Health information exchange organizations (HIOs) routinely put data security at risk through five risky practices, two health IT experts contend in an article published by the Journal of the American Health Information Management Association (AHIMA).
"Despite their potential, system issues, stakeholder demands, and resource limitations have forced many HIOs to resort to subpar data integrity practices that, while appearing harmless on the surface, could compromise the long-term success of the HIO--and potentially patient safety," write Grant Landsbach, data integrity/MPI manager for Denver-based Sisters of Charity of Leavenworth and Exempla Health System, and Beth Haenke Just, founder and CEO of Just Associates, a healthcare data integration consulting firm.
The five risky practices are:
- Relying on weak algorithms that misidentify duplicate records, a problem that grows along with the size of HIO databases and puts patients at risk by potentially merging the health records of different patients with the same name.
- Failing to include health information management (HIM) staff along with IT staff in implementing record-matching algorithms, leading to a reliance on insufficient demographic information--such as first and last name, date of birth and gender--when attempting to match patients to their records.
- Failure to manage ongoing data integrity by ensuring duplicate records are not only removed, but aren't created in the first place.
- Lacking standard interfaces and automated processes, increasing the chance of errors by relying on inefficient manual processes.
- Establishing weak governance processes, allowing "dirty data" to enter the system and compounding issues as the records move among providers.
The authors recommended implementing data integrity best practices and giving HIM a leading role in that implementation and in establishing data governance policies.
In October, Lee Stevens, policy director of the state health information exchange (HIE) program for the Office of the National Coordinator for Health IT (ONC), announced a collaborative initiative to identify common denominators and best practices that improve the accuracy of patient matching. The College of Healthcare Information Management Executives (CHIME), the Healthcare Information and Management Systems Society (HIMMS) and the Bipartisan Policy Center are working with federal agencies on the effort.
CHIME identified patient data matching as one of the primary areas of focus in 2014 for its public policy arm. "We've all known that this is a patient safety issue [that has] downstream impact," said Jeff Smith, CHIME's director of public policy, calling patient matching "a fundamental issue of health information exchange."
Flawed patient matching has cost providers an "awful lot of money," Bill Spooner, CIO of San Diego's Sharp HealthCare, said in a CHIME panel discussion in October. "I've been one of the minority skeptics who thinks that we need something better than what we have today," Spooner said.
Meanwhile, ONC and the National e-Health Collaborative (NeHC) have created a national information exchange governance forum to allow HIE governing entities to share best practices and assure the security of electronic exchange, among other goals. ONC released a voluntary framework for HIE governance in May.