spacer spacer

FAQs

About Connecting for Health

What is Connecting for Health?

Connecting for Health is a public-private collaborative made up of leaders and innovators from more than 100 organizations committed to enabling health professionals and patients to use information technology to share information that results in the best care possible in emergency and routine care situations, as well as managing chronic illness.

Connecting for Health was created by the Markle Foundation, and is led and managed by Markle staff. Both Markle and the Robert Wood Johnson Foundation fund the collaborative.

What is the mission of Connecting for Health?

Connecting for Health believes the ability to deliver medical information where and when it is needed in a private and secure manner will help to improve the quality of care, reduce medical errors, lower costs and empower patients. As a result, Connecting for Health has focused on …

  • Promoting consumer involvement in healthcare
  • Building locally & nationally
  • Developing tools for Health Information Exchange (HIE)
  • Enabling better health through information sharing.

What are some of Connecting for Health's accomplishments?

Connecting for Health has played a leading role in defining the policy and technical challenges in health care connectivity and information exchange. In 2004 the organization built broad consensus on how to address these challenges by releasing a "Roadmap Report: Achieving Electronic Connectivity in Healthcare." This report has become a widely influential blueprint for policymakers and other national leaders engaged in enabling nationwide electronic health information exchange.

In 2005, through a joint response to federal government Request for Information (RFI), Connecting for Health delivered a "Common Framework" of shared technical standards and policies and publically released its model and supporting principles in April, 2006.

Why is the public-private collaboration so important?

The effort to bring electronic connectivity to our current inefficient and error-prone paper-based healthcare system is over two decades old, the highly fragmented nature of the industry has prevented much progress from being made. Connecting for Health has demonstrated that bringing together the knowledge and experience of the public and private sectors can provide a formula for progress and has proved successful in finding the common ground and building consensus that all stakeholders can agree with.

Overview on Health Information Exchange

What is the definition of Health Information Exchange (HIE)?

According to the Wikipedia definition: HIE is defined as the mobilization of healthcare information electronically across organizations within a region or community. HIE provides the capability to electronically move health care information between various systems while maintaining the meaning of the information being exchanged. In other words it is the set of technologies that brings all the personal health information required to make safer, more informed decisions at the point of care.

What is needed in order to share information across various settings?

Exchange of information (not just data) requires the communicating parties to agree on a common language so all systems understand what is being asked for and how to deliver it, a communication channel which is how the information gets delivered, and a set of rules for the exchange which are typically referred to as "standards". This requires both the technical standards and the policies that assure the exchange is access only when appropriate and with required consent.

What is meant by the term "interoperability"?

Patients and their caregivers will have the information they need at the time they need it. Consumers will have choice and portability of their health information, payers would save money and researchers and public health would have access to better information resulting in a healthier America.

How successful are health information exchange efforts?

Despite the widespread interest and promising of operational programs across the country, relatively few health care institutions are engaged in the exchange o information on a routine basis across entities within their region. This exchange has been hindered by the cost incurred to achieve standards required for exchange, by distrust, lack of incentives, and confusion over legal and privacy regulations.

What are some of the key challenges in creating health information exchange?

The idea of sharing information across systems and between individuals and organizations is not a new idea. Numerous attempts to build health networks have failed to overcome some of the most fundamental obstacles including:

  • Technical
  • Policy
  • Educational & Training
  • Financial
  • Competition

How are these challenges being met?

With a set of agreed upon model contracts, policies, principles and guidelines–A Common Framework.

Overview of the Common Framework

What is The Connecting for Health Common Framework?

The Connecting for Health Common Framework: Resources for Implementing Private and Secure Health Information Exchange is a set of free resources for individuals and organizations interested and ready to create private and secure health information exchange. The approach is such that information exchange can take place among existing and future health care networks over the Internet if all participants adhere to a small set of shared rules.

  • The Common Framework is the minimum necessary set of rules or protocols for everyone who shares health information to follow.
  • Helps organizations overcome the barriers without "reinventing the wheel"
  • Enables nationwide interoperability…avoiding isolated islands of information
  • Builds trust

What are some key concepts of the Common Framework?

Inherent in this new Framework is some universal and fundamental ideas including:

  • Information stays where it is, at the source–where it was created by physicians, other healthcare professionals or the patient. No centralized database.
  • Separating "clinical information" from demographic information through use of indices.
  • Specific information is share only when and where it is needed
  • Sharing of information does not require an all new network or infrastructure, no rip & replace
  • Sharing does require adhering to the concepts of a Common Framework.

What resources are included in the Common Framework?

The Common Framework is made up of

  1. a set of technical rules and standards that allow systems to "talk to" or communicate with one another,
  2. a set of policies on how to handle information and build "trust" and,
  3. model contractual language that holds it all together.
The Common Framework is more than just the individual documents themselves, but more importantly the concept of establishing and adhering to policies that are intertwined with the decisions regarding technology–the two must be are continuously linked.

Who will find the Common Framework most useful?

The Common Framework is a resource available to organizations interested in creating private and secure health information exchange with others through a decentralized approach. It provides different models to consider–there is not one "right answer". It is intended to provide useful guidance and tools but does not address all the potential issues an organization may encounter.

The Common Framework is still evolving. As organizations begin to work with the Common Framework, we are able to identify areas for improvements to better meet the needs of communities. We are working on how patients/consumers can access their own information as well as how public health can benefit.

Technical Principles

What are the Technical Principles?

The technical approach maintains local control of patient health information and decisions about how that information is used. This approach protects patient privacy by keeping the information resident at the source, with the doctors and institutions that patients know and trust. There are eight key technical principles which include:

  1. Make it "Thin"
  2. Avoid "Rip and Replace" -use systems and infrastructure that currently exists.
  3. Separate the applications from the network
  4. Decentralized-access the right information from the right place when you need it
  5. Federation-participants in the network agree to comply with principles
  6. Flexibility-allows for use of existent hardware & software minimizing investments
  7. Privacy and Security
  8. Accuracy-in identification of both patient and their records

What type of capital investments will one have to make in new technology and support?

The Common Framework advocates for use and reuse of the investments you've already made. This means that you can avoid large-scale disruption and huge up front capital investments by using existing hardware and software.

What applications does one need to purchase to share data across the network?

The Common Framework focuses on network communications and not on specific applications or the features and functions of the medical record or CPOE systems that it connects. This approach allows for maximum flexibility and provides great market opportunities for innovation in creating new products.

If there is no centralized repository of records, where will the information be stored?

The beauty of this federated model is that records continue to be stored where they are now, with the patient's doctor or institution. This "decentralized" approach allows for control of patient records to be kept at the local level, minimizing risk to privacy and security and empowering the patient as to who should and should not see their information.

Without a national identifier, how are patients and physicians authenticated?

The use of a Record Locator Service (RLS) provides authorized users access to and identifies the location of health records across the network from many different locations where care has been rendered. This is a directory and registry service that contains a minimum set of demographic information such as first and last name, date-of-birth, gender and zip-code and uses matching algorithms for accurate identification of the patient and where their records are located across the system.

Policy Principles

What are the Policy Principles?

While one set of obstacles to widespread health information exchange is technical, another set of obstacles has to do with policy–particularly privacy concerns. The Connecting for Health approach advises that the following nine principles be balanced together and considered as part of one package - elevating certain principles over others will weaken any overall architectural solution to privacy protection in a networked health information environment.

  1. Openness and Transparency
  2. Purpose Specification and Minimization
  3. Collection Limitation
  4. Use Limitation
  5. Individual Participation and Control
  6. Data Integrity and Quality
  7. Security Safeguards and Controls
  8. Accountability and Oversight
  9. Remedies

Why is it important to create a health information exchange using both technical and policy principles in parallel?

To truly share information in a way that is trusted and effective, the policies that establish who has access to health information, what uses of information are acceptable, the extent to which patients can give or withhold access to their information, and the design of privacy and security safeguards must be created in parallel with the design and deployment of the technology so that the architecture and applications support these principles.

What is meant by transparency as it relates to the way data is handled?

This idea promotes individuals having knowledge or being informed regarding what information exists about them in the data market and in government databases. Individuals should also be able to track how that information is used, and by whom, and should be able to control how that information is disseminated. Key to this premise is that choice is critical; control of the information rests with persons, not with data aggregators or data users.

What prevents a health information exchange from using my information for other purposes?

To ensure privacy and security of health information, the second principle, 'Purpose Specification and Minimization' emphasizes that data should never be collected without the individual knowing what is being collected, why it's being collected and how that information will be used. This allows the individual to give their informed consent to any act of data collection and the assurance that its use is specific to the original stated purpose.

What precautions should a health information exchange take to prevent breaches in privacy?

The Common Framework addresses this issue with several recommendations. Reasonable security safeguards should be built and implemented against loss, unauthorized access, destruction, use, modification, or disclosure of personal information. It is also recommended as a policy that anyone who collects, accesses, or sends data should be mandated to immediately disclose any security breach through direct communication to those affected.

What other protections are currently available to protect the privacy and security of health information?

There are several existing policies, both at state and federal levels which deal specifically with data protections, however, these were developed for the most part in a paper-based world of health care delivery. Some of the principles are upheld unevenly, and in different ways, across states. The diversity in state laws and variation in adherence to these laws, clearly illustrates the need for a set of rules that will keep pace with technological advances and policies established and adopted that will protect individual privacy.

How should the nine principles be applied to achieve success?

Applying these principles together results in an integrated and comprehensive approach to privacy that can help overcome the challenges of protecting privacy and confidentiality in the current fragmented health care delivery system. These principles are broad enough to apply across organizations and key stakeholders, yet specific and tangible enough to achieve practical outcomes.

What data is included in a health information exchange?

There are two types of information related to health information exchange. The first is simple demographic information like name, gender, date-of-birth and address. This information is used by the Record Locator Service (RLS) to identity if and where additional information exists for an individual. The second type of information is clinical in nature, such that is found in patient medical records. This information is not part of the RLS, but can be accessed separately from the physician practices or institutions where those records exist.

How do patients provide consent for their information to be shared in a health information exchange using a Record Locator Service?

To protect patient privacy, the Record Locator Service holds only a minimal amount of information which is not clinical or considered "protected health information (PHI)". It relies on the participating institution or physician to decide in the first instance whether to load patient demographic information into the RLS, but leaves the decision as to whether or not to release clinical or PHI information with the individual institution or provider holding the records, acting in compliance with its own disclosure and patient consent policies.

Standards

Why are standards important?

In order to share critical information across various health care settings, systems must be able to interoperate with one another. When systems and applications are designed and executed without using common industry agreed upon standards the result is:

  • Clinicians are providing care without knowing what previous treatments or procedures the patient may have had, resulting in redundant, costly and sometimes dangerous treatments.
  • Patients who wish to work in partnership with their physicians to manage their health care often have inadequate information, resulting in lower quality outcomes and higher costs.
  • Clinicians are often unable to access usable information that would enable them to both avoid preventable mistakes (patient safety) and apply research breakthroughs to benefit their patients (evidence-based care).

Adoption of standards will help clinician's better meet the needs of their patients while empowering them to measure and improve outcomes.

What is a standard?

A standard is a published specification that establishes a common language, and contains a technical specification or other specific criteria and is designed to be used consistently, as a rule, a guideline or a definition. The specific data and supportive process must "match" at both the source and destination computer systems–which is only achievable with the industry using the same standards. The standards are the fundamental building blocks essential for the information sharing in a health information exchange.

What makes the need for standards more compelling in today's healthcare delivery system?

First and foremost, the events of 9/11 and its aftermath have painfully highlighted the fragmentation of health care information. Public health has long been constrained by its reliance on primarily paper-based reporting from health care providers. However, as the nation struggled with the threat of broad-scale bioterrorism, it became evident that we did not have the necessary national capacity to collect and analyze critical health information. A National Health Information Infrastructure would dramatically improve the capacity to monitor and detect disease outbreaks. As a result, the political will to support change, absent in the past, has grown considerably.

Second, there is growing pressure to control spiraling health care costs while maintaining and improving quality of care. The same inability to collect and share information that was seen on a national basis post 9/11 also affects individual patients at the point of care. Standards would both enable both significant financial savings and safer, more evidence-based care. Finally, technological barriers to interoperability are disappearing as computer advances allow us to affordability interconnect a geographically dispersed set of participants. Meanwhile, adoption of standards will provide the developers of new technologies and pharmaceuticals a consistent data framework that will reduce development time and costs and further speed innovation.

The Prototype Experience

Has the Common Framework been used in a real-life implementation?

The Connecting for Health's Three-State Prototype for nationwide health information exchange was initiated in 2005 to electronically exchange information using the concepts of the Common Framework. Three states including California, Indiana and Massachusetts will electronically share health information based on common, open standards and robust policies to protect privacy and security of health information.

How and why were California, Indiana and Massachusetts selected to participate in the prototype?

Each of these three communities represented very different approaches to storing and retrieving a patient's medical information electronically, and they were in varying stages of developing their own community-wide electronic exchange networks for local health providers. Because each community operates on a different technology platform, with a different array of hardware and software, they were selected to demonstrate that technological diversity is not a barrier to interoperability.

How is the 'prototype' different from other established networks?

While other networks exchange information in the same locality using the same system, the Connecting for Health prototype is the first to exchange personal health information among technologically diverse and independent networks located in three different regions across the United States.

What were the initial results of the prototype?

The initial results of the prototype in enabling the sharing of health information electronically across diverse technical platforms and among three disparate communities including California, Indiana and Massachusetts was deemed highly successful. The prototype demonstrated that using a Record Locator Service (RLS) is a viable means of supporting a federated and decentralized approach to identifying and exchanging health information in a secure and private manner. The prototype experience showed that local networks and other organizations can communicate with one another using a decentralized model that adheres to the Common Framework, avoiding the need to create a "one-size-fits-all" network or a national database.

What is the impact of the prototypes initial success?

The success of this initial phase of the prototype is instrumental in advancing the national health information environment that Americans want. Although this work is still in the early phases, it is demonstrative of how successful exchange programs can be created using an organization's existing resources and enhanced in an incremental fashion. Enabling patients and their physicians to send and receive medical information where and when they need it, in a secure manner does not need significant capital investments –and allows for the information to stay local, at the source with the clinicians and patients who create it.

Thorny Issues to Solve

What is the difference between a centralized and decentralized data model for health care information exchange and are there other models to consider?

There are several distinct types of data models as well as some hybrid systems. The following are brief descriptions of each of these models.

Centralized Systems
typically store all patient and clinical data in one central database that is accessible to all participants with appropriate user rights. Individual organizations would "upload" patient information to the central database on some agreed upon schedule. Each participating entity would have to adopt computer applications that were technically compatible with the central data repository.
Decentralized or Federated Systems
share medical data, by each participating organization such doctor's office, hospital, and laboratory or pharmacy collecting and storing information on its own separate computer systems. These individual systems are then linked by a record locator service (RLS) that allows participants to search for health records on each of the other systems using patient indexing/identification software. This allows the records to remain intact at the source, where the information is initially created.
Point-to-Point Systems
are best characterized when health care providers share patient data on an ad hoc basis in an agreed upon format. There is no shared database or established network among the providers specific to this purpose, rather leveraging the systems that are currently in play today, using paper medical records, email or fax.
Hybrid Systems
combine some of the unique characteristics of the centralized and federated system models. Some information would be uploaded to a centralized database that integrates the information from each of the participants in a uniform format, which some information can continue to be stored at the individual participant's computer systems. These two approaches could than still be linked together using an RLS for patient identification.

What are the benefits of a decentralized over a centralized data model for health care information exchange?

To protect patient privacy and security the decentralized or distributed databases create, access and store information giving the patient and the organizations that care for the patient ultimate control of the data. This approach minimizes the risk of misuse by ensuring there is no single repository holding all identifiable clinical data. The decentralized data model avoids large scale disruption as well as huge up-front capital investments by making use of existing hardware and software. Organizations can leverage the investments they have already made in technology infrastructure and this flexibility enables continued innovation and customized solutions to meet the needs of the local and regional exchange systems.

Is this approach more secure than our current paper-based model?

Today's paper-based system can be more susceptible to inappropriate access of information. Medical files during working hours are left in file cabinets that may be unlocked, they are readily accessible in slots on the exam room doors, they sit on billing clerk's desk or in carts in the chart room waiting to be refilled, or couriered from one facility to another depending on where the patient is receiving care. Unfortunately there is no failsafe answer to the policy problems associated with sharing health information. It is impossible to guarantee 100 percent privacy and security of health information even in the current paper format. One advantage of an electronic exchange model is that audit trails are built into these systems which allow for identifying who accessed what information when on an individual basis.

How is privacy protected when personal health data moves from one place to another?

The Common Framework discusses and explores this issue in regards to establishing and enforcing policies and for data security, authentication and individual privacy. Other areas that help to protect privacy and security of the information is from a technical perspective in building into the system audit and monitoring functions, access control, user authentication and sanctions for breaches in any of these areas.

How does one know the health information received from other sources is accurate?

The beauty of an electronic health information exchange is that built into the system are mechanisms to protect the data and prevent misuse or unwarranted changes. The Common Framework discusses these issues in several of its policy principles including Data Integrity and Quality, Individual Participation and Control, Security Safeguards and Controls as well as in the technical guide for Background issues on Data Quality. Current best practice calls for physicians to always validate information with their patients during each visit encounter to assure validity and accuracy of the information.

In the decentralized data model, what is the process for notification and consent of accessing health information?

The advantage of using the decentralized model is the function of the Record Locator Service (RLS) which only contains patient names and demographic information. This is kept totally separate from any clinical records. Providing transparency and individual control with regard to the RLS helps ensure that the system is adequately and securely populated with patient information to as to be a useful and viable tool. Its design relies on the participating organization or provider to decide in the first instance whether to load patient demographic information into the RLS. The decision as to whether or not to the release clinical records, is left up to the individual organization or provider that holds those records, acting in compliance with its own disclosure policies and the stated desires of the patient.

spacer		 spacer
  Site Map Mailing List Web Policies Markle Foundation Home