FAQ: What is Health Information Exchange (HIE)?

The following Frequently Asked Questions and answers provide high-level information on the concept and implementation of health information exchange (HIE).

What is Health Information Exchange (HIE)?

Health Information Exchanges provide the capability to electronically move clinical information among disparate healthcare information systems and maintain the meaning of the information being exchanged.

  • The goal of health information exchange is to facilitate access to and retrieval of clinical data to provide safe, more timely, efficient, effective, equitable, patient-centered care. HIE is also used by public health authorities to assist in the analysis of the health of populations.
  • The term "HIE" is generally used as either a verb or a noun:
    • Health Information Exchange (verb) - The sharing action between any two or more organizations with an executed business/legal arrangement that have deployed commonly agreed-upon technology with applied standards for the purpose of electronically exchanging health-related data between the organizations.
    • Health Information Exchange (noun)- A catch-all phrase for all health information exchange, including Regional Health Information Organizations (RHIOs), Quality Information Organizations (QIOs), Agency for Healthcare Research and Quality (AHRQ)-funded communities and private exchanges.

What types of Health Information Exchanges are there?

There are several different types of health information exchange and health information exchange organization currently operating across the United States and its territories:

  • State-wide HIEs are run by the governments of their respective states or maybe the State's Designated Entity (SDE). Some state-wide (and regional) HIEs use an umbrella approach and serve as the aggregator for disparate private health information exchanges.
  • Private / Proprietary HIEs concentrate on a single community or network, often based within a single organization, and include overall management, finance and governance. Examples may include hospital/IDN networks, payer-based HIEs and disease-specific health information exchanges. Some software vendors have also established an HIE network for their clients across the U.S. Additionally, the industry may see other evolving entities such as Accountable Care Organizations (ACOs) supporting information exchange.
  • Hybrid Health Information Exchanges/Health Information Exchange Organizations are often collaborations between organizations, such as an ACO and a vendor network, within a state or region. The Kentucky Health Information Exchange is an example of a hybrid model.
  • Regional / Community Health Information Exchange Organizations are inter-organizational and depend on a variety of funding sources. Most are not-for-profit.

What is an HIE Organization (HIO)?

A Health Information Exchange Organization (HIO) is an organization that oversees and governs the exchange of health-related information among organizations according to nationally recognized standards. The purpose of a health information exchange organization is to perform oversight and governance functions for HIEs.

Why are health information exchanges/health information exchange organizations important?

Health information exchanges and health information exchange organizations can provide many important benefits for providers, patients and hospitals, such as:

  • Enhanced care coordination through communication between providers is of critical importance for patient care and leads to improved outcomes and patient safety. It can also reduce or eliminate redundant and unnecessary testing.
  • Access to the right information, at the right time, for providers, patients and all other stakeholders.
  • Improved efficiency and reliability through the elimination of unnecessary paperwork and providing caregivers with clinical decision support tools.
  • Improved quality and safety through a reduction of medication and medical errors.

What types of health information exchange architecture are there?

There are three primary types of HIE architecture used across the United States:

  • Centralized - Patient data are collected and stored in a centralized repository, data warehouse or other databases. The HIE/HIO has full control over the data, including the ability to authenticate, authorize and record transactions among participants.
  • Federated (Decentralized) - Interconnected but independent databases allow for data sharing and exchange, and grant users access to the information only when needed.
  • Hybrid - Incorporates variations of federated and centralized architectures to harness the advantages of both. These are becoming common as various combinations of available services are implemented.

Do I need to connect to multiple HIE service providers?

Depending on the services needed, some providers may need to connect to multiple HIEs, as some HIE solutions may provide only basic services. One must conduct due diligence with the available HIE service providers to determine their service offerings and how they support the organization's needs.

The Health Information Exchange Importance Checklist and the guidance on Approaching Health Information Exchange Engagement provided in the HIMSS/NACCHO HIE Toolkit for Public Health can be a good starting point for any organizations, not just public health departments, to explore available HIE solutions.  The resources provided in the HIMSS Ambulatory HIE Toolkit's Evaluating Health Information Exchange/Health Information Exchange Organization Opportunities section offer additional guidance.

What data comes into an HIE/HIO?

Health information exchanges/health information exchange organizations provide the capability to electronically move clinical, business and financial information among disparate healthcare information systems while maintaining the meaning of the information being exchanged.

The primary types of data exchange utilizing services provided by an HIE include:

  • Clinical data from providers
  • Activity (claims) and cost data from payers and providers
  • Pharmaceutical R&D data from pharmaceutical companies and academia
  • Public health data such as immunization registries and syndromic surveillance
  • Quality reporting and other types of reporting

What is an EHR?

An Electronic Health Record (EHR) is a longitudinal health record of patient health information generated by one or more encounters in any care delivery setting. The EHR automates and streamlines the clinical workflow.

  • EHRs include information on patient demographics, progress notes, problems, medications, vital signs, past medical history, immunizations, laboratory data and radiology reports and images.
  • Health-related information contained in an EHR conforms to nationally recognized interoperability standards, and can be created, maintained and consulted by authorized clinicians and staff across more than one healthcare organization.
  • The EHR has the ability to generate a complete record of a clinical patient encounter, as well as supporting other care-related activities directly or indirectly via interface, such as through evidence-based decision support, quality management and outcomes reporting.

What do HIEs/HIOs offer that EHRs do not?

Health information exchanges and HIOs offer many benefits that EHRs, in general, do not, such as:

  • Care coordination - This is a dynamic process that requires data movement across platforms and among service providers in real time. Many EHR systems, in spite of being developed by the same company, do not talk to each other, creating delays and decreasing the value of the system.
  • Record Locator Services / Master Patient Indexes - Enable creation of one continuous community record, facilitating patient identification across multiple provider settings.
  • Data exchange - HIEs/HIOs provide support for vocabulary and code sets including content mapping, and enable data transactions to occur automatically across multiple providers and settings.
  • Data aggregation and analysis - This includes clinical data aggregation across health information exchange partners, as well as data analytics and warehousing.
  • Performance outcome management - Population-level data analysis is an essential component of pay-for-performance programs, ACOs, public health systems and other stakeholders.
  • Business intelligence analytics - Enable better risk analysis and better, more cost-effective care of high-risk patients.
  • Clinical messaging - Standard HIE services often include laboratory results, emergency room notes, medication lists, discharge summaries, progress notes, radiology results and surgical notes.
  • Support for EHR, PHR and MU adoption consultation - HIEs and HIOs facilitate the preparation of scorecards for services using claims and EHR data, and support achievement of Meaningful Use (MU) requirements. (For additional information, see HIE Organizations Supporting Meaningful Use Stage 2 Goals in the HIMSS HIE Toolkit.)
  • Patient consent - Where consent is not governed by other laws or regulations, a health information exchange-based centralized consent management process can enable consensus among the community's stakeholders for a patient consent model.
  • Connectivity - HIEs/HIOs provide connectivity choices such as DIRECT, the eHealth Exchange and other connectivity services.
  • New care delivery methods - HIEs/HIOs can be essential components in both the development and operation of ACOs and Patient-Centered Medical Homes.
  • Data sharing - Consolidation and reduction of data interface costs by data sharing for patient demographics, Electronic Medical Record (EMR) data feeds, laboratory data, radiology data and scanned paper documents.

What is DIRECT?

DIRECT is a secure email messaging service leveraging secure, encrypted and HIPAA-compliant services.

  • State-level HIEs included DIRECT as part of their service offerings as required by the HITECH State Health Information Exchange Cooperative Agreement Program supported by the Office of the National Coordinator (ONC) for Health Information Technology.
  • Other health information exchanges and providers leverage use of DIRECT email services to support their basic information exchange activities.

What is the eHealth Exchange?

The eHealth Exchange (formerly referred to as the Nationwide Health Information Network, or NwHIN) is a group of federal agencies and non-federal organizations that came together under a common mission and purpose to improve patient care, streamline disability benefits claims, and improve public health reporting through secure, trusted and interoperable health information exchange.

  • Participating organizations mutually agree to support a common set of standards and specifications that enable the establishment of a secure, trusted and interoperable connection among all participating Exchange organizations for the standardized flow of information.
  • Healtheway is the non-profit, public/private collaborative that operationally supports the eHealth Exchange.

What is a HISP?

A Health Information Service Provider (HISP) is an organization that supports the secure transport of health information, including both structured and unstructured data.

  • Some HIEs may utilize a third-party HISP, while others may include a HISP as part of their organization.
  • Other HIEs may not formally utilize a HISP but directly include connection and exchange capabilities as part of their technical infrastructure and strategy.

How is patient consent managed?

There are several consent models used by HIEs/HIOs, each with its own advantages and disadvantages.

  • No consent - Patient health information at a participating healthcare organization is automatically included in and available through the HIE/HIO. (NOTE: This is not recommended, and is rarely used.)
  • Opt-out - All or some pre-defined data sets are qualified to be included and available for exchange, after patients are given the opportunity to opt out in full.
  • Opt-out with exceptions - All or some pre-defined data sets are qualified to be included and available for exchange after patients are given the opportunity to:
    • opt out in full;
    • selectively exclude categories of data or specific data elements from the exchange;
    • limit exchange of their information to specific providers or provider organizations; and/or
    • limit exchange of their information only for specific purposes.
  • Opt-in - No patient data sets are made available for electronic exchange until patients actively express whether they would like to make all, or a pre-defined set, of their information available.
  • Opt-in with restrictions - No patient data sets are made available for electronic exchange until patients actively give their consent to participate. Patients have the option to:
    • make all of their information available for exchange;
    • include only specific categories of data or data elements;
    • allow information to flow only to specific providers; and/or
    • allow the exchange of their information only for specific purposes.

How are privacy and security of patient health information ensured?

The U.S. Department of Health and Human Services's HIPAA requires HIEs/HIOs to have privacy and security policies and procedures in place to safeguard health information when it is exchanged. Privacy and security considerations may include the following:

  • The HIE/HIO sets the policies and procedures that apply to the devices or systems. The process of exchanging health information assumes that detailed data-sharing agreements among the providers and between the providers and the HIE/HIO are all in place.
  • There should be trust agreements with all HIE participants. These agreements define who can access and change data. All HIE participants must agree to follow the privacy and security policies that govern data protection and use. There are also federal and state laws regarding who can access data. Audits should be continuously performed to monitor data access.
  • There should be different levels of access control, depending upon the role of the user. Each level should be secured by permission controls and may include two- or multiple-factor authentication requirements for increased security. Only the providers who are treating patients, and their associated staff who are specifically given rights to the HIE/HIO, should be able to access patient records.
  • Privacy and security standards require encryption of data at rest (in the providers' servers) and in transmission (between providers, via the HIE/HIO).

How is quality measure reporting handled?

The Centers for Medicare & Medicaid Services (CMS) provide tools called Clinical Quality Measures (CQM) that help providers to measure and track the quality of healthcare services provided.

  • These measures use a wide variety of data that are associated with a provider's ability to deliver high-quality care, or relate to long-term goals for healthcare quality.
  • Most EHRs and many HIE systems provide a quality measure reporting module that can be used for the automatic registry reporting of clinical outcomes and quality measure data required by pay-for-performance programs and/or Meaningful Use. Healthcare providers simply document patient encounters and the quality measure reporting module will automatically handle the data collection and reporting process. (source)


What are some sample HIE workflows?

Sample workflows can help to better understand how to utilize HIE/HIO services. The following examples (both patient-specific and non-patient-specific) can be facilitated by HIE service providers.

  • Secure messaging between providers - HIEs/HIOs can be used for generalized communication between physicians in different healthcare entities and/or using different EHRs. For instance, providers needing to send transition of care documents for consultations or referrals can use HIE services to eliminate sending paper documents, and to expedite the patient's treatment.
  • Patient intake - Using an HIE's/HIO's query and response process, the patient's summary clinical record can be pre-fetched and available immediately when the provider wants to look at it.
  • Patient exam - A physician can utilize an HIE or HIO to access the appropriate patient data from other sources, such as other providers and hospitals. The physician can then select certain patient documents (such as medication lists and reconciliations, allergy lists or lab reports) that they want to have filed in their local EHR for access during a patient visit.
  • Query services - Physicians may want to obtain more information about a patient that is referred to their office. They can query their local HIE/HIO and, using the IHE Cross-Community Patient Discovery (XCPD) locator services profile, the local HIE/HIO can query other HIE service providers to assemble a full Patient Health Record (PHR).
  • Interoperability among EHRs - Different healthcare entities may use different EHR systems that cannot connect to one another. HIEs and HIOs can play a key role in enabling communication between disparate systems.
  • Transitions of Care (TOC) - As patients make the transition from one care setting to another (such as from hospital to provider), HIE services allow the documentation from one care setting to be easily accessed from the next.
  • Referrals - Organizations have the ability to send referrals directly through the HIE/HIO, along with all appropriate documentation.
  • Lab results - HIE services provide physicians with the ability to get results directly through the HIE/HIO.

How do HIEs/HIOs handle transitions of care?

HIE services can be used in several ways to support Meaningful Use (MU) transitions of care measures, such as in the following examples:

  • Workflows for Transitions of Care (TOC) between different care settings
    • A Primary Care Provider (PCP) who makes a referral to a specialist can export a patient's CCD/C-CDA from the EHR, attach it to a DIRECT email message and send it to the specialist via DIRECT. The specialist can then download the CCD/C-CDA and import it into his/her EHR.
    • Hospitals can export a discharge summary to an HIE/HIO, which the PCP or specialist can then access.
  • Push services to support TOC
    • Providers send MU data sets and TOC-required data to the HIE/HIO.
    • The HIE/HIO partners with one or more EHR vendors to create and transfer CCDs/C-CDAs.
  • Query/pull services to support TOC
    • HIE service providers can act as an intermediary to make CCD/C-CDA documents available for query to Eligible Hospitals (EH) or Eligible Providers (EP)
    • HIEs/HIOs can support an EH or EP to calculate and report the appropriate TOC measures