Security for Chicago HIE

Cloud Computing, VPN, Encryption Will Play Roles
Security for Chicago HIE
To access a central data repository in the cloud, participants in a Chicago health information exchange now in development will use a virtual private network where all data traffic is encrypted, says Terri Jacobsen, director of the project.

The MetroChicago HIE is a project of the Metropolitan Chicago Healthcare Council. The network's central data repository will use the cloud computing model, "although it will be logically federated so organizations that are participating in the HIE can put a copy of their data in that repository, yet retain ownership and control of their own data," Jacobsen explains. "If they decide they don't want to any longer participate, they can pull it out if they choose, or otherwise release it only based on rules that they approve of in advance."

In an interview with Howard Anderson, executive editor at, Jacobsen explains that 67 organizations have committed to providing start-up funding. Once the network becomes operational later this year, participants will pay a subscription to use its services.

The HIE will use Microsoft's Amalga enterprise health intelligence platform as well as technology from HealthUnity Corp. CSC is providing project management, implementation and hosting.

In the interview, Jacobsen explains:

  • The HIE initially will offer access to clinical summaries that clinicians in emergency departments can use when treating patients.
  • Among the other services the HIE initially will offer are public health reporting, lab result reporting, an immunization directory and access to medication and allergy histories.
  • Organizers are still considering whether to require patients to opt in to authorize the sharing of their records via the HIE or to automatically enroll them unless they opt out.
  • The technology the HIE is using can accommodate specifying patient consent for accessing information down to the level of individual data elements within an electronic health record. As a result, a patient could, for example, restrict access only to portions of the record dealing with mental health.

Jacobsen is director of health information exchange for the Metropolitan Chicago Healthcare Council. She is responsible for the development, management and implementation of MetroChicago HIE. She is also responsible for other health IT initiatives, such as public health, participating in a statewide HIE and Regional Extension Center grant activities. She formerly practiced nursing in pediatrics, adult and geriatric settings.

HOWARD ANDERSON: For starters, tell us a bit about the council and why it decided to launch this ambitious health information exchange effort.

TERRI JACOBSEN: Two years ago, a grant came out from the state of Illinois on "crossing the digital divide," and the council thought it would be best to try to support this for the metro Chicago area, since health information exchange was being discussed. In terms of services from the council, we support a lot of shared services ... revenue cycle management, human capital service, background checks, workmen's comp and we also support the Illinois Poison Control Center. ... Our CEOs from member hospitals encouraged us to apply for, grant money to begin to do the planning for the metro Chicago area for our health information exchange.

HIE Timeline

ANDERSON: When do you expect to launch the HIE, and how many organizations have agreed to participate so far? And can you clarify how it will be funded?

JACOBSEN: We've just completed our planning ... and our vendor selection. We're in the process of transitioning to implementation. At this point, we've gone out with what we call a founding member campaign, in which we've asked the hospitals and healthcare organizations to do a commitment. ... Originally, the grant's funds lasted us up to vendor selection, and we needed to go at risk as an organization. To date, 67 healthcare organizations across the metro Chicago area, which represents about 70 percent of the hospitals, have given a contribution to [start] the health information exchange.

We're in transition right now. We're talking to a number of early-adopter organizations who will be the first organizations to help establish the core services and initial use cases across the region. The sustainability model is going to be based on a subscription service that we have discussed with both our members and vendors.

HIE Transactions

ANDERSON: What kinds of transactions will the exchange accommodate initially, and what services will be offered in future phases?

JACOBSEN: These are the core HIE services: the master patient index, provider directory, record locator service and consent management. On top of those core services are going to be the initial use cases, which will be clinically focused. It will be a clinical summary available across the emergency departments; public health reporting, such as syndromic surveillance; electronic lab results reporting, an immunization registry; the sharing of medications and allergies; and diagnostic results delivery. ... We've talked about a number of future use cases that may also be administrative in nature and also support things such as case management and ongoing analytics.

ANDERSON: So one of the major initial uses will be to exchange data for patients being treated in emergency rooms who have records at another hospital, for example?

JACOBSEN: That is correct. When you look at some of the HIEs where some of the biggest benefits have been across the U.S., there's been success with regard to emergency departments. For example, say you were at your hometown hospital and then you came into the city and got ill. Let's say you thought you were having a recurrence of chest pain. If your community hospital has already done a complete cardiac workup, the hospital would be able to pull up your records and necessary data feeds - ADT [admission-discharge-transfer], lab, radiology, dictated reports and discrete medications - and be able to see a summary of what care you've received. Maybe you really had a hiatal hernia and it's presenting as such. It changes the course of how physicians and clinicians approach your treatment.

Emergency department physicians oftentimes describe driving down the road at night with no headlights on as an approach to patients when they appear in the ED. The conversation and the intelligence that you can approach the case with when you know something about the patient makes a big difference.

Cloud Computing

ANDERSON: To make all this happen, I understand the HIE will use cloud computing for infrastructure. Will you create a central data repository in the cloud that everyone can access? And how do you handle security for that repository?

JACOBSEN: We are actually doing software as a service. We do have a centralized, dedicated and secure hosting environment within a secure data center that has achieved one of the highest levels of security, an ISO 27001:2005. It has professional management and disaster recovery systems in place.

Our architecture will be a centralized data repository, although it will be logically federated so organizations who are participating in the HIE can put a copy of their data in that repository, yet retain ownership and control of their own data. If they decide they don't want to any longer participate, they can pull it out if they choose, or otherwise release it only based on rules that they approve of in advance. The reason we wanted to do that is because there would be improved performance, especially because everyone is interested in being able to do real-time queries across patient cohorts of populations to see what's going on in public health.


ANDERSON: What form of authentication will you use to verify the identities of those requesting information through the HIE? And what role will encryption play in safeguarding the transactions of information?

JACOBSEN: We are using strong passwords for authorized users and virtual private networks where all data traffic is encrypted. We will be supporting the Integrating the Healthcare Enterprise ATNA [Audit Trail and Node Authentication] profile using SSL/TLS 128-bit encryption. And this is consistent with the federal guidance from the Office of the National Coordinator for Health IT and the National Institute of Standards and Technology.

ANDERSON: Will you eventually consider moving to a two-factor authentication beyond just user name and password?

JACOBSEN: Two-factor authentication is something that we can talk about in detail with some technical experts down the road, but we do have a number of authentication pieces that we're looking at. One of the things that's very important in terms of our providers is that we have to be able to make sure they're authenticated both personally and professionally. You may be aware that when you're setting up a provider directory, you don't want to have anyone posing to say they're a doctor, and they're really not. We'll be working very closely with our hospital organizations that have gone through the process of credentialing providers and making sure they can actually practice medicine in the way that they're saying. That will be part of this process.

Patient Consent in HIE

ANDERSON: How will you go about gaining patients' consent to have their information accessed via the HIE? Will they opt in to participate, or will they automatically be enrolled unless they choose to opt out?

JACOBSEN: That's something that's currently under discussion, both in the metro Chicago area and statewide. Of course, in order for an HIE to really work well, you would want people to opt in upfront. Otherwise, if there is not enough data, it makes it difficult for providers to depend on such information to provide safe patient care. So we're in the process of looking at it. ...

The technologies that we've selected have the tremendous capability of being able to handle consent down to the data element level. In the state of Illinois, for example, we have restrictions on sharing mental health diagnoses and HIV diagnoses, for example. We'll be able to use a hybrid approach where we can lock down to the data element level and share that kind of data that only patients want to share.

HIE Lessons Learned

ANDERSON: Finally, what lessons have you learned from other HIE projects about ensuring privacy and security that you'll be able to apply to your efforts?

JACOBSEN: One is that opt-out is really a preferable way to go. People have really struggled across the U.S. with opt-in for reasons such as people who are drug-seeking recognize they can opt-in and figure out they can go from ED to ED and suggest that they don't want to share that data. And many ED visits are related to drug seekers. That's something that we've heard about loud and clear across the U.S. ... Basically, we need good patient education about understanding what the purpose of an HIE is and how it's used to support patient care delivery and safe delivery of care.

Actually, there have been studies done that people with severe illnesses or chronic illness understand and support using an HIE. And in some markets ... over 99 percent of patients consent to participate in an HIE when they really understand the purpose and how it's used to their advantage with proper privacy and security types of control.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.