Exchange Networks and Trust

The health IT interoperability world is abuzz this week, as tension between implementers of the Carequality trust framework has burst into public awareness. At the moment, detailed information has not been made public, which is completely appropriate. Neither I nor Health Gorilla have insider information on the details of the current situation, and all that I say here should be taken in a general sense rather than as a commentary on specific events or players.

While I’m not privy to the details of the current situation, I’m deeply familiar with the underlying issues that are in play. I worked at Epic for many years, and was instrumental in the development and implementation of Epic’s Care Everywhere network. I later served as the first Executive Director of Carequality and helped facilitate the development of its policies and processes - including, for better or worse, its dispute resolution process. My current role at Health Gorilla gives me yet another perspective, as I work with our customers not only to ensure that they have a positive experience with our products and services but that their participation in national exchange networks is appropriate and conforms to the policy requirements. I spend a great deal of energy, in fact, on reviewing proposed interoperability use cases and providing education on exchange network policies.

While these various roles have differed significantly in their details and perspectives, they also have shared a unifying theme: ensuring trust in interoperable health data exchange efforts. Under pressure to grow quickly, develop competitive advantages, or even simply to improve healthcare, it’s easy to forget the leap of faith that a national interoperability framework demands from its participants. Organizations who face significant penalties and liability with respect to their handling of sensitive medical information, nonetheless agree to disclose that information, without manual intervention, in response to a transaction coming into their IT systems over the Internet.  

Let me restate that, because I think we may have lost our appreciation for it: highly regulated organizations who have high-stakes obligations with respect to the appropriate handling of patient medical information, nonetheless agree to disclose that information to a requester with whom the organization has neither a direct relationship nor, in some cases, any prior history of interaction. This is a rational choice only if there is a tremendous amount of trust in the underlying framework through which the request is made. 

Building this trust has literally been the work of decades. It relies on technical security measures, of course, which are well-understood and accepted. The challenge, with its accompanying potential for tension, lies in the policy requirements that define participation in the exchanges. Requests must be made for appropriate use cases that align with the specified purpose of the request. Virtually always, this purpose is Treatment as defined by HIPAA. Over time, collaborative efforts by our industry, with some nudges from government, have fostered widespread trust and participation in nationwide exchange for Treatment. For better or worse, the price of this success is that there are extremely strong incentives to justify tapping into these exchange networks via Treatment.

By no means am I implying that those with innovative approaches shouldn’t get an opportunity to participate in health information exchange, if they can provide a compelling argument for their use case and its alignment with the requirements. It’s critical, however, that those of us who facilitate such participation be mindful of our responsibility to the other participants, and to maintaining trust. Careful review must occur prior to onboarding anyone to the exchanges. If questions arise at any point from other participants, they must be taken seriously and addressed collaboratively. My experience is that if we approach questions of interpretation with a truly collaborative spirit, and with a shared goal of maintaining trust, they can be resolved, even when the stakes are high.

All of us who play a role in nationwide health data exchange frameworks have a responsibility to one another, and ultimately to patients, to ensure that we’re maintaining rather than eroding trust. This is a responsibility that I feel keenly, and that I bring to my role with Health Gorilla. I know that colleagues across the industry feel the same, and I’m confident that together we can work past the current challenges to restore and maintain trust among Carequality participants.