Accenture Hie

8/2/2019 Accenture Hie

1/36


2/36

2

Table of contentsExecutive summary 3

1. Transforming the US health system: From fragmentation to a connected health ecosystem 5

Todays health systemand the promise of tomorrow 6

Key characteristics of connected health 8

The connected health journey 11

2. The first step: Health information exchange 16

3. Information governance: Enabling effective health information exchange 20

The Accenture Information Governance Framework for Health 21

4. Developing effective information governance: Next steps 34


3/36

3

Over the next decade, the US health

system must change dramatically to

address many challengessteadily rising

costs, an aging population, the increasing

incidence of chronic disease and peoples

growing expectations for care that is

more accessible, affordable, high quality

and personalized.

Although the health system has been slow

to adapt, this situation is set to change.

Health care reform and unprecedented

investment in health ITparticularlyconnected health solutions, such as

electronic medical records (EMRs) and

health information exchanges (HIEs)

are fundamentally reshaping the health

care system.

The current system is characterized by

passive consumers, highly fragmented,

episodic fee-for-service care delivered

in costly settings, and physician remu-

neration based on quantity of care

provided. Connected health solutions

will support the transformation to a

highly coordinated, connected health

system characterized by a focus on

long-term wellness, prevention and

chronic care management, informed and

engaged consumers and a payment

system that rewards quality and incents

providers to improve health outcomes.

In this report, Accenture outlines the

various stages of this transformation

journey from the current health system

to the new connected health ecosystem.

An essential first step is the secure,

efficient electronic capture and exchange

of high-quality patient health informationthrough electronic health records and

health information exchanges that

connect the various stakeholders. Health

IT solutions will improve the quality and

efficiency of care only if physicians and

hospitals implement and operate them

effectivelybetter enabling free and

easy exchange of information among

organizations. Consequently, the federal

governments meaningful use criteria

which encourage widespread adoption

of EMR solutions that better enable

secure, effective health information

exchangewill be crucial. Over time,

the application of analytics and predic-

tive modeling tools to health informa-

tion will help to better inform health

care decisions and processes, enhance

the patient experience and deliver

better outcomes while reducing costs

across the entire system.

Research from the eHealth Initiative

shows that progress on implementing

HIE initiatives is accelerating rapidly.1

However, a number of persistent

challenges could slow or even haltthis progress. While the nature of the

challenges identified in the eHealth

Initiative survey is wide rangingfrom

developing sustainable HIE business

models and defining the value for

users to protecting patient privacy

and ensuring compliance with federal

1 eHealth Initiative, The State of Health Infor-

mation Exchange in 2010: Connecting the

Nation to Achieve Meaningful Use and

Migrating Toward Meaningful Use: The State

of Health Information Exchange.

Executive summary


4/36

and state regulationsmany of them

typically trace back to information

governance issues. These include:

Securitypreventing and managing

data breaches. Interoperabilityenabling systems to

share information efficiently, effectively

and securely. Consentdeveloping and implementing

effective consent models. Access controlpreventing unauthorized

access to and inappropriate use of data. Data qualityensuring data communi-

cated between systems is accurate,

meaningful and internally consistent. Complianceensuring compliance

with privacy, data security and audit

regulations.

Failure to address these challenges will

likely result in negative consequences

for the efficiency and effectiveness of

HIE. For instance, it could increase data

breaches and reputational risk; limit

adoption and undermine long-term

sustainability; increase the cost of

HIE implementation; limit the clinical

and administrative value of health

information exchange; and reduce

system flexibility and performance.

Key to helping address the challenges is

effective information governancewhich

Accenture defines as the processes,

functions, standards and technologies

that enable high-quality information

to be created, stored, communicated,

valued and used effectively and

securely in support of an organizations

strategic goals.

With legal, administrative, clinical and

IT dimensions, these challenges cut

across virtually every part of a health

care organization. Thus, developing

effective solutions requires collaboration

across organizational silos, functions

and information systems. In the past,

however, organizations have tended to

adopt a siloed and tactical approach

to information governance, addressing

challenges as they arise. This fragmented,

reactive approach significantly increases

the cost of information governance and

reduces the effectiveness and flexibility

of information governance provisions.

Accenture believes that a strategic,

coordinated and disciplined approach

is critical to help address information

governance challenges. Effective informa-

tion governance requires a consolidated,

enterprise-wide information governance

architecturea layer of processes, func-

tions, policies and solutions that ensure

the effective and secure creation, storage,

communication, valuation and use of

information. Effective information

governance architectures integrate

disparate information, security, access

control and content management

architectures and include legal, clinical,administrative and IT work streams.

In this report, we present the Accenture

Information Governance Framework

for Health as a possible tool for helping

organizations design more effective,

consolidated information governance

architectures to ensure effective

implementation and ongoing operation

of HIE initiatives. Developed by

Accenture and drawing on what we have

learned through health IT implemen-

tations around the world, the framework

provides a holistic model of information

governance.

The framework breaks the complexity

of information governance into five

interrelated componentseach of which

has its own set of processes, functions,

standards and technologieswithin one

integrated model. The five components

are:

Data privacyensuring patients medical

data can be accessed only with their

consent. Data confidentialitypreventing

unauthorized access to and improper

use of information. Data securityproactively managing

security risks, effectively identifying

and prioritizing threats, and rapidly

addressing vulnerabilities.

Data qualityensuring information is

meaningful, accurate and internally

consistent so it can be used for its

intended purpose. Data integritymaintaining the

validity, accuracy and reliability of data

after it has been stored, transferred,

retrieved or processed.

We believe that all HIE stakeholders,

whether policymakers or those respon-

sible for ground-level implementation,

should consider these five components

from the outset of their planning.

Based on Accenture research and

experience from e-health implemen-

tations around the world, we have

identified four initial steps towardmore effective information governance:

1. Conduct a comprehensive risk

assessment and gap analysis of current

information governance provisions.

2. Identify, analyze, evaluate and

prioritize information governance

challenges.

3. Design solutions and develop strategies

to address these challenges.

4. Develop a detailed implementation

plan.

Accenture believes that to achieve high

performance in the connected health

ecosystem, health care organizations

should make information governance

a strategic priority. By creating a con-

solidated, enterprise-wide information

governance architecture, organizations

will be better able to improve data

quality and data security. This, in turn,

will help them to implement healthinformation exchange solutions that

address patients concerns over data

privacy, ensure compliance with regu-

latory and legislative requirements,

maximize the clinical and administrative

benefits of health information exchange

and increase physician adoption.

4


5/36

5

1. Transforming the US health system:From fragmentation to a connected health ecosystem


6/36

6

The US health system is at a critical

juncture. Faced with a number of

steadily intensifying challenges

skyrocketing costs, an aging population,

the increasing prevalence of chronic

disease and growing expectations from

patients for care that is more accessible,

affordable, high quality and personalized

a complete transformation of the

traditional health care delivery model is

needed to create a sustainable health

system for the 21st century and beyond.

To date, the health system has been slow

to adapt. The provision of care remainsfragmented, with little coordination

among myriad stakeholdersincluding

providers (doctors, hospitals, clinical

laboratories and pharmacies), payers,

government, employers and consumers.

The system maintains its focus on episodic

care delivered in costly traditional settings

(hospitals and physicians offices) after

people become sick rather than on pre-

ventive care and wellness. Consumers

remain passive; lacking the knowledge

and the inclination to manage their own

care, they rely heavily on decisions made

for them by their physicians. Further,

the payment system compensates

doctors not for the quality, but rather

the quantity of care they provide

offering little incentive for innovation

or improved health outcomes.

This situation is set to change over

the next 10 years as the various

stakeholders embrace new connected

health solutions that will transform

the health systemimproving thepatient experience and delivering better

health outcomes while reducing costs

across the entire system.

Connected health describes a new

delivery model in which:

Services offered by different stake-

holders are provided in a coordinated

and seamless way across all access

points.

Patient needs and sustainable health

care organization business models

come together to create appropriate

pathways through care. The focus is on prevention, health and

wellness rather than episodic care. Patients are no longer passive recipients

of care but are informed and empowered

to monitor their own health and make

appropriate choices over the course of

their lives. Care is available in diverse settings

(including peoples own homes) to

increase the efficiency and effectiveness

of interventions. Providers remuneration is based on

performance in improving health

outcomes and there are clear rewards

for innovation.

The electronic capture of patient health

information and the subsequent exchange

of that information across the health

system is an essential first step in the

transformation to the connected health

system. The superior use of health data

will help create a more efficient, high-

quality, value-driven, evidence-based

future for US health care.

Figure 1. Transitioning the health system

The current health system The connected health system

Fragmented Care that is centered around the needs of

the health system Focused on episodic care Traditional health care settings

(hospitals, physician offices) Passive consumers Most providers paid on fee-for-service

basis Lack of incentives for innovation

Coordinated through complex and

flexible interdependent networks Care that is centered around the needs of

the patient Focused on wellness, prevention and

chronic care management Diverse health care settings Health consumerism Providers' reimbursement linked to

performance Innovations improve service and

reduce cost

Todays health systemand the promise of tomorrow


7/36

7

Recent government reform initiatives, such as the Health

Information Technology for Economic and Clinical Health

Act (HITECH) and the Patient Protection and Affordable

Care Act (PPACA), represent key milestones in setting

the foundation for connected health. HITECH advocates

the use of technology by incentivizing meaningful use

of EMRs by physicians and hospitals, as well as the

development of HIEs. PPACA includes provisions to move

the system toward new payment models that reward

value (cost and quality targets) rather than volume (fee

for serv ice) and encourages new models of care and

accountability (such as Patient Centered Medical Homes

and accountable care organizations).

Financial drivers including health care inflation, resultingfrom the high cost of new drugs and treatments; wasteful

spending (for example, redundant, inappropriate or

unnecessary tests and procedures); inefficient health

care administration; the rising incidence of costly

conditions (such as heart disease and obesity); and the

growing health care needs of an aging population.

Rapid advances in health information technology (HIT),

including electronic medical records, clinical decision

support systems, computerized physician order entry (CPOE)

and common standards and certification processes, are

seen as key enablers for improving the overall quality,

safety and efficiency of the health delivery system.

A new generation of informed, empowered consumers

are changing patient expectations. The increase in patient

information and choice, demands for more convenient

and personalized care, and acceptance of the need to

take more personal responsibility for managing their

own health are creating a st rong impetus for change.

(See sidebar on page 10: Connected health and peoples

perspectives on the US health system.)

A heightened focus on quality of health care and patient

safety, which stems from growing concerns over clinical

errors, adverse drug events and the continuing impact

of inconsistent care standards resulting from uneven

application of care protocols and evidence-based medicine.

Changing physician attitudes toward technology are

driv ing the adoption of new e-health solutions. For

example, a recent Accenture survey of more than 1,000

physicians in small practices across the US2 found that

almost 60 percent of all current nonusers intend to purchase

an EMR system within the next two years. The figure

rises to 80 percent for physicians under 55 years of age.

The nation also faces a shortage of qualified medicalprofessionals due to the recent decline in the number of

US medical school graduates choosing primary care. At

current g raduation and training rates, the nation could

face a shortage of as many as 150,000 doctors in the

next 15 years, according to the Association of American

Medical Colleges.

What are the key drivers in the move towardconnected health?

2 Accenture surveyed more than 1,000 physicians across the US in

December 2009. The quantitative survey included randomly sampled

physicians from offices of fewer than 10 practitioners.


8/36

Four key characteristics of the new

connected health ecosystem differentiate

it from the traditional health care

delivery model.

Ubiquitous health information

technology (HIT) that enables key

constituents to capture and share

high-quality information securely

and effectively

HIT is a key enabler of connected health.

It provides the tools to electronicallycapture, organize, share and analyze

health information that can be used to

improve health and wellness and to

treat, cure and prevent illness. Effective,

efficient and secure exchange of high-

quality health information across the

health system is a prerequisite for

patient-centric, integrated, evidence-

based care. Connected health solutions

support health data liquidity by capturing

and sharing patient-identifiable clinical

and administrative information and

enabling authorized parties to exchange

and/or access it.

Achieving and maximizing the value of

data liquidity requires the widespread

adoption and utilization of a number

of HIT solutions:

Interoperable EMRs and EHRs, HIE

solutions and Health Information

Networks (HINs) that enable a range

of health care organizations to

capture and share information

securely, efficiently and effectively.

Telemedicine, in-home monitoring andmobile health solutions that support

the remote delivery of care, including

monitoring and consultation.

Health 2.0 sites, personal health

records (PHRs) and wellness tools that

encourage and empower patients to

manage their health and health care

more effectively.

Analytics tools that help maximize

the clinical, epidemiological and

administrative value of data flowing

through the connected health ecosystem.

Clinical decision support systems

(CDSSs) and CPOE systems that sup-

port collaborative patient-centric care

delivery models.

Smart health care that uses analytics

and predictive modeling to improve

clinical decision making, target

resources more efficiently, develop

more effective care delivery models

and improve disease management

Connected health solutions maximizethe value of data liquidity by translating

data into actionable insight that physi-

cians, administrators, organizations

and government can use to improve

the quality of care, increase the effi-

ciency of administrative and clinical

processes, and target resources more

Key characteristics of connected health

Connected health is a new approach to the delivery of health care

services that leverages sophisticated health information technology

(HIT), analytics and predictive modeling, new forms of integrated caredelivery models, and a patient-centric approach to care delivery to

improve the efficiency, quality and accessibility of health care services.

The vision for connected health is one in which all parts of the

health care system are seamlessly integrated through interoperable

processes and technology, and where critical health information is

available when and where it is needed.

8


9/36

effectively to improve clinical and public

health outcomes. There are three main

applications for analytics:

Health providers can leverage analytics

at the point of care to help determine

the most clinically effective treatments

for individual patients through the use

of CDSSs. Treatment and diagnosis are

based on proven clinical protocols that

help physicians reduce the variability of

care, ensure use of best practices and

manage costs of care.

Analytics plays a critical role in

improving care processes and deploying

resources more effectively to drive

down costs. By analyzing clinical and

administrative data (from medicalrecords, claims processing, appointment

scheduling, lab results and so on),

organizations can obtain detailed

insights into workflow and resource

allocation across different parts of the

patient care process. These insights

can be used to optimize resource use

and increase the efficiency of clinical

processes.

Analytics can be used to improve public

health outcomes by evaluating population

data sets to help identify patients most

at risk from chronic diseases or other

high-cost health conditions. Using

predictive analytic techniques, patient

conditions can be managed and monitored

proactively to ensure preemptive inter-

ventions that avoid hospitalizations and

related costs. Those patients identified

as being most at risk receive additional

care and can be educated to manage

their own treatment or change theirbehavior in ways that may improve

their condition.

New integrated care delivery models

that target improved health outcomes,

prevention and wellness rather than

reactive treatment

Integrated care delivery models provide a

means of organizing, financing and

delivering a wide range of health services

to meet an individuals health needs

in a coordinated, accountable care

management setting. The new models

avoid duplication and eliminate redun-

dant processes by enabling a range of

health professionals to coordinate care

across the health system.

One example is the Patient Centered

Medical Home (PCMH). Through the

PCMH model, a patients care is coor-

dinated across the health system and

across all stages of the patients life.

Patients share responsibility for their

health with primary care providers,

who ensure the right care is delivered

at the right time and in the most

appropriate setting. The nonprofit

National Committee for Quality

Assurance (NCQA) offers physician

practices the chance to attain formalrecognition as a PCMH. NCQA created

nine certification standards that

encompass 30 elements and 189 data

points, including care management,

patient self-management support,

electronic prescribing, performance

reporting and improvement, and

advanced electronic communications.

Practices can receive one of three levels

of recognition as a PCMH, depending

on mastery of the standards.

The success of integrated care delivery

models depends on providers being

rewarded appropriately for the time

and effort spent in managing the

coordination and the ongoing relationship

with the patient. A results-based, rather

than transaction-based, payment system

links remuneration to outcomes, thereby

encouraging care coordination, effi-

ciency, quality improvement and a

larger role for the patient in thehealth process.

Patient-centric health care that is

flexible and responsive to the indi-

vidual needs of patients and enables

patients to manage their health

more effectively

Connected health enables a more

personalized approach to health care

that puts the individuals needs at the

center of the care process. By building

a comprehensive picture of each

patientpersonal and family medical

history, surgeries, hospitalizations, lab

test results, vaccinations, medications,

allergies and adverse drug reactions, as

well as lifestyle observationsand using

evidence-based diagnostics, providers

can ensure that individual patients

receive the right care at the right time.

The increasing liquidity of information

is also transforming the individuals

role in managing his or her own health

more effectively. For example, patients

are able to record and maintain their

own health care information through

patient health records, which they

can share with health providers as

appropriate. Through patient portals,

patients can request appointments,review test results, access their medical

records and send messages to their

physicians. Patients are also empowered

to manage their conditions through

the use of online health risk assessment

tools and remote patient monitoring

devices that bring health care into the

home setting. These technologies

enable early detection of problems that

might otherwise require treatment in

more expensive care settings, such as

hospitals.

Increasingly, consumers are also

demanding information on the cost and

quality of health care services provided

by hospitals and other health care

facilities. With that information, they

are able to make informed choices about

treatment options and appropriate care

providers. Consumer-friendly websites

are emerging to give consumers a range

of health care information, includingphysician finders, payment estimators,

cost comparisons and quality indicators

for health providers, such as length of

stay, mortality rates, readmission rates,

complication or infection rates and so on.

Finally, new Web 2.0 toolssuch as

social networking sites, blogs and online

community forumsprovide the means

for consumers to gain more information

about their condition, choice of treatment

options and so on.

9


10/36

In December 2009, the Accenture Institute for Health &

Public Service Value conducted a survey of 1,019 US

citizens to explore their perceptions of health and health

care.3 The survey was part of a global study involving

people in 16 geographies. The findings show strong

support among US respondents for connected health,

which will provide a real impetus for change.

The survey revealed that US citizens are very concerned

about costs and efficiency in the health care system.

More than half of those surveyed (54 percent) believe

that one of the three biggest challenges facing the health

care system is that medical costs are too expensive, and

almost four in 10 (38 percent) cite too much inefficiency

or bureaucracy in the system.

People recognize that steps should be taken to cut the

cost of health care. Many are willing to accept alternative

models of care. For instance, more than four in 10 people

surveyed support the idea of seeing health professionals

other than doctors for routine care. Around 30 percent

support more online and telephone consultations with

doctors, rather than having to see them face to face.

People also believe that preventive care and personal

responsibility for health is important to relieve pressure

on the health system. Fifty-nine percent of people believe

that to improve health care in the United States, it is

essential or very important for government to put

more emphasis on preventive care. Meanwhile, 63 percent

believe it is essential or very important for government

to encourage and educate people to take more personal

responsibility for improving their own health and that

of their families.

People want to play a greater role in managing their

own health but feel they need easier access to health-

related information to do so. Eighty-six percent ofpeople agree their health depends largely on how well

they take care of themselves. However, while two-thirds

of people believe it is essential or very important for

government to ensure that they are provided with reliable

and trustworthy information and advice about health

and health services, only one in five think government

is doing this well.

People rely heavily on health professionals as key sources

of information. Two-thirds of respondents rely on doctors

and other health care professionals for information and

advice on managing their health, putting an enormous

strain on primary care physicians time.

People want more control over their treatment options and

easily accessible information on providers performance

so they are better able to make appropriate choices. Only

half of respondents say they feel well informed about the

performance of health providers. More than eight in 10

people would like to know more about how different health

service providers are performing so they can make decisions

about where to go for treatment. Further, 63 percent want

to be able to make the decis ion themselves on where togo for treatment. Only 18 percent say they have no need

for information as they leave it solely to their doctors to

make decisions.

People strongly support the adoption of electronic medical

records. Almost 70 percent of survey respondents think it

is very or fairly important for health providers to

adopt EMRs.

Connected health and peoples perspectives on the UShealth system

3The fieldwork was conducted between December 10 and December

21, 2009, a period of great debate and media attention on US health

care legislation. Interviews were conducted online, with quota controls

placed on sample. Data were weighted to be representati ve of the

general population of US residents aged 18 and over.

10


11/36

Widespread adoption and utilization

of connected health solutions over

the next five to 10 years will drive

development of a national connected

health architecture (see Figure 2).

While there will be a number of critical

junctures in the construction of this

architecture, Accenture believes the

most important will be:

Stage 1: Realizing ubiquitous health

information exchange Stage 2: Constructing a national

health network of networks Stage 3: Enabling evidence-based

health care Stage 4: Implementing connected

health strategies

The connected health journey

11


12/36

1212

The Connected Health Architecture illustrates how different

connected health solutions and strategies will enable the

delivery of more integrated health care services and will

support the transition to a connected health system. Each

layer of the Connected Health Architecture has a number

of components that represent the most important solutions,

functions and processes in enabling connected health.

1. Connected health infrastructure: A distributed, nonhi-

erarchical, nonproprietary national networkconstituted by

local, state and regional health information networksthat

enables organizations to share clinical and administrative

information.

Network development and managementa centralizedfunction responsible for developing and managing

an Internet-based network constituted by local, state

and regional health networks.

Syntactic interoperabilitycentralized services, common

policies and enforceable standards that ensure syntactic

interoperability between distributed subsystems.

Securitysecurity standards, certification cr iteria,

common data handling policies and standardized IT

security audit and system hardening processes that

proactively manage network security risks and rapidly

address vulnerabilities.

2. Effective health information exchange: Solutions such

as interoperable EMRs, EHRs, PHRs and HIEs that enable

health data liquidity across distributed subsystems by

supporting the secure, efficient exchange of high-quality

health information.

Development and governanceorganizations that

design, implement and manage health information

exchange solutions and develop and/or implementstandards, policies, processes, services and certification

criteria across health information exchange networks

to ensure data security and quality.

Security, privacy and confidentialityaccess control

and data security solutions, consent models and

data handling policies that minimize data breach

risk and prevent unauthorized access to or use of

information.

Semantic and process interoperabilitystandards,

processes, policies and solutions that enable semantic

and process interoperability across subsystems and

organizations within HIE networks.

3. Analytics: Solutions, processes and functions that

analyze and visualize high-quality aggregated information

to improve decision making in the health care system.

Clinicalsolutions such as CDSSs that leverage

patient-identifiable information in longitudinal

medical records to enable evidence-based medicine.

Also, solutions that enable de-identified clinical

information to be used in clinical trials.

Payersolutions that leverage clinical and administrative

data to enable payers to develop more effective

care management, member incentive and wellness

strategies; improve the efficiency of claims processing

and auditing; and manage provider performancemore effectively.

Public healthsolutions that use aggregated clinical

and administrative data to support disease management,

biosurveillance and care quality monitoring.

4. Connected health transformation: Evidence-based

collaborative care delivery models and integrated health

care strategies that target improved health and clinical

outcomes, greater patient empowerment and more

effective preventive lifestyle interventions.

New models of collaborative, patient-centric care

organizations, solutions and processes that support

seamless patient transitions across care settings and

enable more personalized, flexible care responsive to

patient need.

Care management transformationintegrated care

management strategies in which payers, providers

and regulators collaborate to reduce the duration,

frequency and cost of interventions.

Patient empowermenttools (such as Health 2.0 websites

and mobile health solutions), policies and approaches

that educate and engage patients as well as empower

them to manage their health and health care more

effectively.

Comparative effectivenessresearch programs, solutions

and governance arrangements that support evidence-

based decision making across the health system.

The Connected Health Architecture


13/36

Figure 2. The Connected Health Architecture

Provides actionable insight and intelligence

New approaches to care delivery that target more efficient, effective and accessible health care for all

Technologies and organizations that maximize the value of shared information

Organizations and systems that enable the secure, efficient and effective exchange of high-quality information

A distributed, nonhierarchical, nonproprietary network of networks

Provides comprehensive, high-quality administrative, clinical and wellness data for patients and populations

Enables information sharing between standalone enterprise or regional health information systems

Connected health transformation

Component 4

Comparative

effectiveness

Component 1

New models of

collaborative care

Component 2

Care management

transformation

Component 3

Patient empowerment

Analytics

Component 3

Public health and

quality reporting

Component 1

Clinical (provider

and research)

Component 2

Payer

Effective health information exchange

Component 3

Semantic and process

interoperability

Component 1

Development and

governance

Component 2

Security, privacy and

confidentiality

Connected health infrastructure

Component 3

Security

Component 1

Network development

and management

Component 2

Syntactic interoperability

13


14/36

Stage 1:

Realizing ubiquitous health

information exchange

This stage includes the

near-universal adoption ofinteroperable EMRs and local,

state and/or regional health

information networks that enable

the semantic exchange of high-

quality patient-identifiable

clinical and administrative data

in longitudinal medical records.

These networks enable patient

data to follow patients across the

continuum of care; support the

use of clinical, public health and

business analytics; and improve

the efficiency of administrative

and clinical processes.

The first step in the connected health

journey involves collecting the right

data in a secure, efficient way that

guarantees patient privacy and sharing

that information across the health system.

Achieving data liquidity within local,

state and regional health information

networks is an important goal for the

Office of the National Coordinator for

Health Information Technology (ONC)

and health care organizations. While

several of the Centers for Medicare &

Medicaid Services (CMS) stage 1

meaningful use objectives imply the use

of HIE, the stage 2 and 3 objectives will

put considerably greater emphasis on

the role of HIE. Moreover, to increase

health information exchange in the

long term, the federal government is

investing heavily in state HIE, Regional

Extension Centers and Beacon Commu-

nities through the HITECH Act.

Through the CMS meaningful use criteria,HITECH funding and the ONC, the

federal government is seeking to

improve data liquidity by supporting

and incentivizing health care organiza-

tions to focus on the secure, efficient

exchange of high-quality health

information. As a result, progress on

health information exchange has

accelerated rapidly. According to the

eHealth Initiative, 73 HIE initiatives

reported being operational (defined as

transmitting data that is being used by

health care stakeholders) in 2010, an

increase of nearly 30 percent over 2009.4

This trend is set to continue as compli-

ance with meaningful use criteria drives

EMR adoption among physicians over

the next two years. A recent Accenture

survey of physicians in the United States

suggests that 60 percent of current

nonusers will implement an EMR in the

next two years. Rising EMR adoption

rates will increase demand for healthinformation exchange as physicians seek

to maximize the return on their EMR

investments.

Even so, some critical issues must be

addressed before ubiquitous health

information exchange can be realized:

Sustainability. To ensure long-term

viability, an HIE must develop sustainable

business models that enable them to

operate without government funding.

Semantic interoperability. To maximize

clinical and administrative value, an

HIE should enable a level of semantic

information sharing between distributed

subsystems.

Data quality and integrity. To minimize

the impact of poor data quality on

patient safety, physician adoption, care

quality and process efficiency, an HIEshould implement solutions, standards

and policies that effectively prevent,

identify and remedy data quality and

integrity issues.

Data privacy, confidentiality and

security. To ensure compliance and

minimize security risks, HIE and network

constituents should develop robust

data privacy and security solutions,

frameworks, policies and processes.

Provider adoption and utilization. To

ensure ubiquitous health information

exchange, providers must adopt interop-

erable EMRs and/or EHRs. Just as

important, an HIE should engage them

early on to ensure compliance with

relevant standards, processes and policies

for the exchange of health information.

4eHealth Initiative, The State of Health

Information Exchange in 2010: Connecting

the Nation to Achieve Meaningful Use. A

Report Based on the Results of the eHealth

Initiatives 2010 Seventh Annual Survey of

Health Information Exchange.

14


15/36

15


construction of an Internet-

based national health network

of networks that connects public

and private health information

networks at the local, state and

regional levels. The goal: to

enable health information

networks to share patient-

identifiable and de-identified

health information to supportthe delivery of care, improve

process efficiency and facilitate

evidence-based decision making.

The ONC, through the embryonic

National Health Information Network

(NHIN), is likely to play an integral

role in the development of a distributed,

nonhierarchical, nonproprietary

national network of networks. It is

imperative that constituent networks

provider and payer HIE, EHR and

PHRhave system architectures that

are or can be aligned to the core

services and standards of the NHIN.

This alignment will reduce the time

and resources required to construct

a broad national health network that

will enable health care organizations

across the country to share information.

This stage includes the widespread

adoption of analytics and

predictive modeling solutions

that analyze and visualize health

information to produce actionable

insight and intelligence. The

goal: to enable providers, payers,

regulators and public health

organizations to strengthen their

decision-making capabilities.

The majority of health care organizations

are currently focused on health

information exchange and ensuring

compliance with meaningful use criteria

to avoid financial penalties. While some

high-performance organizations use

analytics, most do not and are not

explicitly considering how system

design will impact future analytics pro-

grams. Analytics platforms should have

access to semantically normalized,

aggregated health information, which

requires HIE networks to develop

semantically interoperable enterprise

architectures. Therefore, to maximize

long-term value, an HIE should focus on

developing semantically interoperable

enterprise architectures to support

future analytics solutions.


implementation of collaborative

care delivery models and

integrated approaches to health

care. The goal: seamless,

personalized care across care

settings; more effective

preventive lifestyle interventions;

collaborative care management to

improve the efficiency and

effectiveness of care; and patientengagement, education and

empowerment to enable

individuals to take greater

responsibility for managing their

own health and health care.

Health care reform is likely to drive the

implementation of connected health

strategies across the health system.

Provider payment reform and pilots of

new provider modelssuch as commu-

nity-based collaborative care networks,

Accountable Care Organizations (ACOs)

and Patient Centered Medical Homes

(PCMHs)are likely to increase the

adoption of collaborative, patient-cen-

tric care delivery models. The evolution

will vary based on local markets, but

these new collaborative models are

already in operation in a number of

states. Health care reform will alsoencourage organizations to focus on

prevention rather than treatment.

Simultaneously, health care inflation

and increasing demand will put unsus-

tainable pressures on payers, health

plans and providers, forcing them to

develop innovative collaborative care

management strategies to reduce the

need for medical care and lower the

cost of care delivery.

Stage 2:

Constructing a national

health network of networks

Stage 3:

Enabling evidence-based

health care

Stage 4:

Implementing connected

health strategies


16/36

16

2. The first step:Health information exchangesustainability, an HIE should enable

stakeholders to maximize these benefits

while reducing the cost of achieving them.

Health information exchange will better

enable providers to:

- Improve care quality by reducing

prescribing errors, strengthening

clinical decisions and diagnosis,

improving patient compliance and

enabling a holistic view of patients

medical records.

- Improve the efficiency of clinical and

administrative processes by limiting

the number of interfaces with other

providers and payers and reducing

the time staff spend following up on

test results, handling lab and radiology

reports, making and responding

to information requests, managing

prescriptions and undertaking clerical

tasks.

The United States is at the beginning of

the connected health journey. Connected

health maturity varies across the health

system: Some payers are nearing stage

4 in using analytics to develop next-

generation care management models,

while many parts of the country are

still in the early stages of adopting EMR

and implementing health information

networks. In general, however, organi-

zations are focused on health information

exchangethat is, the construction of

local, state and regional public andprivate health information networks that

enable secure, efficient and effective

health information exchange. Public and

private HIEs are important leaders in this

field and their long-term success will

determine progress toward connected

health.

The potential administrative and clinical


to a variety of stakeholders are well

documented. To help ensure long-term

- Reduce costs by improving

reimbursement management

leading to reduced denial rates and

bad debt write-offs and improved

eligibility verification and clean

submission ratesand reducing

unnecessary testing.

Health information exchange will

help payers realize significant cost

savings by improving the efficiency of

administrative processes and reducing

readmissions, testing and acute careepisodes.

Health information exchange will

better enable public health organizations

to improve long-term health outcomes

by strengthening care quality and clinical

performance reporting, improving

disease management strategies and

biosurveillance, and enabling more

effective targeted public health

campaigns.


17/36

17

Progress on health information exchange

is accelerating rapidly as a result of

American Recovery and Reinvestment

Act funding, and the importance and


are becoming widely recognized. However,

organizations should be very cautious

when establishing an HIE and implement-

ing HIE solutions. In the past, complex

technical, organizational, regulatory

and cultural challenges have increased

implementation risks, led to relatively

high solution failure rates and limitedthe administrative and clinical value of

HIE solutions once operational.

The challenges range from developing

sustainable HIE business models and

defining the value for stakeholders to

protecting patient privacy and supporting

compliance with federal and state

regulations.

Since 2004, the eHealth Initiative

(eHI), based in Washington, D.C., has

tracked the efforts, successes and

failures of organizations across the

country working on health information

exchange. Sustainability has regularly

been cited as the top challenge for HIE

initiatives. However, in the most recent

2010 survey,6 initiatives identified

addressing government policy and

mandates as an emerging challenge in

light of the impending meaningful use

regulations. According to the survey, themost significant challenges affecting

HIE initiatives today are:

Developing a sustainable business

model. Addressing government policy and

mandates.

Defining the value that accrues to the

users of the HIE. Addressing privacy and confidentiality

issues (HIPAA and others). Addressing technical aspects including

architecture, applications and connectivity. Addressing organization and governance

issues.

To help ensure that these challenges do

not slow or even halt the progress of HIE

implementations, organizations should

give sufficient attention to addressing thecritical issue of information governance.

6 eHealth Initiative, The State of Health

Information Exchange in 2010: Connecting

the Nation to Achieve Meaningful Use. A

Report Based on the Results of the eHealth

Initiatives 2010 Seventh Annual Survey of

Health Information Exchange."

While there are few studies into the impact of regional

health information exchange on clinical outcomes, there is

evidence to suggest that Clinical Information Systems (CISs)

in hospitals improve clinical outcomes. A multiple-hospital

study5 published in 2009 found that advanced clinical

information technologies, such as electronic medical

records, CPOE systems and Clinical Decision Support

Systems, improve inpatient outcomes in a number of ways:

For all medical conditions studied, an increase in the

automation of notes and records was associated with a

15 percent decrease in the risk-adjusted odds of fatal

hospitalizations.

Improved order entry capabilities decreased the risk-adjusted odds of death for myocardial infarction by

9 percent.

Improved order entry capabilities decreased the risk-

adjusted odds of death for coronary artery bypass graft

procedures by 55 percent.

Improved physician decision support decreased the

risk-adjusted odds of complications for all causes of

hospitalization by 16 percent.

Connecting CIS through HIE will increase the clinical

value of CIS by enabling physicians to access patients

entire medical records and by supporting more robust

evidence-based clinical decision making.

Clinical information systems:Improving clinical outcomes

5 Clinical Information Technologies and Inpatient Outcomes: A Mul-

tiple Hospital Study," Journal: Archives of Internal Medicine, January26, 2009, 169(2):10814.


18/36

18

A recent Accenture survey found that 42 percent of

Americans are concerned about providers sharing their

health information with other providers, and 64 percent are

concerned about their health information being shared with

government agencies. Of those who are concerned about

health information exchange, two-thirds are concerned

because they cannot be sure that only authorized people

will see their information.7

7 http://www.accenture.com/Global/Research_and_Insights/Institute_For_Public_

Service_Value/Research/2010-Citizen-Experience-Study/default.htm.

8 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/

postedbreaches.html.

9 "Health information exchange and patient safety," Journal of Biomedical

Informaticsarchive, Volume 40, Issue 6 (December 2007), pages: S40-S45,

year of publication: 2007, ISSN:1532-0464.

More than 100 health data breaches affecting more than

500 people were reported to the Department of Healthand Human Services between September 2009 and July

2010. In a handful of cases, more than a million people

were affected by the breach.8

It has been estimated that between 44,000 and 98,000

Americans die each year as a result of medical errors. Up

to 18 percent of all patient safety errors and 70 percent

of adverse drug events could be eliminated if physicians

had timely access to accurate information.9

An HIE should develop adequate

information governance capabilities

up front. Failure to do so will likely:

Increase data breaches and reputational

risk. To maintain public and stakeholder

confidence, HIEs should prevent high-

profile data breaches and ensure

compliance with state, HIPAA, HITECH,

consumer privacy and other data

security and consent requirements.

Limit adoption and undermine long-

term sustainability. To attract constituent

organizations and ensure their long-term

commitment, HIEs should enable the

exchange of high-quality data and

support a level of interoperability

among constituents that delivers realclinical, administrative and/or efficiency

benefits to them.

Increase the cost of health information

exchange. To reduce the cost of health

information exchange to constituents

and develop a sustainable business

model, HIEs should limit the cost of

achieving interoperability, maintaining

data quality and ensuring data security,

privacy and confidentiality.

Limit the clinical and administrative

value of health information exchange.

To ensure constituents are able to

realize the clinical, administrative and

efficiency benefits of health information

exchange, constituents should be able

to use data exchanged through an

HIE for its intended purpose. That

requires the HIE to ensure high data

quality and enable an adequate level of

interoperability between subsystems.

Reduce system flexibility and

performance. To ensure that HIE networks

can be extended and altered over time,

an HIE should implement a consolidated,

stable enterprise architecture and

provide centralized services and

governance processes that ensure

compliance with HIE standards.

In the next section, we describe how

health organizations can take steps to

overcome many of the critical challenges

by developing robust information

governance capabilities.


19/36

19

Security

Preventing and managing data breaches and unauthorized

access to clinical data; ensuring compliance with relevant

regulations and legislation (such as HIPAA privacy and

security rules, HITECH Act breach notification rules and

state privacy regulations); guaranteeing the availability

of security services; and maintaining network integrity

are imperative if HIEs are to overcome privacy concerns

and ensure their long-term survival.

Interoperability

Achieving semantic interoperability without open or

common standards across HIE networks in which

subsystems use non-interoperable standards is a major

challenge. However, to maximize clinical and adminis-trative value, HIEs must enable a level of semantic

interoperability where there is a use case to support

it. To achieve partial interoperability, organizations will

focus on developing state or HIE standards, standards-

driven architectures, translation or terminology services

and certification services.

Consent

Developing and implementing effective consent models

to meet the expectations of patients, administrators and

physicians is difficult. Patients, patient advocates and

regulators reasonably expect consent models to focus on

protecting data privacy and confidentiality by restricting

the use and dissemination of information. Such restrictions

can limit the clinical value of health information exchange;

clinicians may be unable to access medical information

relevant to diagnosis or treatment. Finding and articulating

the consent basis for data sharing is critically important

to HIE success.

Data integrity

Maintaining the meaning, structure and other characteristics

of clinical and administrative data when it is stored,modified, processed and communicated between systems

is a major challenge, particularly in highly distributed

environments. Poor data integrity limits the clinical and

administrative value of health information exchange.

Access control

Controlling access to clinical data and enabling patients

to determine who can access data are important technical

and compliance challenges that require robust access

control solutions and permissioning regimes.

Data handling

Compliance with HIPAA, HITECH and other regulatory

and legislative requirements involves the implementation

of stringent data handling policies across HIE networks.

Compliance may require organizations to invest in manda-

tory data handling training, establish enterprise-wide

data risk and monitoring functions, and develop and

enforce certified data handling policies.

Data quality

Ensuring that data exchanged through an HIE network is

accurate, meaningful and internally consistent is extremely

important. Poor-quality data affects patient safety, limits

the clinical and administrative value of health information

exchange and undermines analytics-driven improvements

to processes and care quality. Ensuring data quality is a

major challenge in complex multisystem environments

particularly when subsystems use non-interoperable

standards and clinical terminologies.

Compliance

Compliance with privacy, confidentiality, data security, data

loss, data protection, data handling and audit regulations

is an important issue for all health care organizations.

Organizations should manage information risks effectively

in accordance with legal and regulatory obligations.

Addressing compliance requires a coordinated approach

across organizations. Enabling IT organizations to collabo-

rate effectively with legal departments, clinicians and

administrators to design and implement systems and

processes that ensure compliance is a major challenge.

Critical information governance challenges


20/36

3. Information governance:Enabling effective health information exchange

20


21/36

21

Effective information governance

the processes, functions, standards

and technologies that enable high-

quality information to be created,

stored, communicated, valued and used

effectively and securely in support of

an organizations strategic goalsis the

key to addressing critical information

governance challenges that prevent

efficient, effective and secure health

information exchange.

The Accenture Information Governance

Framework for Health provides a holistic

model of information governance

helping organizations establishing

health information exchanges and

implementing HIE solutions to assess

and overcome key challenges by

designing more effective information

governance architectures. Developedby Accenture and drawing on what

we have learned through health IT

implementations around the world, the

framework disaggregates information

governance into five highly interrelated

disciplines:

Data privacy Data confidentiality Data security Data quality Data integrity

In the past, organizations have adopted

a siloed and tactical approach to

information governanceallowing

organizational and information silos

to address information governance

challenges as they arise. For example,

an organization might implement

stringent data handling policies after

a data breach, periodically launch

data cleansing programs to address

poor data quality, and invest in ad-hoc

terminology and translation services

to enable interoperability between

systems. While it is important for

organizations to address issues as they

arise, this fragmented and reactive

approach significantly increases the

cost of information governance and

reduces the effectiveness and flexibilityof such provisions.

Each discipline has multiple solution

componentsthat is, the most important

processes, functions and technologies

within an information governance

architecture that better enable

organizations to develop effective

information governance capabilities.

To help ensure effective information

governance, an HIE should develop a

consolidated, network-wide information

governance architecturethat is, a

layer of processes, functions, policies

and solutions that ensure the effective,

secure creation, storage, communication,

valuation and use of information.

Effective information governance

architectures integrate disparate

information, security, access control

and content management architectures

and include legal, clinical, administrative

and IT work streams.

Using the Accenture Information

Governance Framework for Health,

we are working with organizations to

develop specific tools tailored to their

needs. These toolkits consist of direct

controls, risk assessment frameworks

and other components to make infor-

mation governance a tangible part of

an organization. These toolkits helporganizations to focus on providing

patient care while supporting compli-

ance with patient, regulatory and

legislative requirements.

The Accenture Information Governance Frameworkfor Health


22/36

22

Figure 3. The Accenture Information Governance Framework for Health

Data privacy Patient consent models and mechanisms

Patient-provider relationship-based access controls

Patient access controls

Effective data security and data handling policies

Data confidentiality Role-based access control models

Patient and provider record sealing

Identification and authentication

Anonymization and pseudonymization

Data security Message integrity and communications security

Event audit and alerting

IT security audit

Network integrity

Data quality Error correction

Data validation

System and interface certification

Standards-driven architecture

Data integrity Code integrity

System hardening

Interoperability governance

Standards-driven architecture and standards management

Information Governance Disciplines Information Governance Solution Components


23/36

23

For regulators, watchdogs, legislative

bodies, patients, patient advocates

and the public, data privacythat is,

ensuring patients medical data can

be accessed only with their consent

is the most important issue associated

with health information exchange.

Failure to convince these stakeholders

that their data is private increases

implementation, compliance and

reputational risk. To ensure data privacy,

effective information governance

architectures should include four

components:

1. Patient consent models and mecha-nismshigh-level frameworks that

outline how and in what circumstances

organizations will seek patient consent

for their medical data to be stored,

disseminated, accessed and used. Patient

consent mechanisms are authorization

or permissioning regimes that are

part of access control models. These

mechanisms should allow patients to

specify which parts of their medical

records they do not wish particular

user groups to have full access to.

2. Patient-provider relationship-based

access controlssolutions that restrict

access to a specified patients medical

data based on an existing relationship

between the patient and the clinician

or care provider requesting access to

that patients data.

3. Patient access controlssolutions

that provide patients with secure accessto their medical data. Access control

solutions have three key elements:

registration, authentication and

authorization.

4. Effective data security and data

handling policiespolicies that minimize

information security risk and prevent

unauthorized access to information by

placing patient interest at the center

of information governance policy and

by encouraging desirable behaviors

among users.

RecommendationsImplementing effective data privacy

solutions is a major challenge. Designing

solutions that meet the expectations

of regulators, clinicians, administrators,

managers, patients, the public, politi-

cians and other stakeholders is themost common challenge. However,

organizations tend to concentrate on

the technical and clinical aspects of

data privacy while neglecting the

strategic, organizational and cultural

dimensions. To address these issues,

HIEs should:

Consult clinicians, patients and the

public when designing consent models

Designing consent models should be

a transparent, collaborative process

involving a broad range of stakeholders.

By adopting a collaborative approach,

organizations design more effective

consent models that are fit for purpose.

Further, by engaging stakeholders early

in the process, organizations reduce

resistance from patients, clinicians

and regulators. This reduces the risk of

subsequentand expensivesystem

changes to access controls and dataprivacy solutions.

Communicate the purpose of data

privacy measures to clinicians and

patients

Organizations should develop effective

communication strategies to ensure

that HIE network constituents, clinicians

and patients understand why and

how data privacy will be maintained.

Communication strategies should

demonstrate organizations commitment

to data privacy and the effectiveness of

data privacy solutions while convincing

clinicians and other stakeholders that

data privacy controls will not reduce

the clinical value of health informationexchange.

Educate patients so they understand

data privacy controls

For consent-based access controls to

be effective, patients must be able to

make informed judgments regarding

data use. At a minimum, patients

should understand how their medical

data will be used, how widely it will

be disseminated and what the benefits

and potential drawbacks are. Patients

should also understand the processes

through which they can restrict and

authorize access to data.

Data privacy


24/36

24

Ensuring the confidentiality of data

by preventing unauthorized access to

and improper use of information is an

important part of information gover-

nance. The goal: to minimize information

security risks (such as data loss and

unauthorized or inappropriate use and

dissemination of information), thereby

mitigating compliance and reputational

risks and protecting data privacy.

Ensuring that data is confidential

requires a range of security solutions

that monitor, restrict and prevent

unauthorized access to information.

Moreover, solutions should be able to

obscure patients identity when datafrom their medical record is used for

purposes other than delivery of care.

To help ensure data confidentiality,

effective HIE information governance

architectures should include four

components:

1. Role-based access control models

access levels, permissioning and

authorization regimes, and access

controls that are based on complex

real-world job functions (roles) and

patient-provider relationships.

2. Patient and provider record sealing

solutions that enable patients and

providers to restrict or prevent access

to information compartments in med-

ical records.

3. Identification and authentication

solutions that enable the robust

authentication of health care profes-sionals to health care systems, as well

as the linking of real-world identity

to system identity, to ensure that only

authorized users can access patient data.

4. Anonymization and pseudonymization

solutions that obscure patients' identities

by modifying patient-identifiable clinical

data while maintaining data quality.

Thus, the data can be used for secondary

purposes without compromising

confidentiality.

RecommendationsThere are a range of technical challenges

associated with implementing effective

data confidentiality solutions across

complex architectures in distributed

environments. However, vendors,

systems integrators and health care

organizations are developing effectivesolutions to address these issues.

Increasingly, the most important

challenges organizations face when

implementing data confidentiality

solutions are related to organizational

and process issues. To help ensure data

confidentiality, we believe HIEs should:

Implement processes that enable IT,

legal, clinical and administrative

functions from a range of stakeholders

to work together effectively in

developing data handling policies

and role-based access control models

Effective data handling policies and

access controls should conform and be

adapted to meet regulatory and legal

requirements and reduce information

security risks while minimizing disruption

to clinical and administrative processes.

If data handling policies and access

controls have a significant impact onclinical and administrative processes,

users are unlikely to adopt desirable

behaviors, care quality may suffer and

processes are likely to become less

efficient. Moreover, if IT and legal

teams design and implement access

controls in an organizational vacuum,

those controls are likely to be less

effective and cost more than those

developed through a collaborative

approach. To avoid these problems,

HIEs should enable IT, legal, clinical

and administrative functions from a

range of stakeholder organizations to

collaborate in designing access controls

and data handling policies.

Develop processes and solutions to

manage and report data breaches

effectively

The financial, organizational, reputa-

tional and regulatory consequencesof data loss and misuseincluding

litigation, fines imposed by regulators,

a collapse in patient confidence, and

data corruptioncan be very serious

for an HIE. To minimize the impact of

data confidentiality failures and ensure

compliance, organizations should

implement effective processes to

manage and report data breaches.

HIEs should go beyond simply reporting

data breaches; it should also develop an

integrated mechanism to proactively

manage such breaches. These solutions

detect and analyze breaches as quickly

as possible to mitigate their impact on

patient confidentiality while identifying

vulnerabilities that can be addressed

immediately.

Data confidentiality


25/36

25

Data privacy, confidentiality, quality

and integrity depend on the ability of

solutions to maintain data security.

Moreover, the security of clinical data

is a growing compliance challenge for

organizations. The HITECH Act has

introduced more stringent guidelines,

and the ONC is likely to implement more

robust data security certification

processes. Ensuring the security of data

requires HIE and network constituents

to develop security architectures that

proactively manage security risks,

effectively identify and prioritize threats,

and promptly address vulnerabilities. To

help ensure data security, HIE informationgovernance architectures should have

four components:

1. Message integrity and communications

securitysolutions that maintain the

integrity of data transferred between

systems in messages and prevent

unauthorized access to and/or

modification of messages.

2. Event audit and alertingfunctionality

that enables systems to monitor, log

and report security-relevant events.

3. IT security auditmanual and auto-

matic processes that test and evaluate

the effectiveness of solutions information

security measures.

4. Network integritysolutions that

enable networks to maintain expected

functionality, performance and service

availability despite unexpected events,such as security threats and spikes in

demand.

RecommendationsAn HIEs security architecture plays a

vital role in maintaining data privacy,

confidentiality, quality and integrity by

identifying and addressing security risks

and vulnerabilities. However, data

security is not just a technical issue;

users behavior, organizations corporate

strategy and changing market conditions

are often major factors in creating or

exacerbating information security

risks. We believe that HIEs should, at

minimum, take the following actions to

help ensure data security:

Launch a proactive and comprehensivedata security assessment

To ensure that data is secure, HIE

and network constituents must have

an accurate and comprehensive

understanding of current and potential

security risks and vulnerabilities. A data

security assessment should deliver a

detailed inventory of data assets and

should document current data manage-

ment practices, regulatory requirements

and key vulnerabilities, along with

the probability and possible impact

of threats. The aim of a data security

assessment is to develop a risk-based

view of data assets, a strategic

awareness of vulnerabilities and threats,

a clear understanding of the severity

of impacts and a foundation for

investment in data security.

Ensure adequate audit capabilities

To reduce compliance and reputational

risk, HIEs should automatically monitor

and record all permission changes, data

errors, access requests, data transfers,

alterations to medical records and data

breaches. With this monitoring and

recording, HIEs can efficiently and

effectively develop detailed audit trails

as needed. Failure to implement

adequate automated capabilities will

increase the cost of complying with

auditing requirements in future

certification criteria. Inadequate

auditing can also significantly impairan organizations ability to maintain

data quality and integrity as access

controls and security measures are

less effective.

Develop a comprehensive change

program to drive user compliance

with data handling and IT security

policies

To minimize security risks, users should

follow data security and data handling

policies. However, driving changes

in clinicians behavior and making

training stick can be major challenges.

Compounding the challenge: Normal

change management strategieseven

those based on best practices for

organizations outside health careare

often ineffective. To address these

issues, HIEs should encourage network

constituents to develop long-term

change programs that target changes inorganizational culture and user attitudes

toward security and confidentiality.

Organizations should engage senior

clinicians early on to act as change

championsencouraging the clinical

workforce to follow data security

policies.

Data security


26/36

26

High-quality data is meaningful, accurate

and internally consistent; it can be

used for its intended purpose. Poor-

quality clinical data affects patient

safety, quality of care and user adoption.

It also increases compliance and imple-

mentation risks. However, ensuring data

quality is a major challengeparticularly

in complex, multisystem environments

in which subsystems do not share

common technical, data, communication

or terminology standards. The key to

ensuring data quality in these environ-

ments is to develop solutions with

intelligent data handling functionality

and to implement standardized interfacesand data models that enable subsystems

to share information more effectively.

With that in mind, effective HIE informa-

tion governance architectures should

include four components:

1. Error correctionmanual and auto-

matic processes that detect and correct

errors in information efficiently and

effectively.

2. Data validationvalidation rules that

verify that data conforms to a set of

specifications regarding format, quality,

integrity, accuracy and structure.

3. System and interface certification

roles, processes and solutions that verify

that systems and interfaces conform to

specifications defined by regulators and

Standards Development Organizations

(SDOs).

4. Standards-driven architecture

system architectures that leverage

open standards for the recording and

coding of data, thereby promoting a

high level of data quality through

similar data processing across multiple

component systems.

RecommendationsData quality can be affected by a

range of factors, including data entry

standards and practices and information

security. However, in most cases, the

most important factor affecting data

quality is the ability of subsystems

to share meaningful and accurate

information. Enabling semantic data

sharing between subsystems that

use different terminology and data

standards is a major challenge. In the

long term, HIEs will act as standards

development and/or profile enforcement

organizations within health information

exchange networks. However, to achievea level of interoperability and improve

data quality in the short term, we

recommend that HIEs:

Consider a service-oriented

architecture

Achieving interoperability by enforcing

common standards and implementing

complex interfaces can be prohibitively

disruptive and expensive in the short

term. A more efficient approach:

gradually implementing open standards

over time as legacy systems are retired

or integrated, infrastructure is updated

and new applications are developed.

However, to meet the short-term

need for interoperability, HIEs should

consider developing a service-oriented

architecture (SOA). In the long term,

full semantic interoperability will be

achieved by implementing common

HIE standards. In the short term, alevel of interoperability can be

achieved through an SOA.

Involve clinicians in designing and

configuring applications data

handling functionality

Applications data validation and error

detection rules should reflect real-

world logic in terms of understanding

relationships between concepts such as

treatments and diagnoses; identifying

illogical and inaccurate information

using fine-grained parameters; and

detecting incomplete data or informa-

tion that lacks meaning through rules

based on clinical and business logic. To

achieve this level of intelligent data

handling, clinical subject matterexperts should be involved in the design

and configuration of applications.

Even off-the-shelf products should

be carefully configured to reflect local

clinical practices and processes.

Data quality


27/36

27

Data integrity refers to the validity,

accuracy and reliability of data after it

has been stored, transferred, retrieved

or processed. Failure to ensure the

integrity of clinical data has an adverse

affect on data quality, system flexibility

and performance. To maintain data

integrity, the infrastructure underlying

solutions must maintain data quality

and characteristics (format, meaning,

rules, relationships and latency, for

example) during such operations as

storage, retrieval, communication and

transfer. Data integrity can be affected

by a range of factors. Among them:

unauthorized modification of data,poor-quality source code and non-

interoperable subsystems. To address

these issues, effective HIE information

governance architectures should

include four components:

1. Code integrityprocesses that test

source code to eliminate bugs that may

result in data loss or data corruption

during data storage or transfer.

2. System hardeningperiodic or ongoing

processes that reduce security risks by

evaluating the effectiveness of security

architectures, identifying security risks

and undertaking security improvements.

3. Interoperability governancea

function that works across organizational

and information silos to develop and

enforce common standards, protocols

and processes to enable syntactic,

semantic and/or process interoperability.

4. Standards-driven architecture and

standards managementa standards-

driven system architecture that conforms

to open or common messaging, infra-

structure, communication, application,

data and clinical terminology standards.

Standards management includes the

roles, processes and solutions that

develop, manage and enforce common

technical, communication, messaging

and data standards that enable

subsystems to share information

more effectively.

RecommendationsMaintaining and improving data integrity

without affecting system flexibility,

reliability and performance are complex

challenges. However, given the potential

impact of low data integrity on care

quality, compliance, adoption and

efficiency, these are challenges every

HIE should strive to meet. To improve

data integrity, organizations can use a

number of strategies, solutions and

standards as part of a comprehensive

data management strategy. From

Accentures research and experience,

we recommend the following actions:

Aim to achieve a level of interoper-

ability that will deliver tangible

clinical and administrative benefits

by developing specific use cases

Too often, health care organizations

invest in interoperability without a set

of specific use cases that demonstrate

how interoperability will add value by

improving clinical decision making, care

quality and process efficiency. In such

cases, HIEs may target an inadequate or

unnecessary level of interoperability that

either limits the clinical and administra-

tive value of interoperability or needlessly

increases the cost of achieving it. Often,

the most efficient solution is for HIEs to

target different levels of interoperability

across systems, clinical workflows and

functions depending on specific use

cases. This approach enables HIEs to

concentrate resources on achieving high

levels of interoperability where it willdeliver the most significant clinical or

administrative benefits.

Implement effective data integrity

checkpoints and edit checks

To maintain data integrity and quality,

HIEs should develop a library of standard

data elements and use data integrity

checkpoints and edit checks to ensure

data conforms to data standards. Check-

points verify that datas characteristics

meet data integrity specifications after

it has been created, stored, processed

or used. Edit checks enforce data rules

and standards and are an important

part of data cleansing; they detect

and correct, delete or highlight errors,

inconsistencies and missing data.

Target process interoperability through

comprehensive clinical transformation

and process optimization strategies

Organizations often fail to maximize

the clinical and administrative value of

syntactic or semantic interoperability

because clinical and administrative

processes and workflows arent

interoperable. In other words, data

created, used or modified by discrete

processes cannot be used effectively

by other processes. Achievi

Accenture Hie

Documents

Transcript of Accenture Hie