Health information exchange (HIE) networks have always understood the importance of gaining patient and provider trust. However, beyond describing the privacy and security policies and procedures they establish to protect the information they exchange, they have largely had to ask patients and providers to have faith—faith that those policies and procedures were in place and being followed.
Third-party validation is now an option. A new HIE accreditation program from the Electronic Healthcare Network Accreditation Commission will test HIE networks against quality standards, offering stakeholders assurance that an HIE is sound and trustworthy.
The program, launched this spring, is voluntary, but HIE accreditation may become the norm in time. The increased focus ARRA has brought to HIE suggests that federal requirements for HIE accreditation may be on the way, and some states are already considering accreditation requirements.
Self-assessments, Site Visits
EHNAC’s Health Information Exchange Accreditation Program is designed for HIE organizations and stakeholder groups that promote clinical data sharing across multiple entities.
The program assesses an HIE’s privacy policies, security measures, technical performance, business practices, and organizational resources against set criteria, according to Lee Barrett, EHNAC executive director. The nonprofit organization also offers accreditation for other healthcare sectors, such as clearinghouses and e-prescribing providers.
Currently, EHNAC is the only group offering HIE accreditation, Barrett says. The Certification Commission for Health Information Technology began work on an HIE certification program in 2009 but put development on hold earlier this year.
EHNAC began program development by assembling industry representatives from about 30 public and private organizations to develop the criteria.
“We are hopeful that what we have created—jointly with the industry—is a set of baseline criteria that everyone can look to adopt and support, so that it becomes a baseline for any HIE,” Barrett says. “I think this will help the whole aspect of trust that an HIE is trying to establish with stakeholders.”
In order to become accredited, HIEs must submit a self-assessment and receive a site visit from an EHNAC reviewer.
“The site reviewer goes out and reviews the organization, for example, in relation to their physical security, what they are doing as far as passwords and protections, how the organization is set up, and if they have a computer room, how that is secured,” Barrett says. “The physical audit ensures that what the organization has submitted is in fact the case.”
Federal Requirements to Come?
HIE accreditation is currently voluntary, although Barrett says EHNAC is in talks with several US states interested in making accreditation mandatory.
National requirements for HIE accreditation might not be far off, either. The federal government is considering rules that would require all HIEs to receive accreditation, a provision included in the recent ARRA certification standards notice of proposed rulemaking.
The federal government sees a network of HIEs as an essential piece in achieving nationwide health information exchange. HIEs connect regions of healthcare providers, and in theory could be connected to one another to form an interconnected nationwide network.
The government’s support of HIE development was clear this spring, when the Department of Health and Human Services awarded $547 million in grants to 50 states and several territories to help build and support regional HIEs. In addition, ARRA’s “meaningful use” incentive program requires that EHRs must be able to exchange health information beyond their own organizations.
Strong public and private investment in RHIOs and HIEs increases the importance of accreditation, Barrett notes. If the government is going to invest millions of dollars into HIEs— and if providers and patients are going to trust sensitive medical information to the groups—it would reassure all stakeholders if the HIE organization could point to a respected accreditation as a seal of approval on its solvency, he says.
“I think ARRA and HITECH really create the catalyst for this to actually take off in the next few years,” Barrett says.
That is good for HIEs, Barrett believes, because establishing trust is essential for every HIE’s survival. “I believe accreditation will be critical for HIEs as they market their services,” Barrett says. “They can say, ‘This accreditation shows we have the right infrastructure and the right capabilities.’”