Download - Accenture Hie
-
8/2/2019 Accenture Hie
1/36
-
8/2/2019 Accenture Hie
2/36
2
Table of contentsExecutive summary 3
1. Transforming the US health system: From fragmentation to a connected health ecosystem 5
Todays health systemand the promise of tomorrow 6
Key characteristics of connected health 8
The connected health journey 11
2. The first step: Health information exchange 16
3. Information governance: Enabling effective health information exchange 20
The Accenture Information Governance Framework for Health 21
4. Developing effective information governance: Next steps 34
-
8/2/2019 Accenture Hie
3/36
3
Over the next decade, the US health
system must change dramatically to
address many challengessteadily rising
costs, an aging population, the increasing
incidence of chronic disease and peoples
growing expectations for care that is
more accessible, affordable, high quality
and personalized.
Although the health system has been slow
to adapt, this situation is set to change.
Health care reform and unprecedented
investment in health ITparticularlyconnected health solutions, such as
electronic medical records (EMRs) and
health information exchanges (HIEs)
are fundamentally reshaping the health
care system.
The current system is characterized by
passive consumers, highly fragmented,
episodic fee-for-service care delivered
in costly settings, and physician remu-
neration based on quantity of care
provided. Connected health solutions
will support the transformation to a
highly coordinated, connected health
system characterized by a focus on
long-term wellness, prevention and
chronic care management, informed and
engaged consumers and a payment
system that rewards quality and incents
providers to improve health outcomes.
In this report, Accenture outlines the
various stages of this transformation
journey from the current health system
to the new connected health ecosystem.
An essential first step is the secure,
efficient electronic capture and exchange
of high-quality patient health informationthrough electronic health records and
health information exchanges that
connect the various stakeholders. Health
IT solutions will improve the quality and
efficiency of care only if physicians and
hospitals implement and operate them
effectivelybetter enabling free and
easy exchange of information among
organizations. Consequently, the federal
governments meaningful use criteria
which encourage widespread adoption
of EMR solutions that better enable
secure, effective health information
exchangewill be crucial. Over time,
the application of analytics and predic-
tive modeling tools to health informa-
tion will help to better inform health
care decisions and processes, enhance
the patient experience and deliver
better outcomes while reducing costs
across the entire system.
Research from the eHealth Initiative
shows that progress on implementing
HIE initiatives is accelerating rapidly.1
However, a number of persistent
challenges could slow or even haltthis progress. While the nature of the
challenges identified in the eHealth
Initiative survey is wide rangingfrom
developing sustainable HIE business
models and defining the value for
users to protecting patient privacy
and ensuring compliance with federal
1 eHealth Initiative, The State of Health Infor-
mation Exchange in 2010: Connecting the
Nation to Achieve Meaningful Use and
Migrating Toward Meaningful Use: The State
of Health Information Exchange.
Executive summary
-
8/2/2019 Accenture Hie
4/36
and state regulationsmany of them
typically trace back to information
governance issues. These include:
Securitypreventing and managing
data breaches. Interoperabilityenabling systems to
share information efficiently, effectively
and securely. Consentdeveloping and implementing
effective consent models. Access controlpreventing unauthorized
access to and inappropriate use of data. Data qualityensuring data communi-
cated between systems is accurate,
meaningful and internally consistent. Complianceensuring compliance
with privacy, data security and audit
regulations.
Failure to address these challenges will
likely result in negative consequences
for the efficiency and effectiveness of
HIE. For instance, it could increase data
breaches and reputational risk; limit
adoption and undermine long-term
sustainability; increase the cost of
HIE implementation; limit the clinical
and administrative value of health
information exchange; and reduce
system flexibility and performance.
Key to helping address the challenges is
effective information governancewhich
Accenture defines as the processes,
functions, standards and technologies
that enable high-quality information
to be created, stored, communicated,
valued and used effectively and
securely in support of an organizations
strategic goals.
With legal, administrative, clinical and
IT dimensions, these challenges cut
across virtually every part of a health
care organization. Thus, developing
effective solutions requires collaboration
across organizational silos, functions
and information systems. In the past,
however, organizations have tended to
adopt a siloed and tactical approach
to information governance, addressing
challenges as they arise. This fragmented,
reactive approach significantly increases
the cost of information governance and
reduces the effectiveness and flexibility
of information governance provisions.
Accenture believes that a strategic,
coordinated and disciplined approach
is critical to help address information
governance challenges. Effective informa-
tion governance requires a consolidated,
enterprise-wide information governance
architecturea layer of processes, func-
tions, policies and solutions that ensure
the effective and secure creation, storage,
communication, valuation and use of
information. Effective information
governance architectures integrate
disparate information, security, access
control and content management
architectures and include legal, clinical,administrative and IT work streams.
In this report, we present the Accenture
Information Governance Framework
for Health as a possible tool for helping
organizations design more effective,
consolidated information governance
architectures to ensure effective
implementation and ongoing operation
of HIE initiatives. Developed by
Accenture and drawing on what we have
learned through health IT implemen-
tations around the world, the framework
provides a holistic model of information
governance.
The framework breaks the complexity
of information governance into five
interrelated componentseach of which
has its own set of processes, functions,
standards and technologieswithin one
integrated model. The five components
are:
Data privacyensuring patients medical
data can be accessed only with their
consent. Data confidentialitypreventing
unauthorized access to and improper
use of information. Data securityproactively managing
security risks, effectively identifying
and prioritizing threats, and rapidly
addressing vulnerabilities.
Data qualityensuring information is
meaningful, accurate and internally
consistent so it can be used for its
intended purpose. Data integritymaintaining the
validity, accuracy and reliability of data
after it has been stored, transferred,
retrieved or processed.
We believe that all HIE stakeholders,
whether policymakers or those respon-
sible for ground-level implementation,
should consider these five components
from the outset of their planning.
Based on Accenture research and
experience from e-health implemen-
tations around the world, we have
identified four initial steps towardmore effective information governance:
1. Conduct a comprehensive risk
assessment and gap analysis of current
information governance provisions.
2. Identify, analyze, evaluate and
prioritize information governance
challenges.
3. Design solutions and develop strategies
to address these challenges.
4. Develop a detailed implementation
plan.
Accenture believes that to achieve high
performance in the connected health
ecosystem, health care organizations
should make information governance
a strategic priority. By creating a con-
solidated, enterprise-wide information
governance architecture, organizations
will be better able to improve data
quality and data security. This, in turn,
will help them to implement healthinformation exchange solutions that
address patients concerns over data
privacy, ensure compliance with regu-
latory and legislative requirements,
maximize the clinical and administrative
benefits of health information exchange
and increase physician adoption.
4
-
8/2/2019 Accenture Hie
5/36
5
1. Transforming the US health system:From fragmentation to a connected health ecosystem
-
8/2/2019 Accenture Hie
6/36
6
The US health system is at a critical
juncture. Faced with a number of
steadily intensifying challenges
skyrocketing costs, an aging population,
the increasing prevalence of chronic
disease and growing expectations from
patients for care that is more accessible,
affordable, high quality and personalized
a complete transformation of the
traditional health care delivery model is
needed to create a sustainable health
system for the 21st century and beyond.
To date, the health system has been slow
to adapt. The provision of care remainsfragmented, with little coordination
among myriad stakeholdersincluding
providers (doctors, hospitals, clinical
laboratories and pharmacies), payers,
government, employers and consumers.
The system maintains its focus on episodic
care delivered in costly traditional settings
(hospitals and physicians offices) after
people become sick rather than on pre-
ventive care and wellness. Consumers
remain passive; lacking the knowledge
and the inclination to manage their own
care, they rely heavily on decisions made
for them by their physicians. Further,
the payment system compensates
doctors not for the quality, but rather
the quantity of care they provide
offering little incentive for innovation
or improved health outcomes.
This situation is set to change over
the next 10 years as the various
stakeholders embrace new connected
health solutions that will transform
the health systemimproving thepatient experience and delivering better
health outcomes while reducing costs
across the entire system.
Connected health describes a new
delivery model in which:
Services offered by different stake-
holders are provided in a coordinated
and seamless way across all access
points.
Patient needs and sustainable health
care organization business models
come together to create appropriate
pathways through care. The focus is on prevention, health and
wellness rather than episodic care. Patients are no longer passive recipients
of care but are informed and empowered
to monitor their own health and make
appropriate choices over the course of
their lives. Care is available in diverse settings
(including peoples own homes) to
increase the efficiency and effectiveness
of interventions. Providers remuneration is based on
performance in improving health
outcomes and there are clear rewards
for innovation.
The electronic capture of patient health
information and the subsequent exchange
of that information across the health
system is an essential first step in the
transformation to the connected health
system. The superior use of health data
will help create a more efficient, high-
quality, value-driven, evidence-based
future for US health care.
Figure 1. Transitioning the health system
The current health system The connected health system
Fragmented Care that is centered around the needs of
the health system Focused on episodic care Traditional health care settings
(hospitals, physician offices) Passive consumers Most providers paid on fee-for-service
basis Lack of incentives for innovation
Coordinated through complex and
flexible interdependent networks Care that is centered around the needs of
the patient Focused on wellness, prevention and
chronic care management Diverse health care settings Health consumerism Providers' reimbursement linked to
performance Innovations improve service and
reduce cost
Todays health systemand the promise of tomorrow
-
8/2/2019 Accenture Hie
7/36
7
Recent government reform initiatives, such as the Health
Information Technology for Economic and Clinical Health
Act (HITECH) and the Patient Protection and Affordable
Care Act (PPACA), represent key milestones in setting
the foundation for connected health. HITECH advocates
the use of technology by incentivizing meaningful use
of EMRs by physicians and hospitals, as well as the
development of HIEs. PPACA includes provisions to move
the system toward new payment models that reward
value (cost and quality targets) rather than volume (fee
for serv ice) and encourages new models of care and
accountability (such as Patient Centered Medical Homes
and accountable care organizations).
Financial drivers including health care inflation, resultingfrom the high cost of new drugs and treatments; wasteful
spending (for example, redundant, inappropriate or
unnecessary tests and procedures); inefficient health
care administration; the rising incidence of costly
conditions (such as heart disease and obesity); and the
growing health care needs of an aging population.
Rapid advances in health information technology (HIT),
including electronic medical records, clinical decision
support systems, computerized physician order entry (CPOE)
and common standards and certification processes, are
seen as key enablers for improving the overall quality,
safety and efficiency of the health delivery system.
A new generation of informed, empowered consumers
are changing patient expectations. The increase in patient
information and choice, demands for more convenient
and personalized care, and acceptance of the need to
take more personal responsibility for managing their
own health are creating a st rong impetus for change.
(See sidebar on page 10: Connected health and peoples
perspectives on the US health system.)
A heightened focus on quality of health care and patient
safety, which stems from growing concerns over clinical
errors, adverse drug events and the continuing impact
of inconsistent care standards resulting from uneven
application of care protocols and evidence-based medicine.
Changing physician attitudes toward technology are
driv ing the adoption of new e-health solutions. For
example, a recent Accenture survey of more than 1,000
physicians in small practices across the US2 found that
almost 60 percent of all current nonusers intend to purchase
an EMR system within the next two years. The figure
rises to 80 percent for physicians under 55 years of age.
The nation also faces a shortage of qualified medicalprofessionals due to the recent decline in the number of
US medical school graduates choosing primary care. At
current g raduation and training rates, the nation could
face a shortage of as many as 150,000 doctors in the
next 15 years, according to the Association of American
Medical Colleges.
What are the key drivers in the move towardconnected health?
2 Accenture surveyed more than 1,000 physicians across the US in
December 2009. The quantitative survey included randomly sampled
physicians from offices of fewer than 10 practitioners.
-
8/2/2019 Accenture Hie
8/36
Four key characteristics of the new
connected health ecosystem differentiate
it from the traditional health care
delivery model.
Ubiquitous health information
technology (HIT) that enables key
constituents to capture and share
high-quality information securely
and effectively
HIT is a key enabler of connected health.
It provides the tools to electronicallycapture, organize, share and analyze
health information that can be used to
improve health and wellness and to
treat, cure and prevent illness. Effective,
efficient and secure exchange of high-
quality health information across the
health system is a prerequisite for
patient-centric, integrated, evidence-
based care. Connected health solutions
support health data liquidity by capturing
and sharing patient-identifiable clinical
and administrative information and
enabling authorized parties to exchange
and/or access it.
Achieving and maximizing the value of
data liquidity requires the widespread
adoption and utilization of a number
of HIT solutions:
Interoperable EMRs and EHRs, HIE
solutions and Health Information
Networks (HINs) that enable a range
of health care organizations to
capture and share information
securely, efficiently and effectively.
Telemedicine, in-home monitoring andmobile health solutions that support
the remote delivery of care, including
monitoring and consultation.
Health 2.0 sites, personal health
records (PHRs) and wellness tools that
encourage and empower patients to
manage their health and health care
more effectively.
Analytics tools that help maximize
the clinical, epidemiological and
administrative value of data flowing
through the connected health ecosystem.
Clinical decision support systems
(CDSSs) and CPOE systems that sup-
port collaborative patient-centric care
delivery models.
Smart health care that uses analytics
and predictive modeling to improve
clinical decision making, target
resources more efficiently, develop
more effective care delivery models
and improve disease management
Connected health solutions maximizethe value of data liquidity by translating
data into actionable insight that physi-
cians, administrators, organizations
and government can use to improve
the quality of care, increase the effi-
ciency of administrative and clinical
processes, and target resources more
Key characteristics of connected health
Connected health is a new approach to the delivery of health care
services that leverages sophisticated health information technology
(HIT), analytics and predictive modeling, new forms of integrated caredelivery models, and a patient-centric approach to care delivery to
improve the efficiency, quality and accessibility of health care services.
The vision for connected health is one in which all parts of the
health care system are seamlessly integrated through interoperable
processes and technology, and where critical health information is
available when and where it is needed.
8
-
8/2/2019 Accenture Hie
9/36
effectively to improve clinical and public
health outcomes. There are three main
applications for analytics:
Health providers can leverage analytics
at the point of care to help determine
the most clinically effective treatments
for individual patients through the use
of CDSSs. Treatment and diagnosis are
based on proven clinical protocols that
help physicians reduce the variability of
care, ensure use of best practices and
manage costs of care.
Analytics plays a critical role in
improving care processes and deploying
resources more effectively to drive
down costs. By analyzing clinical and
administrative data (from medicalrecords, claims processing, appointment
scheduling, lab results and so on),
organizations can obtain detailed
insights into workflow and resource
allocation across different parts of the
patient care process. These insights
can be used to optimize resource use
and increase the efficiency of clinical
processes.
Analytics can be used to improve public
health outcomes by evaluating population
data sets to help identify patients most
at risk from chronic diseases or other
high-cost health conditions. Using
predictive analytic techniques, patient
conditions can be managed and monitored
proactively to ensure preemptive inter-
ventions that avoid hospitalizations and
related costs. Those patients identified
as being most at risk receive additional
care and can be educated to manage
their own treatment or change theirbehavior in ways that may improve
their condition.
New integrated care delivery models
that target improved health outcomes,
prevention and wellness rather than
reactive treatment
Integrated care delivery models provide a
means of organizing, financing and
delivering a wide range of health services
to meet an individuals health needs
in a coordinated, accountable care
management setting. The new models
avoid duplication and eliminate redun-
dant processes by enabling a range of
health professionals to coordinate care
across the health system.
One example is the Patient Centered
Medical Home (PCMH). Through the
PCMH model, a patients care is coor-
dinated across the health system and
across all stages of the patients life.
Patients share responsibility for their
health with primary care providers,
who ensure the right care is delivered
at the right time and in the most
appropriate setting. The nonprofit
National Committee for Quality
Assurance (NCQA) offers physician
practices the chance to attain formalrecognition as a PCMH. NCQA created
nine certification standards that
encompass 30 elements and 189 data
points, including care management,
patient self-management support,
electronic prescribing, performance
reporting and improvement, and
advanced electronic communications.
Practices can receive one of three levels
of recognition as a PCMH, depending
on mastery of the standards.
The success of integrated care delivery
models depends on providers being
rewarded appropriately for the time
and effort spent in managing the
coordination and the ongoing relationship
with the patient. A results-based, rather
than transaction-based, payment system
links remuneration to outcomes, thereby
encouraging care coordination, effi-
ciency, quality improvement and a
larger role for the patient in thehealth process.
Patient-centric health care that is
flexible and responsive to the indi-
vidual needs of patients and enables
patients to manage their health
more effectively
Connected health enables a more
personalized approach to health care
that puts the individuals needs at the
center of the care process. By building
a comprehensive picture of each
patientpersonal and family medical
history, surgeries, hospitalizations, lab
test results, vaccinations, medications,
allergies and adverse drug reactions, as
well as lifestyle observationsand using
evidence-based diagnostics, providers
can ensure that individual patients
receive the right care at the right time.
The increasing liquidity of information
is also transforming the individuals
role in managing his or her own health
more effectively. For example, patients
are able to record and maintain their
own health care information through
patient health records, which they
can share with health providers as
appropriate. Through patient portals,
patients can request appointments,review test results, access their medical
records and send messages to their
physicians. Patients are also empowered
to manage their conditions through
the use of online health risk assessment
tools and remote patient monitoring
devices that bring health care into the
home setting. These technologies
enable early detection of problems that
might otherwise require treatment in
more expensive care settings, such as
hospitals.
Increasingly, consumers are also
demanding information on the cost and
quality of health care services provided
by hospitals and other health care
facilities. With that information, they
are able to make informed choices about
treatment options and appropriate care
providers. Consumer-friendly websites
are emerging to give consumers a range
of health care information, includingphysician finders, payment estimators,
cost comparisons and quality indicators
for health providers, such as length of
stay, mortality rates, readmission rates,
complication or infection rates and so on.
Finally, new Web 2.0 toolssuch as
social networking sites, blogs and online
community forumsprovide the means
for consumers to gain more information
about their condition, choice of treatment
options and so on.
9
-
8/2/2019 Accenture Hie
10/36
In December 2009, the Accenture Institute for Health &
Public Service Value conducted a survey of 1,019 US
citizens to explore their perceptions of health and health
care.3 The survey was part of a global study involving
people in 16 geographies. The findings show strong
support among US respondents for connected health,
which will provide a real impetus for change.
The survey revealed that US citizens are very concerned
about costs and efficiency in the health care system.
More than half of those surveyed (54 percent) believe
that one of the three biggest challenges facing the health
care system is that medical costs are too expensive, and
almost four in 10 (38 percent) cite too much inefficiency
or bureaucracy in the system.
People recognize that steps should be taken to cut the
cost of health care. Many are willing to accept alternative
models of care. For instance, more than four in 10 people
surveyed support the idea of seeing health professionals
other than doctors for routine care. Around 30 percent
support more online and telephone consultations with
doctors, rather than having to see them face to face.
People also believe that preventive care and personal
responsibility for health is important to relieve pressure
on the health system. Fifty-nine percent of people believe
that to improve health care in the United States, it is
essential or very important for government to put
more emphasis on preventive care. Meanwhile, 63 percent
believe it is essential or very important for government
to encourage and educate people to take more personal
responsibility for improving their own health and that
of their families.
People want to play a greater role in managing their
own health but feel they need easier access to health-
related information to do so. Eighty-six percent ofpeople agree their health depends largely on how well
they take care of themselves. However, while two-thirds
of people believe it is essential or very important for
government to ensure that they are provided with reliable
and trustworthy information and advice about health
and health services, only one in five think government
is doing this well.
People rely heavily on health professionals as key sources
of information. Two-thirds of respondents rely on doctors
and other health care professionals for information and
advice on managing their health, putting an enormous
strain on primary care physicians time.
People want more control over their treatment options and
easily accessible information on providers performance
so they are better able to make appropriate choices. Only
half of respondents say they feel well informed about the
performance of health providers. More than eight in 10
people would like to know more about how different health
service providers are performing so they can make decisions
about where to go for treatment. Further, 63 percent want
to be able to make the decis ion themselves on where togo for treatment. Only 18 percent say they have no need
for information as they leave it solely to their doctors to
make decisions.
People strongly support the adoption of electronic medical
records. Almost 70 percent of survey respondents think it
is very or fairly important for health providers to
adopt EMRs.
Connected health and peoples perspectives on the UShealth system
3The fieldwork was conducted between December 10 and December
21, 2009, a period of great debate and media attention on US health
care legislation. Interviews were conducted online, with quota controls
placed on sample. Data were weighted to be representati ve of the
general population of US residents aged 18 and over.
10
-
8/2/2019 Accenture Hie
11/36
Widespread adoption and utilization
of connected health solutions over
the next five to 10 years will drive
development of a national connected
health architecture (see Figure 2).
While there will be a number of critical
junctures in the construction of this
architecture, Accenture believes the
most important will be:
Stage 1: Realizing ubiquitous health
information exchange Stage 2: Constructing a national
health network of networks Stage 3: Enabling evidence-based
health care Stage 4: Implementing connected
health strategies
The connected health journey
11
-
8/2/2019 Accenture Hie
12/36
1212
The Connected Health Architecture illustrates how different
connected health solutions and strategies will enable the
delivery of more integrated health care services and will
support the transition to a connected health system. Each
layer of the Connected Health Architecture has a number
of components that represent the most important solutions,
functions and processes in enabling connected health.
1. Connected health infrastructure: A distributed, nonhi-
erarchical, nonproprietary national networkconstituted by
local, state and regional health information networksthat
enables organizations to share clinical and administrative
information.
Network development and managementa centralizedfunction responsible for developing and managing
an Internet-based network constituted by local, state
and regional health networks.
Syntactic interoperabilitycentralized services, common
policies and enforceable standards that ensure syntactic
interoperability between distributed subsystems.
Securitysecurity standards, certification cr iteria,
common data handling policies and standardized IT
security audit and system hardening processes that
proactively manage network security risks and rapidly
address vulnerabilities.
2. Effective health information exchange: Solutions such
as interoperable EMRs, EHRs, PHRs and HIEs that enable
health data liquidity across distributed subsystems by
supporting the secure, efficient exchange of high-quality
health information.
Development and governanceorganizations that
design, implement and manage health information
exchange solutions and develop and/or implementstandards, policies, processes, services and certification
criteria across health information exchange networks
to ensure data security and quality.
Security, privacy and confidentialityaccess control
and data security solutions, consent models and
data handling policies that minimize data breach
risk and prevent unauthorized access to or use of
information.
Semantic and process interoperabilitystandards,
processes, policies and solutions that enable semantic
and process interoperability across subsystems and
organizations within HIE networks.
3. Analytics: Solutions, processes and functions that
analyze and visualize high-quality aggregated information
to improve decision making in the health care system.
Clinicalsolutions such as CDSSs that leverage
patient-identifiable information in longitudinal
medical records to enable evidence-based medicine.
Also, solutions that enable de-identified clinical
information to be used in clinical trials.
Payersolutions that leverage clinical and administrative
data to enable payers to develop more effective
care management, member incentive and wellness
strategies; improve the efficiency of claims processing
and auditing; and manage provider performancemore effectively.
Public healthsolutions that use aggregated clinical
and administrative data to support disease management,
biosurveillance and care quality monitoring.
4. Connected health transformation: Evidence-based
collaborative care delivery models and integrated health
care strategies that target improved health and clinical
outcomes, greater patient empowerment and more
effective preventive lifestyle interventions.
New models of collaborative, patient-centric care
organizations, solutions and processes that support
seamless patient transitions across care settings and
enable more personalized, flexible care responsive to
patient need.
Care management transformationintegrated care
management strategies in which payers, providers
and regulators collaborate to reduce the duration,
frequency and cost of interventions.
Patient empowermenttools (such as Health 2.0 websites
and mobile health solutions), policies and approaches
that educate and engage patients as well as empower
them to manage their health and health care more
effectively.
Comparative effectivenessresearch programs, solutions
and governance arrangements that support evidence-
based decision making across the health system.
The Connected Health Architecture
-
8/2/2019 Accenture Hie
13/36
Figure 2. The Connected Health Architecture
Provides actionable insight and intelligence
New approaches to care delivery that target more efficient, effective and accessible health care for all
Technologies and organizations that maximize the value of shared information
Organizations and systems that enable the secure, efficient and effective exchange of high-quality information
A distributed, nonhierarchical, nonproprietary network of networks
Provides comprehensive, high-quality administrative, clinical and wellness data for patients and populations
Enables information sharing between standalone enterprise or regional health information systems
Connected health transformation
Component 4
Comparative
effectiveness
Component 1
New models of
collaborative care
Component 2
Care management
transformation
Component 3
Patient empowerment
Analytics
Component 3
Public health and
quality reporting
Component 1
Clinical (provider
and research)
Component 2
Payer
Effective health information exchange
Component 3
Semantic and process
interoperability
Component 1
Development and
governance
Component 2
Security, privacy and
confidentiality
Connected health infrastructure
Component 3
Security
Component 1
Network development
and management
Component 2
Syntactic interoperability
13
-
8/2/2019 Accenture Hie
14/36
Stage 1:
Realizing ubiquitous health
information exchange
This stage includes the
near-universal adoption ofinteroperable EMRs and local,
state and/or regional health
information networks that enable
the semantic exchange of high-
quality patient-identifiable
clinical and administrative data
in longitudinal medical records.
These networks enable patient
data to follow patients across the
continuum of care; support the
use of clinical, public health and
business analytics; and improve
the efficiency of administrative
and clinical processes.
The first step in the connected health
journey involves collecting the right
data in a secure, efficient way that
guarantees patient privacy and sharing
that information across the health system.
Achieving data liquidity within local,
state and regional health information
networks is an important goal for the
Office of the National Coordinator for
Health Information Technology (ONC)
and health care organizations. While
several of the Centers for Medicare &
Medicaid Services (CMS) stage 1
meaningful use objectives imply the use
of HIE, the stage 2 and 3 objectives will
put considerably greater emphasis on
the role of HIE. Moreover, to increase
health information exchange in the
long term, the federal government is
investing heavily in state HIE, Regional
Extension Centers and Beacon Commu-
nities through the HITECH Act.
Through the CMS meaningful use criteria,HITECH funding and the ONC, the
federal government is seeking to
improve data liquidity by supporting
and incentivizing health care organiza-
tions to focus on the secure, efficient
exchange of high-quality health
information. As a result, progress on
health information exchange has
accelerated rapidly. According to the
eHealth Initiative, 73 HIE initiatives
reported being operational (defined as
transmitting data that is being used by
health care stakeholders) in 2010, an
increase of nearly 30 percent over 2009.4
This trend is set to continue as compli-
ance with meaningful use criteria drives
EMR adoption among physicians over
the next two years. A recent Accenture
survey of physicians in the United States
suggests that 60 percent of current
nonusers will implement an EMR in the
next two years. Rising EMR adoption
rates will increase demand for healthinformation exchange as physicians seek
to maximize the return on their EMR
investments.
Even so, some critical issues must be
addressed before ubiquitous health
information exchange can be realized:
Sustainability. To ensure long-term
viability, an HIE must develop sustainable
business models that enable them to
operate without government funding.
Semantic interoperability. To maximize
clinical and administrative value, an
HIE should enable a level of semantic
information sharing between distributed
subsystems.
Data quality and integrity. To minimize
the impact of poor data quality on
patient safety, physician adoption, care
quality and process efficiency, an HIEshould implement solutions, standards
and policies that effectively prevent,
identify and remedy data quality and
integrity issues.
Data privacy, confidentiality and
security. To ensure compliance and
minimize security risks, HIE and network
constituents should develop robust
data privacy and security solutions,
frameworks, policies and processes.
Provider adoption and utilization. To
ensure ubiquitous health information
exchange, providers must adopt interop-
erable EMRs and/or EHRs. Just as
important, an HIE should engage them
early on to ensure compliance with
relevant standards, processes and policies
for the exchange of health information.
4eHealth Initiative, The State of Health
Information Exchange in 2010: Connecting
the Nation to Achieve Meaningful Use. A
Report Based on the Results of the eHealth
Initiatives 2010 Seventh Annual Survey of
Health Information Exchange.
14
-
8/2/2019 Accenture Hie
15/36
15
This stage includes the
construction of an Internet-
based national health network
of networks that connects public
and private health information
networks at the local, state and
regional levels. The goal: to
enable health information
networks to share patient-
identifiable and de-identified
health information to supportthe delivery of care, improve
process efficiency and facilitate
evidence-based decision making.
The ONC, through the embryonic
National Health Information Network
(NHIN), is likely to play an integral
role in the development of a distributed,
nonhierarchical, nonproprietary
national network of networks. It is
imperative that constituent networks
provider and payer HIE, EHR and
PHRhave system architectures that
are or can be aligned to the core
services and standards of the NHIN.
This alignment will reduce the time
and resources required to construct
a broad national health network that
will enable health care organizations
across the country to share information.
This stage includes the widespread
adoption of analytics and
predictive modeling solutions
that analyze and visualize health
information to produce actionable
insight and intelligence. The
goal: to enable providers, payers,
regulators and public health
organizations to strengthen their
decision-making capabilities.
The majority of health care organizations
are currently focused on health
information exchange and ensuring
compliance with meaningful use criteria
to avoid financial penalties. While some
high-performance organizations use
analytics, most do not and are not
explicitly considering how system
design will impact future analytics pro-
grams. Analytics platforms should have
access to semantically normalized,
aggregated health information, which
requires HIE networks to develop
semantically interoperable enterprise
architectures. Therefore, to maximize
long-term value, an HIE should focus on
developing semantically interoperable
enterprise architectures to support
future analytics solutions.
This stage includes the
implementation of collaborative
care delivery models and
integrated approaches to health
care. The goal: seamless,
personalized care across care
settings; more effective
preventive lifestyle interventions;
collaborative care management to
improve the efficiency and
effectiveness of care; and patientengagement, education and
empowerment to enable
individuals to take greater
responsibility for managing their
own health and health care.
Health care reform is likely to drive the
implementation of connected health
strategies across the health system.
Provider payment reform and pilots of
new provider modelssuch as commu-
nity-based collaborative care networks,
Accountable Care Organizations (ACOs)
and Patient Centered Medical Homes
(PCMHs)are likely to increase the
adoption of collaborative, patient-cen-
tric care delivery models. The evolution
will vary based on local markets, but
these new collaborative models are
already in operation in a number of
states. Health care reform will alsoencourage organizations to focus on
prevention rather than treatment.
Simultaneously, health care inflation
and increasing demand will put unsus-
tainable pressures on payers, health
plans and providers, forcing them to
develop innovative collaborative care
management strategies to reduce the
need for medical care and lower the
cost of care delivery.
Stage 2:
Constructing a national
health network of networks
Stage 3:
Enabling evidence-based
health care
Stage 4:
Implementing connected
health strategies
-
8/2/2019 Accenture Hie
16/36
16
2. The first step:Health information exchangesustainability, an HIE should enable
stakeholders to maximize these benefits
while reducing the cost of achieving them.
Health information exchange will better
enable providers to:
- Improve care quality by reducing
prescribing errors, strengthening
clinical decisions and diagnosis,
improving patient compliance and
enabling a holistic view of patients
medical records.
- Improve the efficiency of clinical and
administrative processes by limiting
the number of interfaces with other
providers and payers and reducing
the time staff spend following up on
test results, handling lab and radiology
reports, making and responding
to information requests, managing
prescriptions and undertaking clerical
tasks.
The United States is at the beginning of
the connected health journey. Connected
health maturity varies across the health
system: Some payers are nearing stage
4 in using analytics to develop next-
generation care management models,
while many parts of the country are
still in the early stages of adopting EMR
and implementing health information
networks. In general, however, organi-
zations are focused on health information
exchangethat is, the construction of
local, state and regional public andprivate health information networks that
enable secure, efficient and effective
health information exchange. Public and
private HIEs are important leaders in this
field and their long-term success will
determine progress toward connected
health.
The potential administrative and clinical
benefits of health information exchange
to a variety of stakeholders are well
documented. To help ensure long-term
- Reduce costs by improving
reimbursement management
leading to reduced denial rates and
bad debt write-offs and improved
eligibility verification and clean
submission ratesand reducing
unnecessary testing.
Health information exchange will
help payers realize significant cost
savings by improving the efficiency of
administrative processes and reducing
readmissions, testing and acute careepisodes.
Health information exchange will
better enable public health organizations
to improve long-term health outcomes
by strengthening care quality and clinical
performance reporting, improving
disease management strategies and
biosurveillance, and enabling more
effective targeted public health
campaigns.
-
8/2/2019 Accenture Hie
17/36
17
Progress on health information exchange
is accelerating rapidly as a result of
American Recovery and Reinvestment
Act funding, and the importance and
benefits of health information exchange
are becoming widely recognized. However,
organizations should be very cautious
when establishing an HIE and implement-
ing HIE solutions. In the past, complex
technical, organizational, regulatory
and cultural challenges have increased
implementation risks, led to relatively
high solution failure rates and limitedthe administrative and clinical value of
HIE solutions once operational.
The challenges range from developing
sustainable HIE business models and
defining the value for stakeholders to
protecting patient privacy and supporting
compliance with federal and state
regulations.
Since 2004, the eHealth Initiative
(eHI), based in Washington, D.C., has
tracked the efforts, successes and
failures of organizations across the
country working on health information
exchange. Sustainability has regularly
been cited as the top challenge for HIE
initiatives. However, in the most recent
2010 survey,6 initiatives identified
addressing government policy and
mandates as an emerging challenge in
light of the impending meaningful use
regulations. According to the survey, themost significant challenges affecting
HIE initiatives today are:
Developing a sustainable business
model. Addressing government policy and
mandates.
Defining the value that accrues to the
users of the HIE. Addressing privacy and confidentiality
issues (HIPAA and others). Addressing technical aspects including
architecture, applications and connectivity. Addressing organization and governance
issues.
To help ensure that these challenges do
not slow or even halt the progress of HIE
implementations, organizations should
give sufficient attention to addressing thecritical issue of information governance.
6 eHealth Initiative, The State of Health
Information Exchange in 2010: Connecting
the Nation to Achieve Meaningful Use. A
Report Based on the Results of the eHealth
Initiatives 2010 Seventh Annual Survey of
Health Information Exchange."
While there are few studies into the impact of regional
health information exchange on clinical outcomes, there is
evidence to suggest that Clinical Information Systems (CISs)
in hospitals improve clinical outcomes. A multiple-hospital
study5 published in 2009 found that advanced clinical
information technologies, such as electronic medical
records, CPOE systems and Clinical Decision Support
Systems, improve inpatient outcomes in a number of ways:
For all medical conditions studied, an increase in the
automation of notes and records was associated with a
15 percent decrease in the risk-adjusted odds of fatal
hospitalizations.
Improved order entry capabilities decreased the risk-adjusted odds of death for myocardial infarction by
9 percent.
Improved order entry capabilities decreased the risk-
adjusted odds of death for coronary artery bypass graft
procedures by 55 percent.
Improved physician decision support decreased the
risk-adjusted odds of complications for all causes of
hospitalization by 16 percent.
Connecting CIS through HIE will increase the clinical
value of CIS by enabling physicians to access patients
entire medical records and by supporting more robust
evidence-based clinical decision making.
Clinical information systems:Improving clinical outcomes
5 Clinical Information Technologies and Inpatient Outcomes: A Mul-
tiple Hospital Study," Journal: Archives of Internal Medicine, January26, 2009, 169(2):10814.
-
8/2/2019 Accenture Hie
18/36
18
A recent Accenture survey found that 42 percent of
Americans are concerned about providers sharing their
health information with other providers, and 64 percent are
concerned about their health information being shared with
government agencies. Of those who are concerned about
health information exchange, two-thirds are concerned
because they cannot be sure that only authorized people
will see their information.7
7 http://www.accenture.com/Global/Research_and_Insights/Institute_For_Public_
Service_Value/Research/2010-Citizen-Experience-Study/default.htm.
8 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/
postedbreaches.html.
9 "Health information exchange and patient safety," Journal of Biomedical
Informaticsarchive, Volume 40, Issue 6 (December 2007), pages: S40-S45,
year of publication: 2007, ISSN:1532-0464.
More than 100 health data breaches affecting more than
500 people were reported to the Department of Healthand Human Services between September 2009 and July
2010. In a handful of cases, more than a million people
were affected by the breach.8
It has been estimated that between 44,000 and 98,000
Americans die each year as a result of medical errors. Up
to 18 percent of all patient safety errors and 70 percent
of adverse drug events could be eliminated if physicians
had timely access to accurate information.9
An HIE should develop adequate
information governance capabilities
up front. Failure to do so will likely:
Increase data breaches and reputational
risk. To maintain public and stakeholder
confidence, HIEs should prevent high-
profile data breaches and ensure
compliance with state, HIPAA, HITECH,
consumer privacy and other data
security and consent requirements.
Limit adoption and undermine long-
term sustainability. To attract constituent
organizations and ensure their long-term
commitment, HIEs should enable the
exchange of high-quality data and
support a level of interoperability
among constituents that delivers realclinical, administrative and/or efficiency
benefits to them.
Increase the cost of health information
exchange. To reduce the cost of health
information exchange to constituents
and develop a sustainable business
model, HIEs should limit the cost of
achieving interoperability, maintaining
data quality and ensuring data security,
privacy and confidentiality.
Limit the clinical and administrative
value of health information exchange.
To ensure constituents are able to
realize the clinical, administrative and
efficiency benefits of health information
exchange, constituents should be able
to use data exchanged through an
HIE for its intended purpose. That
requires the HIE to ensure high data
quality and enable an adequate level of
interoperability between subsystems.
Reduce system flexibility and
performance. To ensure that HIE networks
can be extended and altered over time,
an HIE should implement a consolidated,
stable enterprise architecture and
provide centralized services and
governance processes that ensure
compliance with HIE standards.
In the next section, we describe how
health organizations can take steps to
overcome many of the critical challenges
by developing robust information
governance capabilities.
-
8/2/2019 Accenture Hie
19/36
19
Security
Preventing and managing data breaches and unauthorized
access to clinical data; ensuring compliance with relevant
regulations and legislation (such as HIPAA privacy and
security rules, HITECH Act breach notification rules and
state privacy regulations); guaranteeing the availability
of security services; and maintaining network integrity
are imperative if HIEs are to overcome privacy concerns
and ensure their long-term survival.
Interoperability
Achieving semantic interoperability without open or
common standards across HIE networks in which
subsystems use non-interoperable standards is a major
challenge. However, to maximize clinical and adminis-trative value, HIEs must enable a level of semantic
interoperability where there is a use case to support
it. To achieve partial interoperability, organizations will
focus on developing state or HIE standards, standards-
driven architectures, translation or terminology services
and certification services.
Consent
Developing and implementing effective consent models
to meet the expectations of patients, administrators and
physicians is difficult. Patients, patient advocates and
regulators reasonably expect consent models to focus on
protecting data privacy and confidentiality by restricting
the use and dissemination of information. Such restrictions
can limit the clinical value of health information exchange;
clinicians may be unable to access medical information
relevant to diagnosis or treatment. Finding and articulating
the consent basis for data sharing is critically important
to HIE success.
Data integrity
Maintaining the meaning, structure and other characteristics
of clinical and administrative data when it is stored,modified, processed and communicated between systems
is a major challenge, particularly in highly distributed
environments. Poor data integrity limits the clinical and
administrative value of health information exchange.
Access control
Controlling access to clinical data and enabling patients
to determine who can access data are important technical
and compliance challenges that require robust access
control solutions and permissioning regimes.
Data handling
Compliance with HIPAA, HITECH and other regulatory
and legislative requirements involves the implementation
of stringent data handling policies across HIE networks.
Compliance may require organizations to invest in manda-
tory data handling training, establish enterprise-wide
data risk and monitoring functions, and develop and
enforce certified data handling policies.
Data quality
Ensuring that data exchanged through an HIE network is
accurate, meaningful and internally consistent is extremely
important. Poor-quality data affects patient safety, limits
the clinical and administrative value of health information
exchange and undermines analytics-driven improvements
to processes and care quality. Ensuring data quality is a
major challenge in complex multisystem environments
particularly when subsystems use non-interoperable
standards and clinical terminologies.
Compliance
Compliance with privacy, confidentiality, data security, data
loss, data protection, data handling and audit regulations
is an important issue for all health care organizations.
Organizations should manage information risks effectively
in accordance with legal and regulatory obligations.
Addressing compliance requires a coordinated approach
across organizations. Enabling IT organizations to collabo-
rate effectively with legal departments, clinicians and
administrators to design and implement systems and
processes that ensure compliance is a major challenge.
Critical information governance challenges
-
8/2/2019 Accenture Hie
20/36
3. Information governance:Enabling effective health information exchange
20
-
8/2/2019 Accenture Hie
21/36
21
Effective information governance
the processes, functions, standards
and technologies that enable high-
quality information to be created,
stored, communicated, valued and used
effectively and securely in support of
an organizations strategic goalsis the
key to addressing critical information
governance challenges that prevent
efficient, effective and secure health
information exchange.
The Accenture Information Governance
Framework for Health provides a holistic
model of information governance
helping organizations establishing
health information exchanges and
implementing HIE solutions to assess
and overcome key challenges by
designing more effective information
governance architectures. Developedby Accenture and drawing on what
we have learned through health IT
implementations around the world, the
framework disaggregates information
governance into five highly interrelated
disciplines:
Data privacy Data confidentiality Data security Data quality Data integrity
In the past, organizations have adopted
a siloed and tactical approach to
information governanceallowing
organizational and information silos
to address information governance
challenges as they arise. For example,
an organization might implement
stringent data handling policies after
a data breach, periodically launch
data cleansing programs to address
poor data quality, and invest in ad-hoc
terminology and translation services
to enable interoperability between
systems. While it is important for
organizations to address issues as they
arise, this fragmented and reactive
approach significantly increases the
cost of information governance and
reduces the effectiveness and flexibilityof such provisions.
Each discipline has multiple solution
componentsthat is, the most important
processes, functions and technologies
within an information governance
architecture that better enable
organizations to develop effective
information governance capabilities.
To help ensure effective information
governance, an HIE should develop a
consolidated, network-wide information
governance architecturethat is, a
layer of processes, functions, policies
and solutions that ensure the effective,
secure creation, storage, communication,
valuation and use of information.
Effective information governance
architectures integrate disparate
information, security, access control
and content management architectures
and include legal, clinical, administrative
and IT work streams.
Using the Accenture Information
Governance Framework for Health,
we are working with organizations to
develop specific tools tailored to their
needs. These toolkits consist of direct
controls, risk assessment frameworks
and other components to make infor-
mation governance a tangible part of
an organization. These toolkits helporganizations to focus on providing
patient care while supporting compli-
ance with patient, regulatory and
legislative requirements.
The Accenture Information Governance Frameworkfor Health
-
8/2/2019 Accenture Hie
22/36
22
Figure 3. The Accenture Information Governance Framework for Health
Data privacy Patient consent models and mechanisms
Patient-provider relationship-based access controls
Patient access controls
Effective data security and data handling policies
Data confidentiality Role-based access control models
Patient and provider record sealing
Identification and authentication
Anonymization and pseudonymization
Data security Message integrity and communications security
Event audit and alerting
IT security audit
Network integrity
Data quality Error correction
Data validation
System and interface certification
Standards-driven architecture
Data integrity Code integrity
System hardening
Interoperability governance
Standards-driven architecture and standards management
Information Governance Disciplines Information Governance Solution Components
-
8/2/2019 Accenture Hie
23/36
23
For regulators, watchdogs, legislative
bodies, patients, patient advocates
and the public, data privacythat is,
ensuring patients medical data can
be accessed only with their consent
is the most important issue associated
with health information exchange.
Failure to convince these stakeholders
that their data is private increases
implementation, compliance and
reputational risk. To ensure data privacy,
effective information governance
architectures should include four
components:
1. Patient consent models and mecha-nismshigh-level frameworks that
outline how and in what circumstances
organizations will seek patient consent
for their medical data to be stored,
disseminated, accessed and used. Patient
consent mechanisms are authorization
or permissioning regimes that are
part of access control models. These
mechanisms should allow patients to
specify which parts of their medical
records they do not wish particular
user groups to have full access to.
2. Patient-provider relationship-based
access controlssolutions that restrict
access to a specified patients medical
data based on an existing relationship
between the patient and the clinician
or care provider requesting access to
that patients data.
3. Patient access controlssolutions
that provide patients with secure accessto their medical data. Access control
solutions have three key elements:
registration, authentication and
authorization.
4. Effective data security and data
handling policiespolicies that minimize
information security risk and prevent
unauthorized access to information by
placing patient interest at the center
of information governance policy and
by encouraging desirable behaviors
among users.
RecommendationsImplementing effective data privacy
solutions is a major challenge. Designing
solutions that meet the expectations
of regulators, clinicians, administrators,
managers, patients, the public, politi-
cians and other stakeholders is themost common challenge. However,
organizations tend to concentrate on
the technical and clinical aspects of
data privacy while neglecting the
strategic, organizational and cultural
dimensions. To address these issues,
HIEs should:
Consult clinicians, patients and the
public when designing consent models
Designing consent models should be
a transparent, collaborative process
involving a broad range of stakeholders.
By adopting a collaborative approach,
organizations design more effective
consent models that are fit for purpose.
Further, by engaging stakeholders early
in the process, organizations reduce
resistance from patients, clinicians
and regulators. This reduces the risk of
subsequentand expensivesystem
changes to access controls and dataprivacy solutions.
Communicate the purpose of data
privacy measures to clinicians and
patients
Organizations should develop effective
communication strategies to ensure
that HIE network constituents, clinicians
and patients understand why and
how data privacy will be maintained.
Communication strategies should
demonstrate organizations commitment
to data privacy and the effectiveness of
data privacy solutions while convincing
clinicians and other stakeholders that
data privacy controls will not reduce
the clinical value of health informationexchange.
Educate patients so they understand
data privacy controls
For consent-based access controls to
be effective, patients must be able to
make informed judgments regarding
data use. At a minimum, patients
should understand how their medical
data will be used, how widely it will
be disseminated and what the benefits
and potential drawbacks are. Patients
should also understand the processes
through which they can restrict and
authorize access to data.
Data privacy
-
8/2/2019 Accenture Hie
24/36
24
Ensuring the confidentiality of data
by preventing unauthorized access to
and improper use of information is an
important part of information gover-
nance. The goal: to minimize information
security risks (such as data loss and
unauthorized or inappropriate use and
dissemination of information), thereby
mitigating compliance and reputational
risks and protecting data privacy.
Ensuring that data is confidential
requires a range of security solutions
that monitor, restrict and prevent
unauthorized access to information.
Moreover, solutions should be able to
obscure patients identity when datafrom their medical record is used for
purposes other than delivery of care.
To help ensure data confidentiality,
effective HIE information governance
architectures should include four
components:
1. Role-based access control models
access levels, permissioning and
authorization regimes, and access
controls that are based on complex
real-world job functions (roles) and
patient-provider relationships.
2. Patient and provider record sealing
solutions that enable patients and
providers to restrict or prevent access
to information compartments in med-
ical records.
3. Identification and authentication
solutions that enable the robust
authentication of health care profes-sionals to health care systems, as well
as the linking of real-world identity
to system identity, to ensure that only
authorized users can access patient data.
4. Anonymization and pseudonymization
solutions that obscure patients' identities
by modifying patient-identifiable clinical
data while maintaining data quality.
Thus, the data can be used for secondary
purposes without compromising
confidentiality.
RecommendationsThere are a range of technical challenges
associated with implementing effective
data confidentiality solutions across
complex architectures in distributed
environments. However, vendors,
systems integrators and health care
organizations are developing effectivesolutions to address these issues.
Increasingly, the most important
challenges organizations face when
implementing data confidentiality
solutions are related to organizational
and process issues. To help ensure data
confidentiality, we believe HIEs should:
Implement processes that enable IT,
legal, clinical and administrative
functions from a range of stakeholders
to work together effectively in
developing data handling policies
and role-based access control models
Effective data handling policies and
access controls should conform and be
adapted to meet regulatory and legal
requirements and reduce information
security risks while minimizing disruption
to clinical and administrative processes.
If data handling policies and access
controls have a significant impact onclinical and administrative processes,
users are unlikely to adopt desirable
behaviors, care quality may suffer and
processes are likely to become less
efficient. Moreover, if IT and legal
teams design and implement access
controls in an organizational vacuum,
those controls are likely to be less
effective and cost more than those
developed through a collaborative
approach. To avoid these problems,
HIEs should enable IT, legal, clinical
and administrative functions from a
range of stakeholder organizations to
collaborate in designing access controls
and data handling policies.
Develop processes and solutions to
manage and report data breaches
effectively
The financial, organizational, reputa-
tional and regulatory consequencesof data loss and misuseincluding
litigation, fines imposed by regulators,
a collapse in patient confidence, and
data corruptioncan be very serious
for an HIE. To minimize the impact of
data confidentiality failures and ensure
compliance, organizations should
implement effective processes to
manage and report data breaches.
HIEs should go beyond simply reporting
data breaches; it should also develop an
integrated mechanism to proactively
manage such breaches. These solutions
detect and analyze breaches as quickly
as possible to mitigate their impact on
patient confidentiality while identifying
vulnerabilities that can be addressed
immediately.
Data confidentiality
-
8/2/2019 Accenture Hie
25/36
25
Data privacy, confidentiality, quality
and integrity depend on the ability of
solutions to maintain data security.
Moreover, the security of clinical data
is a growing compliance challenge for
organizations. The HITECH Act has
introduced more stringent guidelines,
and the ONC is likely to implement more
robust data security certification
processes. Ensuring the security of data
requires HIE and network constituents
to develop security architectures that
proactively manage security risks,
effectively identify and prioritize threats,
and promptly address vulnerabilities. To
help ensure data security, HIE informationgovernance architectures should have
four components:
1. Message integrity and communications
securitysolutions that maintain the
integrity of data transferred between
systems in messages and prevent
unauthorized access to and/or
modification of messages.
2. Event audit and alertingfunctionality
that enables systems to monitor, log
and report security-relevant events.
3. IT security auditmanual and auto-
matic processes that test and evaluate
the effectiveness of solutions information
security measures.
4. Network integritysolutions that
enable networks to maintain expected
functionality, performance and service
availability despite unexpected events,such as security threats and spikes in
demand.
RecommendationsAn HIEs security architecture plays a
vital role in maintaining data privacy,
confidentiality, quality and integrity by
identifying and addressing security risks
and vulnerabilities. However, data
security is not just a technical issue;
users behavior, organizations corporate
strategy and changing market conditions
are often major factors in creating or
exacerbating information security
risks. We believe that HIEs should, at
minimum, take the following actions to
help ensure data security:
Launch a proactive and comprehensivedata security assessment
To ensure that data is secure, HIE
and network constituents must have
an accurate and comprehensive
understanding of current and potential
security risks and vulnerabilities. A data
security assessment should deliver a
detailed inventory of data assets and
should document current data manage-
ment practices, regulatory requirements
and key vulnerabilities, along with
the probability and possible impact
of threats. The aim of a data security
assessment is to develop a risk-based
view of data assets, a strategic
awareness of vulnerabilities and threats,
a clear understanding of the severity
of impacts and a foundation for
investment in data security.
Ensure adequate audit capabilities
To reduce compliance and reputational
risk, HIEs should automatically monitor
and record all permission changes, data
errors, access requests, data transfers,
alterations to medical records and data
breaches. With this monitoring and
recording, HIEs can efficiently and
effectively develop detailed audit trails
as needed. Failure to implement
adequate automated capabilities will
increase the cost of complying with
auditing requirements in future
certification criteria. Inadequate
auditing can also significantly impairan organizations ability to maintain
data quality and integrity as access
controls and security measures are
less effective.
Develop a comprehensive change
program to drive user compliance
with data handling and IT security
policies
To minimize security risks, users should
follow data security and data handling
policies. However, driving changes
in clinicians behavior and making
training stick can be major challenges.
Compounding the challenge: Normal
change management strategieseven
those based on best practices for
organizations outside health careare
often ineffective. To address these
issues, HIEs should encourage network
constituents to develop long-term
change programs that target changes inorganizational culture and user attitudes
toward security and confidentiality.
Organizations should engage senior
clinicians early on to act as change
championsencouraging the clinical
workforce to follow data security
policies.
Data security
-
8/2/2019 Accenture Hie
26/36
26
High-quality data is meaningful, accurate
and internally consistent; it can be
used for its intended purpose. Poor-
quality clinical data affects patient
safety, quality of care and user adoption.
It also increases compliance and imple-
mentation risks. However, ensuring data
quality is a major challengeparticularly
in complex, multisystem environments
in which subsystems do not share
common technical, data, communication
or terminology standards. The key to
ensuring data quality in these environ-
ments is to develop solutions with
intelligent data handling functionality
and to implement standardized interfacesand data models that enable subsystems
to share information more effectively.
With that in mind, effective HIE informa-
tion governance architectures should
include four components:
1. Error correctionmanual and auto-
matic processes that detect and correct
errors in information efficiently and
effectively.
2. Data validationvalidation rules that
verify that data conforms to a set of
specifications regarding format, quality,
integrity, accuracy and structure.
3. System and interface certification
roles, processes and solutions that verify
that systems and interfaces conform to
specifications defined by regulators and
Standards Development Organizations
(SDOs).
4. Standards-driven architecture
system architectures that leverage
open standards for the recording and
coding of data, thereby promoting a
high level of data quality through
similar data processing across multiple
component systems.
RecommendationsData quality can be affected by a
range of factors, including data entry
standards and practices and information
security. However, in most cases, the
most important factor affecting data
quality is the ability of subsystems
to share meaningful and accurate
information. Enabling semantic data
sharing between subsystems that
use different terminology and data
standards is a major challenge. In the
long term, HIEs will act as standards
development and/or profile enforcement
organizations within health information
exchange networks. However, to achievea level of interoperability and improve
data quality in the short term, we
recommend that HIEs:
Consider a service-oriented
architecture
Achieving interoperability by enforcing
common standards and implementing
complex interfaces can be prohibitively
disruptive and expensive in the short
term. A more efficient approach:
gradually implementing open standards
over time as legacy systems are retired
or integrated, infrastructure is updated
and new applications are developed.
However, to meet the short-term
need for interoperability, HIEs should
consider developing a service-oriented
architecture (SOA). In the long term,
full semantic interoperability will be
achieved by implementing common
HIE standards. In the short term, alevel of interoperability can be
achieved through an SOA.
Involve clinicians in designing and
configuring applications data
handling functionality
Applications data validation and error
detection rules should reflect real-
world logic in terms of understanding
relationships between concepts such as
treatments and diagnoses; identifying
illogical and inaccurate information
using fine-grained parameters; and
detecting incomplete data or informa-
tion that lacks meaning through rules
based on clinical and business logic. To
achieve this level of intelligent data
handling, clinical subject matterexperts should be involved in the design
and configuration of applications.
Even off-the-shelf products should
be carefully configured to reflect local
clinical practices and processes.
Data quality
-
8/2/2019 Accenture Hie
27/36
27
Data integrity refers to the validity,
accuracy and reliability of data after it
has been stored, transferred, retrieved
or processed. Failure to ensure the
integrity of clinical data has an adverse
affect on data quality, system flexibility
and performance. To maintain data
integrity, the infrastructure underlying
solutions must maintain data quality
and characteristics (format, meaning,
rules, relationships and latency, for
example) during such operations as
storage, retrieval, communication and
transfer. Data integrity can be affected
by a range of factors. Among them:
unauthorized modification of data,poor-quality source code and non-
interoperable subsystems. To address
these issues, effective HIE information
governance architectures should
include four components:
1. Code integrityprocesses that test
source code to eliminate bugs that may
result in data loss or data corruption
during data storage or transfer.
2. System hardeningperiodic or ongoing
processes that reduce security risks by
evaluating the effectiveness of security
architectures, identifying security risks
and undertaking security improvements.
3. Interoperability governancea
function that works across organizational
and information silos to develop and
enforce common standards, protocols
and processes to enable syntactic,
semantic and/or process interoperability.
4. Standards-driven architecture and
standards managementa standards-
driven system architecture that conforms
to open or common messaging, infra-
structure, communication, application,
data and clinical terminology standards.
Standards management includes the
roles, processes and solutions that
develop, manage and enforce common
technical, communication, messaging
and data standards that enable
subsystems to share information
more effectively.
RecommendationsMaintaining and improving data integrity
without affecting system flexibility,
reliability and performance are complex
challenges. However, given the potential
impact of low data integrity on care
quality, compliance, adoption and
efficiency, these are challenges every
HIE should strive to meet. To improve
data integrity, organizations can use a
number of strategies, solutions and
standards as part of a comprehensive
data management strategy. From
Accentures research and experience,
we recommend the following actions:
Aim to achieve a level of interoper-
ability that will deliver tangible
clinical and administrative benefits
by developing specific use cases
Too often, health care organizations
invest in interoperability without a set
of specific use cases that demonstrate
how interoperability will add value by
improving clinical decision making, care
quality and process efficiency. In such
cases, HIEs may target an inadequate or
unnecessary level of interoperability that
either limits the clinical and administra-
tive value of interoperability or needlessly
increases the cost of achieving it. Often,
the most efficient solution is for HIEs to
target different levels of interoperability
across systems, clinical workflows and
functions depending on specific use
cases. This approach enables HIEs to
concentrate resources on achieving high
levels of interoperability where it willdeliver the most significant clinical or
administrative benefits.
Implement effective data integrity
checkpoints and edit checks
To maintain data integrity and quality,
HIEs should develop a library of standard
data elements and use data integrity
checkpoints and edit checks to ensure
data conforms to data standards. Check-
points verify that datas characteristics
meet data integrity specifications after
it has been created, stored, processed
or used. Edit checks enforce data rules
and standards and are an important
part of data cleansing; they detect
and correct, delete or highlight errors,
inconsistencies and missing data.
Target process interoperability through
comprehensive clinical transformation
and process optimization strategies
Organizations often fail to maximize
the clinical and administrative value of
syntactic or semantic interoperability
because clinical and administrative
processes and workflows arent
interoperable. In other words, data
created, used or modified by discrete
processes cannot be used effectively
by other processes. Achievi