HIE Service Provider Risk Assessment Tool

Answer the HIE questions using materials collected during your environmental scan, as well as data obtained from the HIMSS HIE Evaluation Checklist if used. Follow-up questions may be needed, especially for issues that might be unique to the health department.


Tool 5 - HIE Service Provider Risk Assessment (PDF form)

Public Health & HIE Toolkit Workbook (Excel)

Will the HIE organization include the health department's goals in its priorities?

  1. Do the mission and business plan accommodate health department goals?
    • If your needs are not visible in the business plan, the organization may be ambivalent, or might go broke trying to meet them. Business plans are revised often, and may need to be revisited in order to accommodate your needs in a thoughtful and strategic manner.
  2. Would the health department goals violate the data use agreement of the HIO?
    • Sometimes these documents are originally written for narrow clinical purposes, and might require renegotiation with members.
  3. Do the management and board acknowledge health department goals?
  4. Do other, more powerful members have conflicting goals and deadlines?
    • For example, will the HIO be able to adopt projects that go beyond Meaningful Use objectives and CMS quality incentives in the next few years, or must it remain focused on those issues to the exclusion of others?
  5. May the health department assume, as needed, an appropriate role in governance?
  6. Is the health department bringing value to the HIO, and is that value recognized?
    • This value may be in the form of fees, funding, endorsement, access to unique information, etc.

Can the HIO provide access to the healthcare providers and information the health department needs?

  1. Is there evidence of good trust between healthcare providers and the HIE service provider?
  2. Are providers committing to HIE participation?
    • Does commitment appear to be short- or long-term?
  3. Is the HIO recruiting the right types of providers in the right geographic areas to meet the health department's needs?
  4. What types of information are healthcare providers expected to make available, or to receive?
  5. To what extent is information exchange dependent on patient consent?
    • Are these consent rules compatible with health department project needs?
  6. Will the appropriate users have necessary access to information under the existing or planned Data Use agreements?
    • For example, will public health nurses or sanitarians have access to the information they might need?
    • What about healthcare provider staff critical to the health department's needs, such as infection preventionists or discharge planners?

Does the HIE solution have long-term sustainability?

  1. Is there a business plan?
    • Is it realistic?
    • Does it indicate a measurable and transparent path toward long-term sustainability?
  2. Does the HIO depend on major grants, major funders or investors?
    • What is the long-term prospect for such funding and plans for its replacement?
  3. Does the HIO leadership have previous experience in successful enterprises?
  4. Are critical stakeholders included in the governance structure in an appropriate manner?
  5. How might changes, such as loss of a major supporter or failure to recruit members, influence the user fees for remaining HIO members?
    • What protections are being taken to minimize risks in that situation?

Will the technology and technical staff support the health department's needs?

  1. Have other agencies, members or HIOs - locally or in other cities/states - successfully established the desired public health functionality using the same technology?
    • If not, has the feasibility and appropriateness of the approach been impartially assessed?
  2. How would the HIO continue to provide service if its technology vendors fail or leave the partnership?
  3. What is the HIO's commitment to establish, maintain and repair services in a manner appropriate to the public health need?
    • This is often summarized in a Service Level Agreement (see Standard Documents for more information).
  4. Is the HIO prepared to scale up messaging, query or other services to levels that might be needed in the event of a major outbreak or disaster?
  5. Is the HIO prepared to sustain operations in the event that an outbreak or disaster affects its staff or facilities?

Is the HIO prepared to protect the privacy and security of both individual and health department information?

  1. Do the standards and technologies satisfy any applicable rules for government systems?
  2. Are HIO rules relating to government transparency in conflict (e.g., sunshine or open-records laws)?

Continue to Next Page:  Health Department Risk Assessment Tool

Navigate the Toolkit


Deciding to Engage

Engaging with HIE

Case Studies

Toolkit Downloads

A PDF of the complete Toolkit can be downloaded on the Public Health & HIE Toolkit Downloads page.  The PDF includes illustrations, footnotes and references not visible using the web version.  Individual tools and reference materials can also be downloaded from the Downloads page.

Return to the Public Health & HIE Toolkit Homepage.