Duane Steward, DVM, MSIE, PhDNemours, Chief Computer Scientist for Clinical InformaticsUniversity Central Florida, Assistant Professor

Agenda

Define Health Information ExchangeKey Issues Of Identification – Truth TableStandardsNational Efforts As ContextFHIN ArchitectureFlorida RHIOsMinimal Data SetFHIN White Paper Recommendations

Web-based PortalClinical Source Systems

Patient Portal

Physician Portal

Business Convener Bring together health care stakeholders. Manage Business Associate Agreements

Enable data-sharing among providers

Security Management Certify providers to access health care records

Authorize access to records Log record access activity

Identity Management

Identify patient records with MPI Match patient records with an RLS

Information Management

Gathers patient data into Minimal Clinical DatasetProvide data access through a Web-based portal

Provide access to the FHIN

RHIO Infrastructure

Physicians

Inpatient

Laboratory

Pharmacy

What is a Regional Health  Information Organization?

RHIO Infrastructure

Slide courtesy of Christopher Sullivan, PhD ‐

AHCA

FQHC Databases

Lab Results

Medications

DoH Vital StatsDoH Clinics

DoH SHOTSIDN Databases

Health Statistics

Orlando, etc.

Florida Health Information NetworkStatewide Architecture

Jacksonville

Miami

RHIOsTampa Bay

Web Services (CCR)

Web Services (CCR)Web Services (CCR)

GovernmentDatabasesMedicaid Data Miscellaneous

Databases

PayorDatabasesClaims Data

Web Services (CCR)FHINServer

Identity: The Root Of Security  Issues

Who do we need medical records for?Whose medical records are these?Do we have all the pieces?For a given request there are theoretically four results

True positive, true negativeFalse positive, false negative

What consequence for each case?

Pos Neg

True

False

Healthcare Data StandardsStandards for …test requested (e.g., LOINC)…order sets…guidelines, protocols & standards of care…for results (e.g., LOINC)…for terminology of signs & symptoms (e.g., Snomed)…for media carrying data (e.g., Dicom)…for continuity of care, transfer of custody (e.g., CCR, [EMS])…for set of data considered minimal elements necessary (e.g., 

FHIN Minimal Clinical Dataset)…for structuring the envelop that will carry the message 

containing the data (e.g., SOAP, HL7)

Health Information Technology  Standards Panel (HITSP) Function

Multi‐stakeholder coordinating body, partnership of the public and private sectors—operating with a neutral and inclusive governance model

Administered by the American National Standards Institute

Provide a process to identify, select, and harmonize standards

i.e., Specifications, Implementation Guides, Code Sets, Terminologies, and Integration Profiles

development of harmonized Interoperability Specifications and information policies, including Standards Development Organization (SDO) work products—essential for establishing privacy, security and interoperability among healthcare software applications

Goal to be “Use Case” driven, using information from stakeholders and basing decisions on industry needs

How Use Cases and HITSP Interoperability Specifications are Developed The American Health Information Community, as the representative

of public and 

private health sector stakeholders, identified the three Use Cases (available at 

hitsp.org) that drove the initial efforts of the HITSP. Nationwide public and private 

health sector priorities continue to focus the efforts of the HITSP. The Use Case 

driven HITSP harmonization process is implemented by formally chartered 

Technical Committees. The volunteers that comprise a Technical Committee 

followed an 8 step process, depicted below.

HITSP Harmonization Process Steps

From the Forward of the TP13 ‐

HITSP Manage Sharing of Documents Transaction Package (v 2.1)

Evaluation of Standards Harmonization Process for HIT

The Standards Harmonization initiative is just one element of interoperability

The Community serves as the hub for identifying breakthrough opportunities

CCHIT will focus on developing a mechanism for certification of health care IT products

HITSP will bring together all relevant stakeholders to identify appropriate IT standards

HISPC is a partnership focused on addressing variations in business policy and state law that affect privacy and security

NHIN is focused on interoperability pilots

Health Information Technology Standards Panel (HITSP)

National Health Information Network (NHIN) Architecture Projects

The Health Information Security and Privacy Collaboration (HISPC)

The Certification Commission for Health Information Technology (CCHIT) American

Health Information Community

FHIN State Level Server

Health Care 

Data:

Florida Center

Medicaid

DOH SHOTS &

Vital Statistics

Physicians 

Certified with 

DOH Licensing 

Database

Florida’s  RHIOs 

exchange  records via  the state 

level server

Slide courtesy of Christopher Sullivan, PhD ‐

AHCA

RHIO Data Sharing Server:Staging Area,Handles Queries

RHIO Data Sharing Server:Staging Area,Handles Queries

RHIO Data Sharing Server:Staging Area,Handles Queries

RHIO Network

Diagram of FHIN and Regional Health InformationOrganization Network TopologyNetwork participants forward patient identification and encounter information to the RHIO Registry Server. Each participant has a small staging datasharing server that handles queries to support fetch and view behavior(required for performance requirements).

Data sharing servers lie just outside local enterprise firewalls. User authentication and access audit functions are supplied by either RHIO RLS, a Network LDAP server or equivalent.

Note: EMR/EHR Systems are varied vender products.

Diagram of FHIN and Regional Health InformationDiagram of FHIN and Regional Health InformationOrganization Network TopologyOrganization Network TopologyNetwork participants forward patient identification and encounteNetwork participants forward patient identification and encounter r information to the RHIO Registry Server. Each participant has ainformation to the RHIO Registry Server. Each participant has a small staging datasmall staging datasharing server that handles queries to support fetch and view besharing server that handles queries to support fetch and view behaviorhavior(required for performance requirements). (required for performance requirements).

Data sharing servers lie just outside local enterprise firewallsData sharing servers lie just outside local enterprise firewalls. . User authentication and access audit functions are supplied by eUser authentication and access audit functions are supplied by either ither RHIO RLS, a Network LDAP server or equivalent.RHIO RLS, a Network LDAP server or equivalent.

Note: EMR/EHR Systems are varied vender products.Note: EMR/EHR Systems are varied vender products.

Providers

Regional DOHResearch andPolicy Data MonitoringFor PublicHealth andSyndromicSurveillance

Data

Prepared by Duane Steward, DVM, MSIE, PhD; College of Health and Public Affairs, UCFon behalf of the Technical Committee of the Central Florida Regional Health Information Organization

RHIO Registry Server:Maintains Minimal Clinical

Datasetand EMPI

RHIO SpecificRLS Server

DataData

Data

Central Florida RHIO

PhysicianAssociatesOf Florida

FloridaHospital

OrlandoRegional

Healthcare

CognoscentiHealth

Institute

RHIORegistry

All network participants forwardpatient identification and encounterinformation to the RHIO Registry –may include CCR data

ResearchDatabases(deidentified data)

HealthcareCenter for the

Homeless

Link to otherRHIOs via StateSwitch

May be withinor external toRHIO

JewettOrthopedic

Clinic

OrangeCountyPCAN

Central Florida RHIO Architecture – Phase I “Fetch & View”

Central Florida RHIO

PhysicianAssociatesOf Florida

FloridaHospital

OrlandoRegional

Healthcare

CognoscentiHealth

Institute

RHIORegistry

All network participants forwardpatient identification and encounterinformation to the RHIO index –may include CCR data

ResearchDatabases(deidentified data)

HealthcareCenter for the

Homeless

May be withinor external toRHIO

JewettOrthopedic

Clinic

OrangeCountyPCAN

AvailablePatientInformation

ED PatientInformationRequest

RequestPatientInformation

ReturnedPatientInformation

Central Florida RHIO Architecture – Phase I “Fetch & View”

Link to otherRHIOs via StateSwitch

HIE Architecture in Florida

HIE Architecture in Florida

21

NE Florida Health Information  Consortium

Big  Bend 

R H I O

Big Bend RHIO Regional Health Information  Network (RHIN) Architecture 

VPN

Small organizations can 

connect either directly to 

the RHIN or through a VPN 

gateway

Organizations can connect bi‐

directly to feed their data and 

receive data directly into their 

EMR 

In the early Phases CHP, CRMC & TMH will provide a 

one way feed of their data. They have the largest 

repositories and the priority is to make their data 

available ASAP

pMAN 

Connectivity

–Dedicated fiber‐

based Private 

Medical Area 

Network & VPN 

gateway

Data Exchange: Big Bend RHIO Applications

Clinical data display including: labs, 

radiology reports, allergies, problems, 

providers, and medication history

e‐Prescribing and 

Medication History

25

Palm Beach County Community Health  Alliance (PBCCHA)

PBC Community Health Alliance(An Alliance of Funders and Providers

Serving Health Care Consumers)

Care Expansion

LanguageAccess

CommonEligibility

Shared EHR

ProjectAccess

PrivateFunders

Hospitals

PublicFunders Health

Dept.

FreeClinics

SocialServices

Tampa Bay RHIO

EscambiaHealthInformation Network

Community Health Informatics Organization

South Florida Health Information Initiative

DOHCloverleafIntegration

Broker

Rabies Results

HIV-AIDS Results

HIV-AIDSSurveillance

Integration Broker - High Level View (ELR)

Integration Broker Role: Receive Data, Translate Format, Transmit Data to Stakeholders

LabCorp

Quest Diagnostics

Private Physicians (via a common

portal)

IRL

CDCOther Outside

Agencies

InternetExternal Partners (via the Internet)

(Sends Electronic Orders, Receives Result Reports)

MUMPS

BOLIMS

(Receives Orders,Sends Result Rpts)

STDDatabase

ReportableDisease Results

Hepatitis Results

MERLIN

(Sends Orders,Rcvs Result Rpts)

STD Results

HIV-AIDSCTRS II

Environmental Health Bureau of

TB

HIV-AIDS Results

RHIO Switch

BOLIMS Billing Data

DOH Health Maintenance System

FHIN 

Connection

Integration Broker – High Level View (ELR)

Slide courtesy of Christopher Sullivan, PhD; AHCA

FHIN White Paper FHIN White Paper -- RecommendationsRecommendationsAuthentication of UsersAuthentication of UsersEndEnd--user authentication and authorization user authentication and authorization should be handled at a regional or RHIO level, should be handled at a regional or RHIO level, with a trust relationship set up between RHIOs with a trust relationship set up between RHIOs and the state server. The state server shall act and the state server. The state server shall act as a broker of all transactions among individual as a broker of all transactions among individual entities such as RHIOS, state agency entities such as RHIOS, state agency databases or other sources of health care databases or other sources of health care information. This would ensure that the information. This would ensure that the authentication of clinicians and other end users authentication of clinicians and other end users does not need to occur at every single step of does not need to occur at every single step of the data request and process. the data request and process.

FHIN White Paper FHIN White Paper -- RecommendationsRecommendations

Detailed logging of all requests to the Detailed logging of all requests to the FHIN server, or between RHIOs and FHIN server, or between RHIOs and other entities must be kept at all times, other entities must be kept at all times, preferably both by the requesting entity preferably both by the requesting entity and by the requested entity. and by the requested entity.

FHIN White Paper FHIN White Paper -- RecommendationsRecommendationsPatient Consent Patient Consent The technical design of the FHIN and RHIOs The technical design of the FHIN and RHIOs needs to be defined in such a way that patients needs to be defined in such a way that patients have control over the medical information have control over the medical information stored within their medical record.stored within their medical record.Patients should have the right to determine who Patients should have the right to determine who is able to view their shared information, revoke is able to view their shared information, revoke the right if they choose to do so, request an the right if they choose to do so, request an audit of who has been viewing their information, audit of who has been viewing their information, and be notified of any event that breaks these and be notified of any event that breaks these rights. rights.

FHIN White Paper FHIN White Paper -- RecommendationsRecommendations

The authors of this paper recommend The authors of this paper recommend that consideration be given to alternative that consideration be given to alternative systems to ensure patient rights, such as systems to ensure patient rights, such as the adoption of a personal identification the adoption of a personal identification number (PIN) model external to both the number (PIN) model external to both the source systems and the RHIO. source systems and the RHIO.

dsteward@nemours.org

www.fhin.netwww.HITSP.wikispaces.comwww.ansi.org/hitsp/

Special  thanks to:Christopher Sullivan, PhD and colleagues at AHCAMembers of  [Florida] Governor’s Health Information Infrastructure Advisory BoardContributing members of American Health Information Community