The Utah Health Information Network (UHIN) got its start in 1993 as an electronic administrative exchange, sharing claims, remits, eligibility orders, and other HIPAA-compliant data exchanges, and now covers 90 percent of the medical providers in Utah. Its clinical HIE (cHIE) is in the early stages of bringing its community’s major stakeholders online, which include HCA/MountainStar, IASIS, Intermountain Healthcare, and University of Utah Health Sciences Center (based in Cottonwood Heights, Utah; Franklin, Tenn.; Salt Lake City, Utah; and Salt Lake City, Utah, respectively). UHIN’s cHIE was recently the first HIE to be certified by the Electronic Healthcare Network Accreditation Commission’s (EHNAC) Health Information Exchange Accreditation Program (HIEAP). HCI Associate Editor Jennifer Prestigiacomo caught up with UHIN’s President and CEO Jan Root, Ph.D., to talk about the accreditation process and why it was necessary.
To read more about UHIN’s cHIE development strategies, stay tuned for the October issue.
Healthcare Informatics: Why did you decide to become HIEAP certified?
Jan Root, Ph.D.: The reason why we did the HIE certification is that UHIN has already been accredited under EHNAC for our administrative exchange. And when you look at the entities that do administrative exchanges like Emdeon [based in Nashville, Tenn.] and other big clearinghouses, they’re all accredited under EHNAC. It’s just a really good way to demonstrate to your customers, to your board, and the world at large that you have been heavily scrutinized by an independent third party, and that you’re up to snuff.
HCI: Can you tell me a little about what the accreditation process entailed?
Root: We have had the experience of working with EHNAC since 2004. Like Joint Commission [the Oakbrook Terrace, Ill.-based Joint Commission on accreditation], it’s a tremendous amount of work to put together all the documentation and line up all the people. EHNAC sends a person out and they personally visit all your data centers, so it’s very thorough. We knew that EHNAC was going to start a HIE accreditation, so I volunteered us to be the guinea pig. We were the first to do this. Part of the process was pointing out to EHNAC, ‘you need to add stuff here.’ HIE is different than clearinghouse [accreditation]; with exchanging clinical data, the processes are quite different.
So the criteria we go through: the first is privacy and confidentiality. Basically, what you’re trying to prove to EHNAC is that you have appropriate administrative, technical, and physical safeguards to make sure integrity is good and confidentiality is good for PHI [protected health information]. You have to protect against anticipated threats. Whatever you see the risks are, you have to have a level of security that is commensurate to that risk. It’s always the tension, having really good security and being able to use something. So we went through everything we do, administrative, technical, and physical. The physical part is why they have to visit the data centers. They also come to our offices.
What’s nice too about EHNAC is they give you a very detailed report card on each of the areas that you go through. There were a couple of things on the HIE side that they wanted us to improve on. Now on the HIE side, we have access to PHI, so you have to an extensive amount of testing with every new physician that you bring up.
The second major area is technical performance. You have to be able to transmit, process, and handle customer service inquiries. Things have to be timely and accurate. The system has to be available 99.9 percent of the time. You have to monitor your capacity; you have to look at your auditing. That’s a great big section. What you do to respond to most of this is you compile an enormous amount of documentation, all sorts of system and auditing logs, so that all gets evaluated.