hie_toolkit_banner
Introduction
How to Get Started
Environmental Scan
Conducting a Needs Assessment
Developing a Roadmap
Establishing Mission and Goals
Assessing Readiness
Sample Documents
Setting Up a Governance Structure
Stakeholders Roles and Needs
Types of Legal Entities
State Run HIE
Community Based HIE
Governance Challenges
Engaging Legal and Consulting Services
Sample Governance Documents
Legal and Information Sharing Agreements
Importance of Contractual Agreements
Types of Contractual Agreements
Determining Which Agreements to Use
Sample Agreements
Protecting Patient Privacy
Importance of Protecting Patient Privacy
HIPAA Compliance and Enforcement
National Privacy and Security Framework for Electronic Exchange of Individually Identifiable Data
Consent Models
Methods for Notifying Patients of Privacy Policies and Security Policies
Dealing with Variations in State and Federal Regulations
Key Issues to Consider
Sample Privacy Documents
Sustainability
Building a Sustainability Plan
Costs HIEs Should Consider
Revenue Streams
Usage Fee Models
Utility Model
Shared Revenue Model
Services
Grant Funding
Sample Documents
Marketing
Demonstrating Value and ROI
Engaging Stakeholders
Sample Documents
Social Media
Connecting Technically
Introduction
Elements to Consider
Supporting HIE Services
Infrastructure to Integrate with Regional HIEs
Integrating with State Medicaid
Integrating with Statewide Enterprise Services
Integrating with Payers
Using NwHIN Standards
Patient Access to HIE Data
Developing a Technical Infrastructure Plan
Moving Forward
Tracking Your Progress
Enhancing Service Offerings
Future Developments
Methods for Notifying Patients of Privacy Policies and Security Policies

The Health Information Security and Privacy Collaboration (HISPC) brought stakeholders from several states together to address and make recommendations on the privacy and security challenges in HIE, with the goal of identifying replicable steps that can build patient understanding and trust in HIE. Many communities have taken the recommendations and customized them to address the particular needs of their states to inform patients about HIE privacy, security and confidentiality policies, how complaints will be handled, how individuals will be informed of a violation and existing remedies available to them3. A review of several HIE specific materials identified key themes:

  • Make the principles available in plain language
  • Make the policies available in multiple mediums: print brochures, websites with information including self-directed tutorials
  • Develop FAQs and a glossary of terms
  • Utilize media to amplify the message to the larger public: posters, print ads, PSAs, videos
  • Consider the literacy levels and languages spoken by the patients receiving the information
  • Develop a process to measure and improve on the effectiveness of patient education about privacy and security policies

HISPC Literacy and Language Guide

CORHIO Fact Sheet for Consumers (English)

CORHIO Fact Sheet for Consumers (Spanish)

Georgia Privacy Glossary

Oregon Privacy Education Video

Kansas Evaluation Plan

NeHII Patient Brochure

In addition to these self-directed efforts, HIOs also have the opportunity to participate in the EHNAC Health Information Exchange Accreditation Program. While Utah Health Information Network is the only accredited HIE there are several HIOs applying for this independent accreditation of their adherence to privacy and security regulations, across three domains: technical performance, business processes, and resource management. HIO communication to patients about the voluntary accreditation offers another opportunity to convey that patients can learn about the HIE policies as measured by a third party. In addition, at least one state, Minnesota, requires that HIEs operating in their state be certified. Currently, the HIE-Bridge, operated by the Community Health Information Collaborative, is the only HIE to receive such certification.

3Some HIEs choose to employ a PR firm to help produce professional documents.

818 Connecticut Avenue, N.W., Suite 500
Washington, D.C. 20006
Tel: 202-624-3270 | Fax: 202-429-5553