Health information exchanges (HIE) are a way for patients, providers and other health care stakeholders to overcome the long-standing habit of storing medical information in separate and sometimes redundant systems. Data sharing through HIEs hold promise for more efficient, higher quality and better coordinated health care, and although the use of HIEs has been growing in recent years, these tools face obstacles to more widespread use. Many of these obstacles can be attributed to the complex network of laws related to HIEs; however, research on how these laws affect HIE adoption remains scarce.
To fill this gap, Mr. Cason Schmit, research assistant professor and Dr. Bita Kash, associate professor, at the Texas A&M School of Public Health, together with a colleague from Arizona State University, studied the body of HIE-related laws to find out how the legal environment can help or hinder HIE use. Mr. Schmit’s team used the Westlaw legal database to examine laws relating to HIEs in all 50 states, the District of Columbia, Puerto Rico and the U.S. Virgin Islands. They coded laws into a set of 20 legal attributes that covered nine broad legal themes, such as governance, participation incentives and mandates, funding, HIE use, and privacy and security. Their findings were recently published in JAMIA.
“We wanted to see if states were following the published recommendations in the literature,” Mr. Schmit said. “Unfortunately, few states have laws that address the key recommendations.”
Previous research found that creating a statewide HIE would make it more likely that a patient’s medical records could be accessed anywhere in the state. Of the 53 jurisdictions Mr. Schmit and colleagues studied, only 31 states had laws establishing a statewide HIE. These laws varied on who legally controlled the statewide HIE, i.e., private entities, public/private partnerships, or state agencies. The research recommends either private or public/private governance to make use of private sector knowhow and reduce burdens on state budgets; however, nine of the 31 state laws assigned control to state agencies.
Privacy and security are significant concerns for providers and patients alike, thus carefully crafted laws that address these concerns could help promote HIE adoption.
“More than half of the jurisdictions had privacy laws, yet many did not use specific language,” Mr. Schmit said. “This lack of specificity runs the risk of giving patients a false sense of security or even creating confusion about the law, which could act as an obstacle to HIE adoption.”
Incentives and mandates are crucial tools for getting a large enough group of users exchanging data to make HIEs viable, because they require high levels of participation. Financial incentives and non-financial ones like legal immunity for HIEs or providers could promote further use of HIEs. Legal mandates could also promote increased use of HIEs and curtail hoarding of patient information by hospitals and providers in highly competitive markets.
Allowing patients, researchers and other parties to access HIE data could also improve HIE value. Protecting confidential data is a crucial part of privacy and security, but allowing more access to data could improve treatment effectiveness, make care more patient-oriented and give patients tools to be more active participants in their own care. In addition, payers and insurers could use HIE data to help reduce health care costs.
Laws related to funding and sustainability of HIEs also play a critical role as inadequate funding can hinder HIE adoption. Many states depend on federal grants for HIE funding, thus cuts to federal funding could seriously harm HIEs in those states. Despite this threat to sustainability, only 28 jurisdictions had laws focusing on funding and 24 identified long-term funding sources.
Many of the laws surrounding HIEs are intended to promote HIE use and adoption; however, there is some evidence that overly complex laws can hobble innovation. For example, Indiana is home to one of the largest and oldest HIEs, but has no HIE-specific laws.
“It could be that we are relying too much on law to promote health information technology,” Mr. Schmit said. “Information is most valuable when it is shared, so there is a real concern that complexity between states’ HIE laws might get in the way of data sharing and stalling health information technology.”
Although this study fills a crucial gap in the literature, more research is needed to look into the complexity of various HIE laws. The findings from this study and its database of laws can act as a starting point for future work on HIEs aimed at improving tools that have proven useful for patients and health care providers alike.