Section 3.

1 Exchange Readiness
HIE Technology
This tool provides an introduction to the technology used in a health information
exchange (HIE) service.
Instructions for Use
1. Review the types of technology in an HIE and its uses as you evaluate your health
information technology (HIT) options.
. Revise policies and procedures for o!taining consent" as applica!le" should you
participate in a health information organi#ation (HI$).
HIE Technical Services
The following is a depiction of HIE technical services within the two main types of
HI$ architectural models% federated and consolidated. The !lac&" curved lines depict
the federated model and the red" straight lines depict the consolidated model.
'ithin a given HI$" which may include an integrated delivery networ& (shown on the
right)" the federated model of exchange would occur !y (1) the re(uesting
organi#ation initiating a re(uest to the HIE service to determine if a person has
information of interest within the HI$. The HIE service would ma&e sure that
Section 3.1 Exchange Readiness HIE Technology - 1
the re(uestor is authori#ed" authenticated" and has access privileges to the
information and that the person has provided consent for that re(uestor to
disclose the specific information !eing re(uested. () ) yes*no response would
!e returned to the re(uesting organi#ation. (+) The re(uesting organi#ation
would in turn issue a re(uest to receive the information and transmit this
information to the supplying organi#ation within the HI$. (,) The supplying
organi#ation would supply the information in the format agreed upon !y the
various data sharing and participation agreements.
In a consolidated model" all processes are essentially the same" !ut the HIE service
does not need to negotiate the external point-to-point transactions re(uired in the
federated model. ) misconception a!out the consolidated model is that all data
are pooled. .ore often than not" data from each organi#ation are separated !y
logical" if not physical vault-li&e" controls that ensure only data authori#ed for
disclosure may !e disclosed. .any fear that a consolidated model is less secure
and affords less privacy. However" if centrally managed !y an organi#ation that
utili#es super! security controls and strong HIE data stewardship principles (+.
HIE /ata 0tewardship) that model is very li&ely to !e at less ris& than a point-
to-point model where the strength of the security e(uates to that maintained in
the wea&est organi#ation. 1efore passing 2udgment on any model" privacy and
security controls must !e understood.
HIE 0ervices include%
Directory services provide person identification (3I/) and record locator services.
This affords the a!ility to identify individuals and to lin& them to potential sources
of information. Ensuring accurate identification is a challenge in an HI$" as each
participating organi#ation will have its own medical record num!er or person
identifier. In the a!sence of a national uni(ue identifier for health care" a matching
process is used for positive person identification when any participating
organi#ation see&s to find information within the HI$ for a given person. In
addition" a record locator service (R40) may !e needed. In a federated
architecture" the HIE service identifies where data may reside for a given person in
order to feed that !ac& to the re(uesting organi#ation. In a consolidated model" the
record locator service identifies in which vault a person5s data resides.
Identity management includes the following services%
6redentialing users includes the process of certifying that an organi#ation
and*or system meets the !aseline security and other technical re(uirements
needed to exchange data as well as providing authori#ation for access. These
provisions come from the participant agreement.
3rovisioning users includes managing an authentication process (password"
to&en or !iometric for electronic signature" or use of an encrypted digital
signature process) and access controls (which user may have access to which
data under which circumstances)
/irectory service provides information on which organi#ations" systems"
providers" and others are credentialed to use the HIE service. In this directory"
service is usually also the information from the data sharing agreement
descri!ing the format in which data can !e exchanged.
7ederation management provides the !asic security and communication
standards for exchange of information. 0ecurity standards include the
Transport 4ayer 0ecurity (T40) 3rotocol and its predecessor" 0ecure 0oc&ets
Section 3.1 Exchange Readiness HIE Technology -
4ayer (004)" which are cryptographic protocols that provide security and data
integrity for communications over T63*I3 networ&s such as the Internet. These
protocols aid in the use of applications such as 'e! !rowsing" email" efax"
instant messaging and 8oice over Internet 3rotocol (8oI3)" some or all of
which may !e services supported !y the HIE service. 6ommunication security
standards include 'e! 0ervices ('0) )ddressing" 0ecurity )ssertions .ar&up
4anguage (0).4)" and*or others.
)uditing and reporting with audit logs and usage reports are maintained and
analy#ed as a further security measure.
Consent management is the active management and enforcement of users5
consent when collecting" storing" accessing" processing" and disclosing personal
health information. 7rom a policy perspective" consumers provide the capture and
management of consent directives. 7rom other applications of such consent
management services" the two typical choices are%
$pt-out% data are exchanged !y default unless restricted !y the person
$pt-in% data are not exchanged !y default until the person provides consent
In some HI$s" a more-layered or (uilted approach may !e used that com!ines opt-out
and opt-in. 7or instance" an HI$ may decide to include all persons in its
directory service to identify persons and locate records" for which a patient
could opt-out" !ut then re(uire a person to opt-in to the actual instance of
disclosure. The following issues are currently under discussion across all HI$s%
consent management services" coupled with which data may !e consolidated or
not9 whether data are pushed or pulled within the HI$9 whether discrete data
exchange is ena!led or only scanned documents and print files are availa!le9 and
many other issues. :o laws or standard regulations currently exist that address
these issues.
/epending on the nature of the consent management process an HI$ adopts" the
practice may include one in which an individual is presented with information
a!out the HI$ at the point of care and provided a consent directive form to
complete" which will !e used for all future exchange of data until changed !y
the individual. However" HI$s that are structured around a personal health
record may find that the individual person is much more engaged in consent
management and may wish to manage consent for each exchange individually.
6onsidera!le education a!out the impact of consent management will need to !e
supplied to individuals as HI$s !egin to use the HIE service as their primary
source of information.
Data exchange is the actual transmission of data" whether point-to-point in a
federated model or from a single repository or centrally-managed set of
independent repositories. .ost often today" a hy!rid model is deployed where la!
results" as in the example a!ove" may !e sourced from ma2or la!s. )nother
example may !e that medication history information from a pharmacy !enefits
manager consolidation service such as RxHu! or Info0can). Immuni#ation
information may !e consolidated into a single repository" such as the state or local
pu!lic health department" and then point-to-point exchange occurs for other
information.
Section 3.1 Exchange Readiness HIE Technology - 3
Copyright 2009, Margret\A Consulting, LLC. Used with permission of author.
!or su""ort using the tool#it
0tratis Health Health Information Technology 0ervices
;<-=<,-++>? info@stratishealth.org
www.stratishealth.org
Section 3.1 Exchange Readiness HIE Technology - $