Why is healthcare so slow to enable health information exchange, and what can we do about it?

As the healthcare industry moves toward a preventative care model, technology is playing an increasingly critical role at all levels – from CIO, to clinician, to patient. To make new models of emerging, value-based care a reality, healthcare providers are working to improve the speed, quality, safety, and cost of patient care through electronic medical records (EMRs). Though more providers are fast-tracking EMR adoption, the healthcare industry has yet to make safe and effective electronic sharing of patient data a reality.

Though efforts have long been underway to promote effective health information exchange (HIE), there are still technological, organizational, and financial barriers that prevent the healthcare industry from realizing successful nationwide data exchange. To address the issues preventing safe and effective data exchange, I recently joined a group of healthcare industry experts at MassTLC’s 2015 Healthcare Conference for a panel titled, “Streamlining Health Information Exchange.”

@Imprivata's @arnyepstein on #HIE panel w/ @InterSystems @GetReliant @lstuntz @BCBSMA #MTLChealth @MassTLC pic.twitter.com/YzzvOgHQZD

— Imprivata (@Imprivata) December 10, 2015


Among the key obstacles highlighted by the panel are:

Organizational barriers

Patient data gets trapped within individual institutions because it’s incredibly difficult to exchange information across organizational boundaries. Only about half of behavioral health providers have EMRs in place. For a provider with an EMR to communicate patient information to one without, the provider needs to revert to paper, fax, or phone. And when providers are enabled to communicate electronically, exchange of patient information requires patient consent, so many still revert to paper rather than spend the extra time to get patient approval.



Lack of national standards

EMRs don’t speak to each other, even those within the same healthcare system. There is no national standard for the terminology used by providers in their EMR. Providers are required to spend unnecessary time and money to map multiple EMRs to a common terminology. Within one system there may exist 40 different EMRs. That’s 40 different vocabularies that need to be mapped to each other.

Budget constraints

Providers have on average 1-3 percent of their budget to spend on IT, and HIE tends to fall to the very bottom of that short list of IT priorities because it can be expensive and difficult to implement. CEOs and Boards aren’t quick to invest in HIE either, because they often don’t see the long term value it can bring by improving readmission and discharge, and increasing referrals.

Cybersecurity concerns

Healthcare data breaches are becoming more and more prevalent and EMRs are prime targets for phishing attacks and identity scams. Patients who feel that their personal information is at risk in an EMR may withhold information from providers, which in turn prevents effective HIE.



We discussed an array of solutions that, in combination, can lead providers, and the healthcare industry as a whole, to gain greater value from EMRs, with successful HIE. These include:

Moving from document exchange to API-based exchange

Define our common industry vocabulary as in object model and enable innovation and flexibility in the ways data can be obtained and presented. As in other industries, a successful API for healthcare will come from people solving the problem and not from a standards committee. FHIR is a great first step in creating a de facto API standard for HIE. Once we have a workable de facto standard, then it can be handed over to a standards committee for nurturing.

Proving the value

IT leaders need to take the lead on escalating data exchange up the priority chain. CEOs and Boards who understand the long-term value and cost-savings in effective HIE have historically been quick to invest in it.

Investing in risk management

Providers need to spend the money upfront to expose weaknesses in their systems. They’ll save money by preventing hackers from gaining access in the future.

Leveraging technology for safe interchange

Insecure passwords are the first way in to any system. Providers should secure EMRs by doing away with passwords. Solutions include implementing multi-factor authentication with proxy cards or fingerprint scanning, and adding additional layers of protection such as single sign on software or biometric identification to further ensure the security of patient information and patient identifiers.

We have our work cut out for us, but I agree with my fellow panelists that we can work toward effective HIE and make data exchange a reality in healthcare.