6 HIE Vendors: How They Measure Up

With the beginning of Meaningful Use stage 2 only nine months away, the federal government and most states are accelerating their efforts to make directed exchange of electronic information available to all healthcare providers. These efforts include making sure that most electronic health records (EHRs) have Direct messaging capability, that health information service providers (HISPs) are widespread, and that the HISPs can communicate with each other.

Directed, or point-to-point, health information exchange (HIE) relies on the Direct Project secure messaging protocol, which was created by a public-private consortium in 2010. Any EHR certified for use in Meaningful Use stage 2 must include Direct capability. This function will enable eligible professionals and hospitals to meet the MU requirement that they provide clinical summaries to other providers at transitions of care, including referrals.

Although relatively few electronic health record (EHR) products now include Direct, most systems are expected to by the end of this year because of the certification requirement, said Erica Galvez, community of practice director, state HIE program, for the Office of the National Coordinator for Health IT (ONC), in an interview with . [ Are health information exchanges really an "unmitigated disaster"? Read Health Information Exchange Debate Gets Fiery. ] To transmit Direct messages, which can include attachments such as clinical summaries, providers must use what are known as health information service providers (HISPs). These are similar to Internet service providers (ISPs), except that they must follow the Direct protocol, be registered with a registration authority, and hold digital certificates from a certificate authority. Their messages are encrypted and must be deciphered using public keys. HISPs are spreading rapidly. Thirty-nine states and U.S. territories have made directed exchange broadly available; four others have it in some regions but not in others; and five more are piloting it. Including commercial HISPs, Galvez said, "nearly the entire country is covered with those services." Some states are contracting directly with HISP vendors such as Medicity and Harris Corp., while others are encouraging these vendors to offer their services in state-sponsored markets, she noted. Some regional HIEs and regional extension centers have also sponsored HISPs, and EHR vendors will either have to partner with HISPs or develop their own, she said. Most HISPs are still unable to communicate with each other, which is a problem for several reasons. Although providers might not have any reason to send Direct messages to providers in other states or even across their own state, HISP territories might overlap, Galvez observed. One reason is that some states are encouraging HISPs to compete with each other. Moreover, even where a statewide HIE has formed a HISP, a national HISP such as Surescripts might be active in that state. Also, metropolitan areas such as those of New York, Cincinnati and Kansas City straddle multiple states. ONC tried to straighten out this confusing situation by issuing guidelines for statewide HIE Direct infrastructure and HISP interoperability in July 2012. HISPs are using these guidelines, Galvez said, but she acknowledged that, except where they've made one-off agreements with each other, they still aren't exchanging data. This isn't the result of technical barriers, but stems from a lack of trust among HISPs and a lack of knowledge of each other's business practices. The interoperability guidelines went a long way toward resolving these problems, but there were still sticking points. So last November, ONC held a conference that was attended by a wide cross-section of the Direct community. ONC commissioned a report on the conference from Deloitte and promised to issue update guidelines -- which Galvez says it will soon do. Meanwhile, a trade organization called DirectTrust recently launched a national accreditation program for HISPs, certificate authorities, and registration authorities in collaboration with the Electronic Health Network Accreditation Commission (EHNAC). The goal of this program, David Kibbe, MD, president and CEO of DirectTrust, said in an interview, is to eliminate the need for each HISP to contract with other HISPs to create conditions of trust and to guarantee performance. ONC recently recognized DirectTrust's contribution by entering a cooperative agreement with the organization and giving it a $285,000 grant. Galvez said ONC plans to work with DirectTrust "on some of the implementation aspects of their HISP accreditation program." To the extent that DirectTrust gives HISPs the type of assurances they need to trust each other, she said, "That's a very positive development in the market." Nevertheless, she added, ONC plans to continue guiding HISP evolution. "There's always a need for ONC to have a voice and a position on certain things that matter. Without a regulatory governance structure -- which we're not pursuing -- it's up to HISPs to decide whether or not to participate in DirectTrust. The more ONC can do to help give signals to the market, the better." Regulatory requirements dominate, our research shows. The challenge is to innovate with technology, not just dot the i's and cross the t's. Also in the new, all-digital The Right Health IT Priorities? issue of InformationWeek Healthcare: Real change takes much more than technology. (Free registration required.)