's Council of Advisors on Science and Technology.
  • Explains why most HIEs will use the opt-out approach to patient consent. In that model, data is automatically available for exchange unless a patient chooses to opt out.
  • Describes why most HIEs will rely on digital certificates and multi-level user authentication procedures to help prevent breaches.
  • Explains why more HIEs are turning to cloud computing to help control costs and simplify processes.

Dodgen is the CEO and co-founder of Hielix, an information technology consulting firm that advises HIEs and assists physician group practices implementing electronic health records.

HOWARD ANDERSON: I understand that you've served as a consultant for several HIE projects, is that correct?

DODGEN: Hielix has worked with or is currently working with the states of Arizona, Florida, Iowa, Maryland, Mississippi, North Carolina, North Dakota, plus Guam and Puerto Rico. ...

Digital Certificates

ANDERSON: Do you anticipate that most HIEs eventually will rely on digital certificates for user authentication or will they use some other option for that?

DODGEN: Yes I think most HIE vendors, at the least the ones that we work with and are familiar with, are going with digital certificates and multi-level user authentication procedures. I think that is really going to become the de facto standard at some point in the future.

ANDERSON: Why do you think that will become the standard?

DODGEN: Because [the certificates make] the authentication process quicker and less expensive. Digital certification is one level of authentication. And then the succeeding levels are really important in terms of preventing some of the breaches that we hear about today. Of course, there are other projects under way ... and they may, in fact, change some of those approaches as they play out. We'll just have to wait and see.

HIE Structural Models

ANDERSON: Many HIEs are weighing whether to create a central repository for patient information or use a federated model where data is accessed at its original locations. What are the pros and cons of each model when it comes to maintaining privacy, and which approach do you think will become most common over the long haul?

DODGEN: Once upon a time, the approach was typically a consolidated or centralized model, and then we heard more and more about the federated model, where data continued to reside in its original location. And then there was the hybrid model. Over the past 18 months or so, most of the models that the states have contemplated have really been some version of a hybrid model. But I think what we're seeing is that most vendors are moving to the cloud-based HIE, where the data continues to be stored in its original location, which is not unlike the federated model.

We're not even hearing much about federated or centralized models anymore. It is really all about cloud computing, and I think the reason for this is because the security is actually enhanced when the data is maintained at the original site and the original provider has some control over its release.

Now the centralized and hybrid models have two major disadvantages. First of all, you have to move some data to a central storage location, and usually that is in the form of patient demographics, because that helps enable the fastest location of the information that is sitting out in the federated location. So once you move some of that data that adds layers of security to the overall process, and then it also usually adds staff cost to manage the additional processes and the additional storage requirements. So that tends to put a lot of pressure on the sustainability model. The only real advantage to these systems is disaster recovery, and in the event of a major disaster, like Hurricane Irene or Katrina, the state of recovery for those impacted areas is actually enhanced.

ANDERSON: Please explain what you mean by the cloud model and how that relates to or supports leaving the data so it can be accessed at its original location.

DODGEN: In most cloud models you have some synchronization of data that is going on. ... so that there are behind-the-scenes processes that make sure that you have real-time mirroring of that data so it's not necessary to physically move those bits and bytes into some centralized repository to facilitate the functioning of the record locator service. ...

What we've seen with the vendors that we work with is a very near to real-time synchronization of that data in a "thin client" sort of way that gets around the issues that I just mentioned having to do with additional layers of security, additional layers of authentication, and access approval, and the attendant cost and resource constraints that go around that.

Patient Consent

ANDERSON: Many HIEs are using the opt-out approach to patient consent, giving patients the opportunity to opt out of having their data shared. Do you think that over time more will shift to an opt-in approach where patient permission must be received before any data is actually exchanged?

DODGEN: No I really don't think that is what we are going to see. I think we're going to see those who are currently using opt-in are actually going to move to opt-out. ... Opt-in doesn't ... necessarily create the number of users or the amount of data that is required to have a robust exchange, and it makes sustainability nearly impossible. Some of the studies indicate that the number of patient records available for exchange falls below 10 percent [with opt-in], and it really makes the value of the HIE very, very marginal. You can understand why - it's not that people don't typically want to share their data in an appropriate fashion, but there are challenges to successfully market the opt-in process. ... What we have found is that if you ask, "Do you want to opt-in" the answer tends to be no, but if the individual doctor says to his patient, "Would it be alright for me to share this information with doctor such and such," overwhelming the answer is usually yes. So the opt-out approach, with the proper education, so those who truly do not want their data exchanged have the ability to say, "I want to completely opt-out" ... is more likely to be the most realistically viable way of going.

NWHIN Standards

ANDERSON: Are you confident that the Nationwide Health Information Network standards that are now in development will eventually pave the way for various HIEs to share information with each other from coast to coast? And if so, are there now security risks that would have to be addressed?

DODGEN: Yes, I think they will pave the way for cross-state sharing of information. We are still a little ways from full implementation, but we think that they are on the right track and eventually you'll see the states link together. The additional security risks are really what I would describe as the "weakest link in the chain" scenario. So if every participating entity does what they should be doing, the risks will be very minimal. But if you've got several participating entities with security holes, it's just going to increase the risks.

So the challenge will be to make sure that we have the strong security protocols and standards and we have compliance among the participating entities. In the final analysis, it's going to depend on the ability of the Feds to have strong accountability procedures and processes in place so that we do see the level of compliance necessary. But we are very encouraged.

PCAST Report

ANDERSON: Finally, the President's Council of Advisors on Science and Technology has called for the use of metadata tags within electronic health records, such as to indicate patient consent for clinicians to share or access specific data elements. The council sees the metadata tags as a way of ultimately easing national health information exchange. Is that a practical feasible approach do you think?

DODGEN: Well it's very early on, but it's very, very encouraging. The way metadata tags help is from the context of clinical data exchange between two trading partners. Using the tags allows the partners to leverage the current technology, and we think it's going to grow very quickly. It looks like the usefulness to exchange is going to make it a valuable tool.

For providers who understand who owns the data, it makes the data more accessible and can be used to enhance the clinical experience for the patient. We think it seems very practical and seems feasible in early tests. There are two announced pilots that are going to crank up this fall. One is the Query Health initiative, which is designed to help deliver the standards for the way queries are made and how metadata is used as a part of that querying process. Then the second pilot project is called the Data Segmentation Initiative. This is a mechanism that will allow data to be selectively queried and pulled on the basis of those metadata tags, which would give the patient much more flexibility in terms of allowing who they want to see exactly what pieces of data [within their record].

So I think that approach will eventually make that opt-out process much more feasible and viable in the long run when the individual consumers understand that through the use of these metadata tags, they can say "yes it's okay for this doctor to see everything in my record but maybe I don't have any need for this specialist to see anything specific to mental health treatment I've received or substance abuse treatment." So I think it will allow consumers to be much more comfortable in terms of sharing what needs to be shared.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.