himss hie common practices survey - amazon s3s3.amazonaws.com/rdcms-himss/files/production/... · a...

2011 HIMSS HIE

Common Practices Survey

HIMSS Health Information Exchange

HIE Common Practices Workgroup

Bi-Annual Survey

May 2012

HIMSS Health Information Exchange 2011 HIE Common Practices Survey

© 2012 Healthcare Information and Management Systems Society (HIMSS) 2

Table of Contents Executive Summary .................................................................................................................................... 4

HIE Terminology .................................................................................................................................... 4

Principle Findings ....................................................................................................................................... 5

Responder Overview ................................................................................................................................... 6

Responders Organizational Demographics (Questions 1-14) ................................................................. 6

Entity Formation & Organizational Description (Questions 15-32) ....................................................... 7

Participation Agreements, Governance and Funding (Questions 33-50) ............................................... 9

Data Exchange Activities .......................................................................................................................... 10

Exchanges Providing HIE Services (Questions 51-56) ........................................................................ 10

HIE Services (Questions 57-62) ........................................................................................................... 11

Scope of Exchange Activity (Questions 63-68).................................................................................... 14

Technical Aspects of the Organization (Questions 70-82) ................................................................... 15

Privacy, Security and Standards ............................................................................................................... 17

Privacy & Security (Questions 83-86) .................................................................................................. 17

Data Management & Standards (Questions 87-93) .............................................................................. 19

Participation in ONC Initiatives............................................................................................................ 21

Lessons Learned & the Next Horizon ....................................................................................................... 21

Interoperability and Other Services (Questions 94-102) ...................................................................... 21

Top Five HIE Industry Issues and/or Concerns (Question 103) ........................................................... 22

Privacy & Security (30 percent) ....................................................................................................... 23

Financial Sustainability & Costs (21 percent) .................................................................................. 23

Conflicting and/or Rapidly Changing Policy (20 percent) ............................................................... 24

Lack of Patient/Provider/Stakeholder Integration (13 percent) ........................................................ 25

Data or Interface Shortcomings (12 percent) .................................................................................... 25

Lack of a Qualified Health IT Workforce (4 percent) ...................................................................... 25

Conclusion ................................................................................................................................................ 26

Acknowledgements ................................................................................................................................... 27

HIE Committee Common Practices Workgroup .................................................................................. 27

HIMSS Staff.......................................................................................................................................... 27

Appendix A: Survey Methodology ........................................................................................................... 28



Appendix B: Survey Questionnaire Tool .................................................................................................. 30

Primary Information.............................................................................................................................. 30

Location Information ............................................................................................................................ 30

HIE Entity Formation & Organizational Description ........................................................................... 31

Participation Agreements & Oversight ................................................................................................. 31

Funding & Operations........................................................................................................................... 32

Data Exchange Activities ...................................................................................................................... 32

Technical Aspects of the Organization ................................................................................................. 33

Privacy & Security ................................................................................................................................ 34

Data Management & Standards ............................................................................................................ 34

Lessons Learned & the Next Horizon ................................................................................................... 35



Executive Summary

The HIMSS Health Information Exchange (HIE) Common Practices Workgroup spearheaded the 2011

HIMSS HIE Common Practices Survey project for the purpose of gaining insight into practices common

to health information exchange organizations and networks operating in the United States. The original

survey project was completed in 2009, with results presented in the 2009 HIMSS HIE Common

Practices white paper.1 The data collection for the current survey was conducted between January and

May 2011. The primary intent of this paper is to provide insight and awareness of general

characteristics and activities of HIE organizations that the reader many encounter when working with

their local and state HIE organization.

HIE Terminology

In 2008, the Office of the National Coordinator for Health Information Technology (ONC) engaged in

discussions with the health IT industry to define certain terms, among which were the terms “HIO” and

“HIE.”2 Health Information Exchange (HIE) is defined as “the electronic movement of health-related

information among organizations according to nationally recognized standards,” and as such, it is

considered an action or verb. A Health Information Organization (HIO), on the other hand, is defined as

“an organization that oversees and governs the exchange of health-related information among

organizations according to nationally recognized standards;” in other words, an HIO is the organization

that performs the data sharing, a noun. In this survey, we have adopted the more commonly accepted

industry use of the term “HIE” to represent both the action of data sharing and those organizations

responsible for it.

The 2011 HIE Common Practices Workgroup agreed to take a more liberal approach to inviting

participants than what was used for the 2009 survey, adopting a broader definition of what constitutes an

“exchange.” The 2009 survey sought to exclude organizations that were not actively engaged in the

sharing of data, as well as organizations that had limited their data sharing to within their organizational

family. For the 2011 survey, we invited all organizations that are sharing data between organized

entities, even if those entities may be held within the structure of a larger organization. In addition, we

invited organizations to respond while they were still in the formative stage and had not yet started data

sharing activities, including State-Designated Entities (SDEs) which may have been forming to facilitate

exchange within the state, but may not have been planning HIE services of their own.

1 http://www.himss.org/ASP/ContentRedirector.asp?ContentID=76001

2 The National Alliance for Health Information Technology Report to the Office of the National Coordinator for Health

Information Technology on Defining Key Health Information Technology Terms. April 28, 2008.

http://www.himss.org/ASP/ContentRedirector.asp?ContentID=76001



Principle Findings

This white paper presents findings from the survey as reported by the survey’s participants, and is not

intended to represent all HIE organizations. We recognize and embrace the fact that HIE organizations

by nature are not alike and will vary across their business models, service offerings and overall technical

strategies. All information developed and discussed in this paper was compiled by the authors based

strictly on the survey responses, all of which were self-reported by the HIE organizations that

participated. No additional attempts were made to verify responses. The findings outline common

themes, trends and issues as reported by the survey’s participants.

Below is a summarization of some of the more interesting findings from the 2011 survey.

Many more HIEs The 2011 survey had 38 responders, an 81 percent increase over the

2009 survey.

Few HIE closures Only two HIEs that responded in the 2009 survey have closed.

Increased

production mode

More than 50 percent of responders were in production mode.

Broader geographic

penetration

Nearly 80 percent of the responders indicated that they covered both

rural and urban geographies.

Quality still leads Quality of patient care was listed as a reason for formation of the HIE

100 percent of the time.

Payer involvement

dropping

Payer/health plan participation dropped from 76 percent in 2009 to a

reported 42 percent in 2011.

Healthcare reform

important

The ACO payment model was already being cited as a primary driver

for HIE.

Participation fees

remain popular

Subscription fees and membership fees topped the list of revenue

sources from operations.

Financial sustainability

increasing

More than half of the HIEs reported having achieved financial

sustainability through revenue from operations. However, many

HIEs indicated that they still routinely seek grant funding to expand

operations and services.

HIE services expand

Services offered continued to be focused on the core HIE functions of

MPI, record locator and results distribution; however, CCD/CCR

exchange and secure messaging were also being widely used.

Bi-directional exchange

gaining ground

Bi-directional exchange was also gaining in momentum, being

performed by more than two-thirds of responders.

Architecture strategies

mixed

Federated and hybrid federated architectures were used by all but two

of the responders, who reported using a centralized architecture.

PHRs on the increase Two-thirds of the HIEs planned on interoperating with PHRs or

offering their own PHR services.

Privacy and security

top concerns

Privacy and security concerns surpassed financial sustainability

concerns in the minds of the survey’s respondents.



Responder Overview

Responders Organizational Demographics (Questions 1-14)

A total of thirty-eight responders participated in the 2011 HIMSS HIE Common Practices Survey, which

was an 81 percent increase over the 2009 survey.

The most common HIE entities responding to the survey were local, regional and federated non-

geographic multi-stakeholder organizations. Six of the responding organizations also noted that they

were the State-Designated Entity (SDE) for state-level HIE (see Figure 1).

Figure 1: Responding Organization Type.

Responders were located in California, Colorado, Connecticut, Florida, Georgia, Idaho, Illinois, Indiana,

Iowa, Kentucky, Massachusetts, Maryland, Michigan, Missouri, Montana, North Carolina, Nebraska,

New Mexico, New York, Ohio, Oklahoma, Oregon, Rhode Island and Washington. Three more states

participated in this survey than in the 2009 survey.

There were twenty-three new responders to the 2011 survey, and the fifteen repeating responders

reported their organizations were still in operation. Six responders from the 2009 survey did not

respond; however, external verification indicated that all but two were still in operation. Seven

responders were 2010-2011 startups, which is not surprising given the Meaningful Use HIE criteria and

increased funding availability from ARRA/HITECH grants during that time.

58%

5%

5%

16%

3%

13%

Local, regional or federated multi-stakeholder organization that provides HIE services

Integrated Delivery Network (IDN), medical group practice, or similar organization that provides HIE services only to its own stakeholders and within its own organizational boundary

Governmental HIE organization or initiative (city, county, state, federal)

Non-profit organization that is the State Designated Entity (SDE) for State-Level HIE

Integrated delivery system providing HIE services inside and outside its boundaries in multiple states

Other



As observed in the 2009 survey, a majority (66 percent) of individuals responding to the survey listed

their positions as CEO, CIO, Executive/Managing Director or Chairman/President. Other positions

cited included Director of Informatics and some state-level positions.

The majority of responders were actively exchanging data in either production or pilot mode (see Figure

2), and eleven of the non-production HIEs were under contract to begin data exchange activities by the

end of 2011. Population coverage was mixed between regional, non-geographically related and state-

wide, with only four responders indicating multi-state constituencies.

Figure 2: HIEs Exchanging Data (Production vs. Pilot Mode).

One interesting statistic was that nearly 80 percent of responders indicated that they covered both rural

and urban geographies, which supports the notion that HIEs have successfully performed outreach into

the rural areas where health IT advancement may be lacking. Another reassuring statistic revealed that

84 percent of responders indicated covering large medically and/or economically under-served

populations. This is especially important for the prevention of a further digital divide, and will operate

to directly reduce health disparities within these communities.

Entity Formation & Organizational Description (Questions 15-32)

The majority (82 percent) of the respondents indicated that they operated as not-for-profit organizations,

with the remainder being mostly governmental entities. Only two organizations indicated that they were

private-sector for-profit entities. When all respondents were asked why their HIEs were formed, the top

three reasons included:

Improve the quality of healthcare delivery / Improve patient safety (100 percent).

Need to share information across healthcare stakeholders in community (89 percent).

Decrease healthcare costs (87 percent).

Yes 51%

Yes, in pilot mode (real/production

data) 3%

Yes, in pilot mode (test data)

24%

Planned for 2011/2012

19%

No 3%



With the new regulations clarifying how Accountable Care Organizations (ACOs) are expected to

operate, it should be noted that fourteen respondents had also listed preparation for or participation in

ACOs as a primary reason for HIE operation, and 66 percent of respondents cited Meaningful Use

requirements for interoperability as another driver for initiating HIE activities. Three organizations—

located in the states of Oregon, Colorado and Maryland—indicated that their HIEs were formed as a

result of a governor’s executive order.

In preparing for start-up, many organizations followed a pattern for organizational development which

included:

Developing a business case (81 percent).

Creating an operating budget (76 percent).

Developing a contingency plan (59 percent).

Thirteen respondents (only 34 percent) indicated that they had created a three-year capital budget before

initiating operations, which is consistent with the last survey (38 percent). In future surveys it would be

useful to determine the rationale for organizations’ apparent short-term attention to capital budgets. One

possible explanation could be a planned shift of expenses from capital to operational budgets. An

example of this may be the selected technical strategy, such as using software-as-a-service (SaaS) or

other outsourcing models, which typically have fewer up-front capital costs. However, these are

speculations and should be further researched.

HIE stakeholders most often cited included provider organizations, such as hospitals and Integrated

Delivery Networks (IDNs), at 92 percent, followed closely by primary care physicians at 87 percent and

specialty physicians at 76 percent. Other notable stakeholders included:

Private/payer health plans (42 percent).

State government agencies (37 percent).

Technology vendors (34 percent).

Federal government agencies (29 percent).

Quality improvement organizations (24 percent).

One notable change from the 2009 survey was the decreased role that payers and health plans were

playing in new HIEs as reported by this group of participants, dropping from the 76 percent reported in

2009. Likewise, technology vendors were also playing a less active role in the HIEs to which they

furnished software and services, dropping from the previously reported 57 percent.

Start-up initiatives continued to vary across the HIEs, with 74 percent of the respondents indicating that

their HIEs were, at least in part, community-initiated activities, as compared to those which originated

from a single entity, such as a provider, payer or other organization. This focus on community-based

initiation was consistent with the 2009 survey results. State and federal initiatives also contributed to

HIE formation as would be expected (see Figure 3).



Figure 3: Attribution for the Formation of the HIE.

Although 63 percent of responders indicated not following an established HIE implementation model or

guide, five responders notably identified Healthbridge of Cincinnati, OH, as a leading model that was

followed during planning and implementation. Twenty-one percent of responders indicated that they

followed the Markle “Connecting for Health”3 strategy. HIMSS and eHealth Initiative (eHI) were also

noted as resources for information and tools to create and implement HIEs.

Participation Agreements, Governance and Funding (Questions 33-50)

Participation agreements were used by most (84 percent) of the HIE organizations. Governance was

conducted in a variety of ways, including directorship at 68 percent and membership class or group

representation at 16 percent. The makeup of HIE governance was typically composed of members from

the participating organizations (68 percent); funding organizations who did not directly participate in

exchange (11 percent); and other community interest participants who were not funders of the exchange.

HIE management was most often provided through a paid staff individual (68 percent), although

contractors (11 percent) and others, including unpaid volunteers, were used by a significant number of

HIEs.

Financial sustainability continued to be a high priority for HIEs. When asked about their primary

funding sources, over half of the responders reported having achieved financial sustainability through

revenue from operations. However, even many of those HIEs also continued to get grants and other

financial contributions (see Figure 4). Breaking down the types of funding received from operations,

subscription fees (53 percent) and membership fees (32 percent) topped the list of revenue sources, with

only 21 percent reporting that they collected transaction fees (Figure 5).

3 http://www.markle.org/health/markle-connecting-health-collaboration

0%

10%

20%

30%

40%

50%

60%

70%

80%

13%

0%

11%

74%

13%

5%

24%

One primary "key" provider

One primary "key" payer/employer

One primary "key" vendor/consultancy who acted to coalesce the community

Community initiated (several providers and/or other interested parties)

Outgrowth from an existing data sharing operation (e.g., registry)

Community action group composed of consumers/patients

Other (ONC HIE/HITECH, research, state legislation, federal funding, etc.)

http://www.markle.org/health/markle-connecting-health-collaboration



Figure 4: HIE Funding Sources.

Figure 5: Reported Revenue Sources from Participants.

Data Exchange Activities

Response data for questions 51 through 68 was calculated based on the 37 responders who were

exchanging data in either production or pilot mode at the time of this survey, as determined by responses

to question 9, “Is the HIE still actively exchanging clinical data?”

Exchanges Providing HIE Services (Questions 51-56)

Of the responders, twenty-eight (74 percent) had already implemented health information exchange

services, six were planning implementation later in 2011 and the remaining four were still in a startup

mode. Of those HIEs that were exchanging data, the responses revealed that the majority (96 percent) of

HIE implementations took place after 2004. The year 2009 represented the greatest number of HIE

implementations, with 24 percent of the total HIE implementation activity.

0%

10%

20%

30%

40%

50%

60%

70%

In-kind resources

Financial contributions

Grants Contracts and cooperative agreements

Cash loans / Services credit

Sustained funding

55% 55%

68%

37%

8%

45%

0%

10%

20%

30%

40%

50%

60%

70%

Membership dues/fees Subscription service fees Transaction fees Third party org fees

36%

61%

24%

15%



The consistent progression in new HIEs implementing exchange activities from 2006 to 2011 makes

sense when considered against the establishment of the National Health Information Infrastructure

(NHII) architecture in 2003, followed by ONCHIT in 2004 (see Figure 6). However, the drop-off

between 2009 and 2011 was unexpected, especially given the state stimulus for the purpose of HIE

development. Since the survey was administered at the beginning of 2011, it is possible that a number

of start-up HIEs simply did not respond to the survey, and that their implementation activity will be

captured in the future. Another possibility is that HIE community start-ups failed to gain a foothold

because of the introduction of the SDEs, instead adopting a wait-and-see approach.

Figure 6: Year of Implementation of HIE Services.

Among the operational HIEs, 76 percent indicated use of a primary vendor, and 19 percent indicated a

home-grown application with many participating vendors. Of the ten HIEs not yet operational, four

indicated that they had either made a prime vendor choice or were moving toward one. The two leading

vendors named by those HIEs indicating the use of a primary vendor were Axolotl (25 percent) and

Medicity (11 percent). Fifteen other vendors were also mentioned either as prime vendors or as

participants in a home-grown exchange, including ECW and EPIC, which are EHR vendors that offer

HIE services. Other HIE service vendors mentioned included MIRTH, HealthUnity, Browsersoft,

Microsoft, Medlink, InterSystems, MISYS, Relay Health, InteHealth, ACS, ICA, MedPlus and Orion

Health.

The majority (64 percent) of reporting operational HIEs began pilot exchange of healthcare data

between January 2009 and April 2011, with several others expected or contracted to begin pilot

operations before the end of 2011.

HIE Services (Questions 57-62)

Of the basic data exchange and sharing services offered by the surveyed HIEs, the two most common

services cited were member organization interoperability and master patient index/record locator

services. Both services were either currently provided or contractually committed to be offered in 2011

by 73 percent of the responders. MPI was also indicated as a core service offering by 71 percent of

0

1

2

3

4

5

6

7

8

2006 2007 2008 2009 2010 2011

3

4 4

7

4

2



responders in the 2009 survey, indicating that a majority of HIEs were still focused on aggregation of

data by patient. The least cited offering was the ontology/vocabulary normalization service (16 percent).

The list of common HIE services was greatly expanded from the 2009 survey, which is indicative of the

increased sophistication of HIEs. We added participation in the national initiatives (NwHIN CONNECT

and the Direct Project) to the list, and refined other categories from the previous survey, using what have

become the more commonly used terms for those services (see Figure 7).

Figure 7: Data Exchange Functions Incorporated into HIEs.

When asked which clinical products and services the organization currently provided or was

contractually committed to offering in 2011, the top four responses were all “push” messages4 and

included lab results delivery (81 percent), discharge summaries (70 percent), radiology results (65

percent) and clinical documentation (62 percent; see Figure 8 “clinical services” in blue). The 2011

percentages represented an approximately 20 percent increase over the same percentages reported in

2009, which is a clear indication that HIEs are gaining in not only broader membership, but in the types

of data being handled.

The clinical data services categories were in stark contrast to the financial and administrative services,

where only ten of the exchanges reported that they were or will be providing non-clinical services. The

most cited non-clinical exchange services were administrative services, ACO services, and

enrollment/eligibility (see Figure 8 “financial/administrative services” in red). This confirms our

observation from the first study that most data exchange conducted in HIE organizations is still oriented

toward patient care. We do expect this number to rise, however, as HIEs continue to search for broader

4 “Push” messages are those that are sent unsolicited from a data source to a data recipient. Examples include laboratory and

other types of results, messages between providers and patient summary documents.

0% 10% 20% 30% 40% 50% 60% 70% 80%

Direct Project

NwHIN CONNECT

Information exchange with SLHIE

Provider indexing services

Master Patient Index (MPI) and record locator services

Ontology/vocabulary normalization services

User authentication & authorization services (security)

Standards harmonization support services

CCD/CDR production/sharing services

Secure messaging

XDS registries for document location

Query

Member organization and interoperability services

30%

27%

43%

38%

73%

16%

30%

65%

65%

65%

38%

65%

73%



revenue-producing business opportunities, and as payers come to see HIE as a source for the quality data

they need to demonstrate outcomes to their customers.

Figure 8: HIE Clinical, Financial and Administrative Services.

A large number of responders (38 percent) were not engaging in data quality and research activities,

although many indicated that they were committed to doing so before the end of 2011. Most of those

(thirteen respondents) indicated they would be reporting immunizations to the state registries.

Syndromic surveillance, public health reporting and quality indicator reporting were the next most

frequently indicated types of reporting (see Figure 9), consistent with the expectations of Meaningful

Use.

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

Patient appointment scheduling

Telehealth / Telemedicine services

Claims

EMT/1st responders reporting/notes

Enrollment / Eligibility

Accountable Care Organizations (ACO) service

Medication alerts

Registry products and services

PHR/Patient-reported data

Administrative data exchange

Radiology image delivery/viewing

EHR products and services

Dictation transcription results delivery

ePrescribing

Immunization / Syndromic surveillance / Public health …

Consultations and referrals

Emergency visit documentation

Community viewer/portal services

Medication history

Clinical patient notes & documentation

Radiology results delivery

None

Discharge summaries

Lab results delivery

8%

8%

11%

16%

16%

16%

19%

22%

24%

24%

27%

35%

38%

41%

43%

49%

49%

49%

54%

62%

65%

68%

70%

81%



Figure 9: Other HIE Services.

In addition to those listed above, eight of the respondents indicated offering one or more of the

following services:

Reporting on referral patterns.

Secure one-to-one messaging.

Automated electronic results and reports delivery.

Emergency department (ED) visit notification to primary care physicians.

Ability for clinicians to subscribe to notifications and alerts about patient events.

Scope of Exchange Activity (Questions 63-68)

When asked about their HIE transaction categories, responders reported that the majority of their

transactions were processed with physician office and hospital sites. Less than 5 percent of transactions

were processed for government reporting, public health and immunization registries (see Figure 10).

Figure 10: Reported HIE Transaction Types.

0% 5% 10% 15% 20% 25% 30% 35% 40%

None of these listed services

Quality indicator reporting

Public health reporting

Immunization reporting (state/federal agencies)

Syndromic surveillance reporting (state/federal agencies)

Chronic disease management

Population health monitoring

Academic research

Data evaluation and performance measurement

Links established with quality reporting agencies

38%

27%

30%

35%

27%

19%

16%

24%

22%

11%

0% 5% 10% 15% 20% 25% 30% 35% 40%

Immunization registry

Government reporting

Public health

Nursing home / Long-term care / Rehab facility

Behavioral health

Payers / Third party administrators

Other

Emergency room outpatient

Outpatient / Clinic

Inpatient

Specialty care physician office / medical practice

Primary care physician office / medical practice

3%

3%

5%

11%

14%

14%

14%

27%

27%

30%

35%

38%



HIEs still processed the majority (two-thirds) of their transactions as pushed messages from the data

suppliers (still primarily hospitals, reference laboratories and pharmacy data suppliers). However, other

types of transactions were gaining in popularity, such as portal inquiries and transaction inquiries, which

accounted for nearly one-third of the volume.

Bi-directional exchange has also gained momentum since the 2009 study. A majority (73 percent) of the

responding HIEs reported that they either used bi-directional as the exclusive exchange mode or had a

mixed environment. For those HIE organizations that indicated exclusively one-way communication, 60

percent reported that bi-directional data exchange was planned (see Figure 11).

. Figure 11: Scope of Reported Exchange Activity.

Sixty percent of the responders indicated that they measured HIE exchange activity, which was down

significantly (80 percent) from the 2009 survey. We are not clear on the specific reasons for this drop,

other than the simple fact that several of the responders were still not exchanging data in a production

mode. Of those that did measure exchange activity, transaction volume was the predominant measure at

86 percent, which is consistent with the previous survey. However, multiple measures were also used,

as shown in Figure 12.

Figure 12: HIE-Reported Metrics.

Technical Aspects of the Organization (Questions 70-82)

Technical architecture plays a significant role in the ability of HIEs to perform certain services. When

asked about their consideration of architecture prior to startup, 82 percent of the survey participants

indicated that their organization considered system architecture before the HIE was organized. Most

One-way 14%

Bi-directional 30%

Mixed 43%

Not Disclosed 14%

72% 74% 76% 78% 80% 82% 84% 86% 88%

Number of entities sending/receiving data

Number of providers sending/receiving data

Number of transactions

Number of patients

82%

82%

86%

77%



participants (61 percent) indicated that their HIE used a hybrid system architecture, followed by

federated architectures at 29 percent and centralized architectures at 8 percent. The majority (71

percent) of survey responders indicated the use of outsourced hosting to facilitate data exchange

activities, whereas 26 percent chose to host at their own facility.

HIEs are typically required to maintain very high availability, often in the “three 9s” or “four 9s”5 range

(99.9 percent to 99.99 percent availability). To ensure high levels of service and systems redundancy in

the event of failure, HIEs employ various means of achieving business continuity. The most often cited

business continuity features are shown in Figure 13.

Figure 13: HIE Business Continuity Strategies.

HIE services require movement of significant amounts of data through secured public and private

networks. Most (84 percent) respondents identified high-speed Internet access as being the minimum

requirement for participating in the HIE, and more than half of the respondents indicated that a VPN was

required. Some HIEs, however, did allow for lower speed connectivity (see Figure 14).

Figure 14: HIE Network Requirements.

5 Service Level agreements often include provisions for availability of “up-time” which are typically expressed in

percentages over a period of time, such as a week or month. The terms “three 9s” and “four 9s” are colloquial, indicating

99.9 percent and 99.99 percent respectively. For example, 99.9 percent up-time over one week means that the system can

be unavailable for no more than ten minutes; 99.99 percent up-time would be one minute unavailability in one week.

0%

10%

20%

30%

40%

50%

60%

70%

80%

Disaster recovery site

Storage Area Network (SAN)

Mirrored or RAID disk

architecture

Hot-failover servers

High availability

servers

Not disclosed

71% 66%

53% 55% 53%

11%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

Not disclosed

To be determined

Phone line

Redundancy

>56 kbps capacity

VPN

Internet access

3%

3%

5%

8%

16%

55%

84%



The majority of responding HIEs reported the use of service-oriented architecture (SOA) either partially

(42 percent) or entirely (21 percent). Only 8 percent of respondents denied SOA use, while 32 percent

did not provide information on their utilization of SOA.

Less than half (47 percent) of the responders indicated that they used open-source products in providing

HIE services, and 34 percent reported that their choice of technical architecture was the result of which

vendor was chosen to implement the HIE. When asked to identify which key technology vendors

supported the organization’s health information exchange activities, 21 percent indicated Axolotl; 11

percent indicated IBM or Mirth; and 5 percent indicated Medicity (see Figure 15).

Figure 15: HIE Use of Key Technology Vendors.

Current trends in HIE development strategy tend to favor buy over build. However, the majority (53

percent) of respondents reported using a mixed strategy, both buying and building components of their

HIE services.

Privacy, Security and Standards

Privacy & Security (Questions 83-86)

All but one of the thirty-two respondents that provided information on security controls and strategies

indicated their HIE employed a minimum of two security controls and/or strategies. Role-based

authentication, auditing and log review, encryption of data during transmission and disaster recovery or

business continuity planning were the most highly utilized security practices among HIE respondents

(see Figure 16).

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%

Other Not disclosed IBM Mirth Medicity Axolotl

50%

24%

11% 11%

5%

21%



Figure 16: HIE Security Strategies.

Patient privacy consent methods utilized by responders covered the full range of traditional “opt-in” and

“opt-out” practices. Opt-in practices and opt-out with no affirmative documentation requirements were

the methods of choice, but opt-out practices with affirmative documentation requirements came in at a

close second (see Figure 17). State law largely defines consent practices, and 90 percent of the “other”

responses involved state-specific practices or variations due to multi-state coverage area. By

comparison, the 2009 survey showed a combined total of only 60 percent of the HIEs using opt-in or

opt-out consent models.

Figure 17: Patient Privacy Consent Methods.

Consent granularity laws are in the early stages of development, and EHR applications are developing

behind those laws. Consequently, with patient adoption lagging and limited technical capacity, the lack

of consent granularity revealed in the survey results was not surprising. HIEs will follow the trend of

federal regulation for establishment of consent models, and at the time of this survey, many states were

out ahead of the federal government in creation of regulations governing the patient’s right to consent.

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Other

Disaster recovery / Business continuity plan

Encryption of data during transmission

Encryption of data at rest

Auditing / Logs / Review

Single sign-on

Two-factor authentication

Role-based authentication

Entity authentication

Federated individual user authentication

Centralized individual user authentication

Security risk analysis

0%

88%

91%

66%

91%

0%

28%

88%

63%

50%

47%

75%

None 3%

Opt In 29%

Opt Out - no affirmative

documentation required

29%

Opt Out - affirmative

documentation required

21%

Other 18%



The resulting differences in consent requirements will make interstate exchange more challenging.

Unless there is a clear national call for a specified level of granularity, EHR and HIE vendors may likely

opt to provide only a very minimal level of consent granularity that is consistent with nationally

accepted norms.

Respondents indicated very strong support of ARRA and HITECH requirements, with business

associate provisions and breach notifications utilized by over 90 percent of the thirty-three organizations

responding to this question. Supporting the accounting of disclosures was a practice exercised by almost

80 percent of the responding organizations, and providing patient access to a copy of their EHR was

practiced by almost 60 percent.

Data Management & Standards (Questions 87-93)

The twenty-one HIE organizations that provided information on data management strategies indicated a

high utilization (71 percent) of code set translation and normalization techniques for data management

within their exchanges. The use of data filtering and language normalization strategies were reportedly

about even, but still fell short of 50 percent (see Figure 18).

Figure 18: HIE Data Management Strategies.

Only 24 percent of responders reported the use of just one data management strategy within their

exchange, an indication that the majority of HIE organizations had outlined multiple strategies which

would better serve their data quality requirements. Implementation of multiple strategies supports

typical HIE business drivers and value propositions and should, in the long run, improve HIE

sustainability. In a related question, almost three-quarters of survey participants indicated that their HIE

organization utilized a health information management position to manage or monitor their data.

Of the 32 participants who provided data standards information, the highest percentages of responders

(81 percent) indicated the support of ICD-9 and LOINC within their data encoding standards. NDC,

RxNorm, CPT-4 and SNOMED comprised about 50 percent of the responding HIEs’ employed

standards, while HCPCS and ICD-10 standards were used by just over one-third of the responders (see

0% 10% 20% 30% 40% 50% 60% 70% 80%

Other

Privileged data

Data filtering

Data correction process

Export & registration of data objects/data staging

Language normalization

Code set translation & normalization

10%

19%

38%

19%

24%

43%

71%



Figure 19). With ICD-10 coding mandates rapidly approaching in 2014, it will be imperative for all HIE

organizations to support this data encoding standard in addition to the ICD-9 version.

Figure 19: HIE Data Encoding Standards.

As expected, all thirty-one survey participants who responded to the messaging standards question

identified Health Level Seven (HL7) as a standard supported by their HIE. The other choices yielded

less than half of the total responses, with the National Council for Prescription Drug Programs (NCPDP)

showing the strongest support at 42 percent (see Figure 20).

Figure 20: HIE Messaging Standards.

The “Other” category revealed some common messaging standards, including the Healthcare Services

Specification Project (HSSP), which is a combination of HL7 standard messages, coupled with Object

Management Group (OMG) frameworks and Integrating the Healthcare Enterprise (IHE) reference

implementations. The lack of direct use or support for the American National Standards Institute’s

Accredited Standards Committee X12 (ANSI ASC X12) was not surprising, since most HIEs do not

engage in the financial EDI messaging.

In a related question, less than one-third of respondents indicated that they supported or used the

Council for Affordable Quality Healthcare (CAQH) CORE EDI messaging profiles, while the remainder

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

Other

LOINC (Logical Observation Identifiers Names and Codes)

HCPCS (Healthcare Common Procedure Coding System)

CPT-4 (Current Procedural Terminology)

RxNorm (Standardized nomenclature for clinical drugs)

NDC (National Drug Code)

SNOMED (Systemized Nomenclature of Medicine)

ICD-10 (International Classification of Diseases)

ICD-9 (International Classification of Diseases)

3%

81%

34%

53%

50%

44%

56%

34%

81%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Other

MDMI (OMG Model Driven Message Interoperability)

ANSI ASC X12 (American National Standards Institute's …

NCPDP (National Council for Prescription Drug Programs)

DICOM (Digital Imaging and Communication in Medicine)

HL7 (Health Level Seven)

26%

13%

35%

42%

26%

100%



either indicated that they did not or were unsure. A little more than half of the responders also indicated

the use of IHE profiles.

Participation in ONC Initiatives

When asked about their participation in the various ONC initiatives, HIE organization survey

participants indicated the highest participation in the Federal Direct Project, with the Standards and

Interoperability (S&I) Framework close behind. Slightly more than one-third of responders also

indicated involvement in one of the federal CONNECT initiative pilots (see Figure 21).

Figure 21: HIE Participation in ONC Activities.

Lessons Learned & the Next Horizon

Interoperability and Other Services (Questions 94-102)

At the time of the 2011 survey, 68 percent of the survey participants had plans to interoperate with

PHRs, and two-thirds of respondents indicated the current or future use of a PHR vendor in accordance

with ONC’s direction for Meaningful Use. The most popular PHRs reported at the time of this survey

were Google Health6 and Microsoft’s HealthVault; also mentioned were Life Link, AHIMA, Relay

Health and SpinnPHR. Other survey participants revealed plans for gateway services which will enable

the patients to connect to the PHR of their choice and several HIE organizations stated that their PHR

interoperation plans were still in development.

Most responders said they had no plans for interoperating with data banks, but 8 percent already allowed

some patient access to the HIE, and another 47 percent said they had future plans for this service. Of the

three responders allowing patient access to the HIE, each had a different policy on which services the

patient was allowed to access. One respondent stated that their HIE did not originate any data, so it

could only be retrieved by the patient’s provider upon request. This respondent recognized that certain

circumstances, such as a provider retiring, might convolute this process, so an alternative solution using

6 The Google Health API was retired in January 2012. See http://googleblog.blogspot.com/2011/06/update-on-google-health-

and-google.html.

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%

Don't know / No response

CONNECT Direct Project S&I Framework Initiatives

45%

26%

45%

39%

http://googleblog.blogspot.com/2011/06/update-on-google-health-and-google.html

http://googleblog.blogspot.com/2011/06/update-on-google-health-and-google.html



a PHR was being developed. Another respondent indicated that only demographics and eligibility data

were accessible to the patient, and the third respondent stated that a written request must be made to the

HIE for the release of the record in paper form, given that they did not allow electronic access at that

time.

Of the twenty respondents indicating the use of other applications through the HIE organization, 80

percent revealed mobile devices as the primary tool. Remote monitoring equipment was used by a little

over half of the responders, social media and networking resources were used by 35 percent, and video

conferencing and Internet2 services were used by 25 percent of the responding HIE organizations (see

Figure 22).

Figure 22: Other Applications and Devices Used by HIEs

Top Five HIE Industry Issues and/or Concerns (Question 103)

Thirty-two responders provided additional details on areas of concern within the HIE industry, from

which several themes were easily identified (see Figure 23).

Figure 23: Observed Barriers to HIE Success.

0%

10%

20%

30%

40%

50%

60%

70%

80%

Other Video conference / Internet2

Social media / Networking resources

Remote / Home monitoring equipment

Mobile devices

15%

25%

35%

55%

80%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Insufficient qualified staff

Data or interface shortcomings

Lack of provider/patient/stakeholder buy-in

Conflicting and/or rapidly changing policy

Financial stability or costs

Privacy & security

13%

42%

45%

71%

74%

100%



The following is a high-level look at the specific issues identified by survey participants.

Privacy & Security (30 percent)

Lack of policy standards.

Impact on data sharing (both intrastate and interstate).

Inconsistency of consent laws.

Lack of national Data Use and Reciprocal Support Agreement (DURSA).

Granularity issues.

With federal mandates for exchange pushing the rate of HIE development, and data exchange

capabilities improving at a rapid pace to meet this need, the lack of a legal framework to govern

standards and services was seen as a significant barrier to HIE success. While a movement to form a

national Data Use and Reciprocal Support Agreement (DURSA) began in 2006, the ONC had yet to

issue a final formal template agreement for the country to adopt. The DURSA agreement would bind

data exchange participants into trust relationships that protect the confidentiality and security of the

health data exchanged. Without this national agreement, other privacy and security issues emerged as

barriers, such as interstate sharing of data, inconsistencies in privacy and consent laws and significant

differences in policies and standards.

The technical and policy issues regarding granularity of consent discussed previously have far-reaching

effects, as demonstrated in the free-text responses given by 20 HIE survey participants. Thirty-four

percent of responders specifically listed consent-related issues in their top five barriers to HIE success.

However, as mentioned before, the technical and procedural aspects of granular consent were

improving. On the policy front, HIPAA created a baseline standard that states had built upon with more

stringent guidelines resulting from the states’ specific privacy regulations. In June 2010, the ONC

charged its Health IT Policy Committee with making privacy and security recommendations in relation

to Meaningful Use Stage 1. Within the Health IT Policy Committee, the Privacy and Security “Tiger

Team” was created to explore the issues set forth by the ONC. In their August 2010 final

recommendation, the “Tiger Team” recognized the importance of “meaningful consent” and the

applicability of granular consent, but they stopped short of making a formal granular consent

recommendation. Their reasoning cited the current inability of the EHR industry to implement granular

consent, coupled with the national need for more study on the impact of using granular consent.

Financial Sustainability & Costs (21 percent)

Lack of accurate ROI data.

Insufficient public funding.

Adverse effects of policies.

High interface costs.

Vendor pricing issues.

Those respondents that discussed financial sustainability and cost barriers noted interface costs, vendor

pricing and the lack of accurate and objective ROI data as key issues that HIEs must face in their



struggle to attain financial sustainability. The services offered through these HIEs did not index directly

to HIE revenues. Public support for HIEs had not yet reached a critical mass, so expenses did not reflect

a true competitive HIE market as found with other health IT vendor market sectors. Another concern

cited for the lack of financial sustainability was a focus on programs and exchange activities that

effectively bypassed the need and business case for HIEs.

Conflicting and/or Rapidly Changing Policy (20 percent)

Meeting Meaningful Use requirements.

Implications of the PCAST report.

Federal mandates of state or federal HIEs in addition to local HIEs.

Future stages of Meaningful Use requirements.

Health reform integration.

Threat of potential requirement to sequester patient record information.

Closely related to the adverse effects of policies contributing to the financial sustainability and cost

barrier was the conflicting and/or rapidly changing policy landscape. The ARRA / HITECH Act created

state-level HIE governance entities, which many states actually used to create state-level HIEs, or state-

designated entities (SDEs.) These governance entities and state-level HIEs in some cases may have

challenged local HIEs, and may have actually hindered regional and local HIEs from expanding their

market both functionally and territorially. While this varies by geographic location, an unintended

consequence of competition (or perceived competition) across HIEs occurred in some areas. Even with

state-level entities having the best intentions in facilitating exchange within the states, stakeholders in

some cases became confused about overall strategy and purpose, and consequently were slow to join

existing regional HIEs.

To add to this landscape, the Affordable Care Act, enacted just one year later, complicated HIEs’ place

by instituting another entity (SDE or SLHIE) which had very specific goals and functionality criteria

required for success. These constant changes forced HIEs, no matter how far along in their

development, to continually reassess and redefine their organization’s role in order to continue to

demonstrate value to their constituents while looking for a long-term sustainability model. While all the

policies sought worthwhile goals, they resulted in a moving target for HIEs that further added to their

challenges in creating a robust business.

Meaningful Use requirements identified to date have proven a challenge for some HIEs due to the extent

of actual exchange requirements, as well as the available alternatives that may be easier and less costly

for providers to adopt (e.g., use of Direct to push data instead of the local HIE). In addition, Meaningful

Use requirements at the time of this survey were yet to be finalized for Stage 2 and Stage 3, leaving

more uncertainty for the role of HIE organizations. These and other efforts are believed to have slowed

adoption and participation in HIE organizations, in some cases because of their impact on stakeholder

and provider confidence in the national HIE strategy.



Lack of Patient/Provider/Stakeholder Integration (13 percent)

Maintaining stakeholder involvement.

Demonstrating value to providers.

Lack of EHR adoption despite CMS incentives.

Low trust and confidence in data exchange.

Unclear purpose of a PHR to the general public.

Lack of patient, provider and/or stakeholder integration was a barrier directly resulting from the rest of

the identified barriers. While the value of a patient’s involvement in their own care and wellness has

been clearly demonstrated in many studies, the translation of that value to the practical use of PHRs is

still largely ignored by providers as well as patients. As the barriers previously cited are resolved, this

crucial uptake and “buy-in” to the value of HIEs and HIE-tethered PHRs will dissipate as well. Through

more consistent policymaking, privacy and security standards, data and technology advances, and

availability of a qualified health IT workforce, the public’s hesitancy to participate in and support HIEs

is anticipated to diminish.

Data or Interface Shortcomings (12 percent)

Interoperability issues.

Lack of top-level domain for health data routing.

Lack of standardization of clinical nomenclature into LOINC or SNOMED.

Data entry issues.

Need for more national-level standards.

Coordination between EHR vendors, state and local HIEs.

While there have been significant EHR advancements in recent years, the industry does not have a

credible nationally recognized strict set of reference implementations for standard interface messages.

Policy thus far has defined requirements for what needs to happen, but not how to achieve it. The

competitive result of innovators on every level of the health IT development spectrum is driving the

health IT movement, but not addressing this issue at a national level. Market competition is the ideal

environment for innovation and progress; however, policy demands and public health goals require

cooperation and the implementation of uniform standards to enable safe and secure exchange of health

data. The policy-instituted certification requirements of EHRs for Meaningful Use are a step in the right

direction, but significant progress will require the close collaboration of all stakeholders to drive true

interoperability. Until that time, HIEs will be faced with building many point-to-point interfaces with

the same vendors (and multiple versions of their products) because each vendor’s product includes data

and architecture nuances that require special handling.

Lack of a Qualified Health IT Workforce (4 percent)

Lack of skilled health IT staff available at small provider level.

Lack of availability of EHR interface staff for providers.

Limited trained workforce prepared to support national HIE.



Surprisingly, the least cited barrier to HIE success was the lack of a qualified health IT workforce to

support the rapidly expanding health IT field. While this issue is being addressed through the HITECH

workforce training program and an increase in state grants for health IT education programs, the

significant shortage in workforce noted in HITECH to be an immediate barrier to EHR and HIE

implementation did not appear to be much of an issue to the HIEs participating in this survey.

Conclusion

The 2009 HIMSS Common Practices Survey was developed to gather an initial set of information about

HIEs and their development, governance, financing and architecture. This 2011 HIMSS HIE Common

Practices Survey sought to better understand HIE organizations through the use of a detailed survey

questionaire exploring the organization, service offerings, data exchange activities, privacy and security,

data management and lessons learned. The survey examined industry trends and common themes, as

well as current and future issues. As was true with the 2009 survey, all information developed and put

forward in this document was compiled by the authors based on the survey responses and no attempt

was made to verify responses. All survey information used in this report was self-reported.

This survey has identified many interesting trends and barriers to the future of HIE and its changing role

in healthcare delivery based on the responses of the survey participants. What seems certain from the

growing number of HIE entities, despite the barriers and challenges noted above, is that HIE will have a

definite place in the future of health IT. As more stakeholders understand the value of the utility of HIE

and adopt an attitude of sharing data for the betterment of patient care and safety, HIEs will find

sustainability and will even prosper. While exchange of data between stakeholders will continue to be

an early win for HIE organizations, more effort will be placed on the high value gained from

aggregation of a patient’s longitudinal record and its use in disease management. Finally, stakeholders

who come together with a shared vision of creating a common data architecture and a shared repository

of community information which can be leveraged at the local and regional level (as well as at the

national level) will all benefit. These common goals will improve overall and individual patient care

quality, while managing costs to remain competitive.



Acknowledgements

HIE Committee Common Practices Workgroup

This white paper was developed under the auspices of the 2011-2012 HIMSS Health Information

Exchange Committee. Special acknowledgment and appreciation is extended to David Minch and

Helen Hill for serving as primary authors of this paper. The HIE Committee Common Practices

Workgroup members and student interns who participated in development of the white paper are:

Helen Hill, FHIMSS

Henry Ford Health System

[email protected]

David Minch, FHIMSS

John Muir Health

[email protected]

Veronica McCoy, RHIA

Project Intern

[email protected]

Ashley Swain, MS

Project Intern

[email protected]

Steven Ton

Project Intern

[email protected]

HIMSS Staff

Pam Matthews, RN, MBA, CPHIMS, FHIMSS

Senior Director, Regional Affairs

HIMSS

[email protected]

Julie Moffitt

Coordinator, Regional Affairs

HIMSS

[email protected]

The inclusion of an organization name, product or service in this publication should not be construed as

a HIMSS endorsement of such organization, product or service, nor is the failure to include an

organization name, product or service to be construed as disapproval. The views expressed in this white

paper are those of the authors and do not necessarily reflect the views of HIMSS.

mailto:[email protected]









Appendix A: Survey Methodology

The purpose of this project was to determine practices and activities across HIE organizations, and to

determine significant changes in responder activities between the 2009 project and the 2011 project.

The HIMSS HIE Common Practices Workgroup reviewed and updated the 2009 HIE Common Practices

Survey questionnaire, based in part on comments from that survey analysis for use in this project effort.

The survey was administered between January and April 2011, utilizing an online survey tool. The

workgroup compiled a list of potential target HIE organizations from several industry publications.

Outreach methods for contacting targeted organizations included e-mail, general announcements in

HIMSS volunteer publications and personal contact by workgroup members. This outreach effort

resulted in thirty-eight organizations participating in the in-depth survey project. The attached report

reflects the information as it was reported in the survey by these participating organizations. All survey

results were self-reported and no effort was made toward additional verification of the survey data

received from the participants.

An online survey tool was used to administer the survey questionnaire, providing the ability to capture

data in a tab-delimited format for ease of import into statistical analysis software tools. When opened in

a table format, the header for each column was the question that was presented to the survey participant.

The corresponding rows represented the unique participants and their responses to each survey question.

In this 2-dimensional array format, an analyst can quickly identify trends in the survey results, allowing

further drill-down using statistical tools.

The breakdown of the questions into independent columns depended upon the available parameters for

that question. For simple Boolean questions, where the available responses were limited to only yes or

no or true or false, these parameters were represented as click boxes or radio buttons to the user, and

recorded as pre-defined strings in the dataset. It is self-evident that these types of questions are the

simplest to quantify and assess. However, only a few of the questions were captured using this highly

rigid method.

Another type of survey question allowed the user to “select all that apply.” These questions presented

the participant with a pre-defined list of available parameters to be selected by clicking the

corresponding checkbox. Many of these questions included an option entitled “Other,” which could be

selected by the participant to allow for free-text to capture responses that were not given as selection

options. This type of question produces two challenges. First, the survey tool produces a simple text

string which is the concatenation of all the options selected by the participant. The concatenated string

must subsequently be broken down into manageable fragments for accurate assessment by the analyst.

Second, when the “Other” option is utilized, the free-text responses cannot be predicted and require

individual analysis and aggregation. The challenges of these free-text responses are further elaborated

below.

In the most general terms, the greater the amount of survey rigidity (i.e., pre-defined options,

checkboxes or selection tools) the easier the survey analysis process will be. Consequently, increased



complexity and analysis difficulty will arise with increased response flexibility, due in part to the

unpredictability of responses.

The final type of question utilized was the open-ended, fully free-text question. These provided the

greatest flexibility for participant responses, but also posed the greatest challenge for the analysis team

when performing assessments. As the answers given in free text boxes cannot be readily predicted or

easily correlated, the use of computerized quantification or interpretation is greatly limited. Open-ended

survey responses require careful review by the analyst to fully assess and interpret the meaning of the

response.



Appendix B: Survey Questionnaire Tool

The following is an abbreviated version of the tool used.

Primary Information

1. Please provide the following information: Organization Name Organization URL Primary Contact Title Address, City, State, Zip Phone Number E-mail Address

2. Please provide the name and contact information for the person completing the survey.

3. What is your HIE’s organizational type?

4. Did your organization participate in the HIMSS 2009 HIE Best Practices Survey?

5. Did your organization begin during the 2010-2011 period?

6. Would you and the organization you represent agree to be identified as survey participants in this study and in the resulting report?

7. Is your organization still in operation?

8. If the organization has ceased operations, please indicate the following:

9. Is the HIE still actively exchanging clinical data?

10. Are you under a contract to begin data exchange activities in 2011?

Location Information

11. Where is the primary office location of your organization?

12. HIE population coverage: Does your HIE cover a specific geographic region, or is it federated and not geographically bounded?

13. Please indicate your HIE’s primary covered population.

14. Does your HIE include a large medically and/or economically underserved population?



HIE Entity Formation & Organizational Description

15. What is the date the organization was founded?

16. What is the date of incorporation?

17. What is the organization type?

18. Indicate the HIE’s primary reason for operation.

19. Identify the lead stakeholder organization(s) for the HIE if there is a leading organization or group of organizations.

20. Identify the fiduciary/incubator for organization.

21. Prior to the organization’s start-up, please indicate which budgets were completed.

22. Does your organization currently maintain any plans and budgets?

23. Please indicate all the types of stakeholders who are currently participating in your HIE organization.

24. Please describe the “Community-based Safety-net Organization” stakeholder.

25. Please describe the “Long-term Post-Acute-Care Facilities” stakeholder.

26. Please describe the “Quality Reporting Organization” stakeholders.

27. Start-up initiative: Choose the type of initiative that best describes how the HIE was initiated or convened.

28. Are the initial founders still involved?

29. Did you pattern your organization’s implementation model after another HIE or another successful data sharing/exchange model?

30. If yes, please describe.

31. Did you follow a pre-established implementation guide for creating your HIE?


Participation Agreements & Oversight

33. Does the organization use a participant agreement with the stakeholders?

34. How is your organization’s governance board structured?



35. Management: Is the organization managed by a paid individual who is part of the organization’s staff, or is a contactor managing the organization?

36. If “Neither,” please explain how the organization is managed.

37. Oversight: Individuals who perform the organizational oversight (e.g., board-level direction) are primarily from what type of organization?

Funding & Operations

38. Funding Sources: Specify current funding sources for your organization. (Please select ALL that apply)

39. Indicate types of fees charged by your organization.

40. Has your HIE received any planning grants?


42. Are you now or will you be receiving any of the following HITECH/ARRA funding?

43. If you selected “State-level HIE funding” in the previous question, are you the State-Designated Entity (SDE)?

44. Are you involved in any other federally funded IT programs?

45. If you answered, “CMS Innovations,” please describe the specific award.

46. If grants and other beneficial funding were to be removed from the organization’s sustained cash flow, how long would the organization survive?

47. What are your budgeted operating expenses for the current fiscal year?

48. What are your projected capital requirements for the current fiscal year?

49. Have you deployed any measure to determine ROI and/or benefits realized from the data exchange?

50. If yes, please provide a brief description of the measurements and current results.

Data Exchange Activities

51. When did you begin implementation of HIE services?

52. Did you use a primary vendor to provide these services?



53. If yes, please name the vendor.

54. If no, please describe the approach.

55. When did you start pilot exchange activities?

56. What date did the organization begin production of clinical data exchange?

57. What basic data exchange/sharing services does your organization currently provide or is contractually committed to offer in 2011?

58. What clinical products and services does your organization currently provide or is contractually committed to offer in 2011?

59. What financial/administrative products and services does your organization currently provide or is contractually committed to offer in 2011?

60. What healthcare outcomes: Data quality and research products and services does your organization currently provide or is contractually committed to offer in 2011?

61. Are there other services that were not listed?


63. Transaction Categories and Volume: Please indicate the types of transactions your HIE processes and, if known, the percentage of total transactions each category represents.

64. Inquiry and Push Transaction Volumes: Please indicate by percentage of total transactions moved through the HIE.

65. What is the scope of your organization’s current data exchange activity?

66. If one way, is bi-directional data exchange planned?

67. Does the organization measure its data exchange activity?

68. If yes, what measurements are used?

Technical Aspects of the Organization

69. Did you consider system architecture before the HIE was organized?

70. What is the overall architecture of the HIE?

71. Where do the organization data exchange activities operate from?



72. What business continuity features does the HIE have?

73. Indicate the organization’s network requirements to the end user.

74. Please describe the Internet access requirements.

75. What are the designed/contracted service levels for the HIE?

76. Is SOA (service-oriented architecture) used?

77. Are open-source software products used in providing HIE services?

78. If yes, please provide a brief description of which open source products and which open source functions.

79. If available, please provide the URL for a web site or other location where we could find a high-level architecture diagram showing your technical architecture.

80. Was the technical architecture a result of which vendor was chosen to implement the HIE?

81. Please list the key technology vendors supporting your organization’s health information exchange activities.

82. What was the strategy for development of your HIE services?

Privacy & Security

83. Select the security controls and strategy used for exchange of information through the HIE. (Please select ALL that apply)

84. Please indicate the patient privacy consent method used.

85. Please identify the granularity of consent.

86. Indicate the new ARRA/HITECH requirements that your organization supports or plans to support by the compliance deadline.

Data Management & Standards

87. What is the strategy for management of data within the exchange?

88. Do you have a person in a health information management position who is managing/monitoring the HIE’s data?



89. What are the data encoding standards supported?

90. What are the messaging standards supported?

91. Is your organization using CAQH CORE (HIPAA X12 reference implementation guidelines) implementation guidelines?

92. Is your organization using IHE (Integrating the Healthcare Enterprise) implementation profiles?

93. Is your organization participating in any of the ONC initiatives?

Lessons Learned & the Next Horizon

94. Please provide a brief description of any pitfalls or lessons learned that may be helpful to others embarking on the establishment of HIE organizations.

95. Do you have plans to interoperate with PHRs?

96. If yes, please describe the type of PHR (payer’s PHR, vendor PHR, such as Google, etc.) and the approach that is being discussed.

97. Do you have plans to interoperate with data banks?


99. Do you currently allow individuals (patients) to access the HIE?

100. If yes, what services are they allowed to access (i.e., PHR)?

101. If no, do you have plans to allow patients to access the HIE in the future?

102. Are you currently using or planning to use any of the following in your HIE?

103. Please list your top five HIE industry issues and/or concerns.

himss hie common practices survey - amazon s3s3.amazonaws.com/rdcms-himss/files/production/... · a...

Documents