Abstract
The Nationwide Health Information Network allow for the secure exchange of Electronic Health Records over the Internet. The Department of Veterans Affairs, Department of Defense, and Kaiser Permanente, participated in an implementation of the NwHIN specifications in San Diego, California. This paper focuses primarily on patient involvement. Specifically, it describes how the shared patients were identified, were invited to participate and to provide consent for disclosing parts of their medical record, and were matched across organizations. A total 1,144 were identified as shared patients. Invitation letters containing consent forms were mailed and resulted in 42% participation. Invalid consent forms were a significant issue (25%). Initially, the identity matching algorithms yielded low success rate (5%). However, elimination of certain traits and abbreviations and probabilistic algorithms have significantly increased matching rate. Access to information from external sources better informs providers, improves decisions and efficiency, and helps meet the meaningful use criteria.
Introduction
Better information yield better outcomes. However, most patients will receive care from multiple providers during their lifetime. According to data from Medicaid Match and self-reported use of non-VA health resources, three out of four Veterans receive some portion of their care from non-VA health providers. Similarly, DoD Military Health System reports that up to 60% of Servicemembers’ and other beneficiaries’ health care is received from providers outside of DoD. Therefore, to bring together all the pieces of a Veteran’s or Service Member’s Electronic Health Record (EHR) during a given episode of care; it is necessary for the VA, the DoD, and private sector providers (e.g. Kaiser Permanente [KP]) to exchange health information. This electronic exchange will enable to dynamically present providers with a complete virtual lifetime electronic record, which will better support their decision-making. To enable data sharing among diverse health care organization, no one can afford a different point-to-point technical interface with each partner, or a separate trust agreement with each partner. A point-to-point strategy grows combinatorial and does not scale. For instance, in a setting with 4 organizations 6 connections are required. In a setting with 8 organizations 28 connections would be required.
These technical and trust requirements are more efficiently served by a standard-based solution that allow any two organizations to connect and a “global” trust agreement that each organization signs once.
The Nationwide Health Informatics Network (NwHIN) is a United States (US) initiative coordinated by the Office of the National Coordinator (ONC), under the Health and Human Services Department. NwHIN is a collection of standards, protocols, legal agreements, specifications, and services that enable the secure exchange of health information over the Internet.1 The NwHIN provides a common technical and trust platform for health information exchange (HIE) across diverse entities, within communities and across the country, helping to achieve the goals of the Health Information Technology for Economic and Clinical Health (HITECH) Act. This critical part of the national health Information Technology (IT) agenda will enable health information to follow the consumer, be available for clinical decision making, and support appropriate (meaningful) use of health care information to improve patient care and public health.
The NwHIN is often referred to as a “network-of-networks” because the network arises when diverse public and private sector entities physically implement the NwHIN Interface Specifications and the related standards from Health Level 7 International (HL7), and Healthcare Information Technology Standards Panel (HITSP) within their physical health care systems.
As health care organizations in the US strive for ways to improve care provided to their diverse patient populations, their connection to the NwHIN exchange allow their clinician users to retrieve medical information from outside organizations and offer the benefit of “continuity of care.” The concept of “continuity of care” means that the patients’ medical information can travel with them electronically as they move geographically during their lifetime; like a Virtual Lifetime Electronic Record (VLER). Within the context of VA and DoD, the goal of the VLER initiative is to provide a complete EHR and coordinated care to those who serve this country regardless of where the health care services are provided. This functionality naturally integrates to an organization’s internal EHR and allow users to see health summaries from external organizations and see these data integrated into aggregated views of more complete list of problems, medications, allergies, etc.
For some organizations, a patient’s participation in the NwHIN is governed by authorization for release of information. Indeed, even when the purpose of use of the information sharing is treatment, payment, or healthcare operations, organizations’ policies may require obtaining a signed consent. For instance, before both VA and KP can release their medical records, each must obtain a signed authorization from the patient. They have an “opt out” consent model. The DoD has an “opt in” consent model.
VA, DoD, KP, and other public and private organizations have implemented NwHIN-conformant health information gateways. On one end, these gateways connect through adapters to the source systems of each organization – i.e., the EHRs. On the other end, these gateways communicate with each others to provide a common transport, security, and information payload. Each organization developed such components and on December 17, 2009, VA and KP took their implementation live in the San Diego, CA area. DoD initiated connectivity on January 31, 2010. These connections provide a mechanism for health medical record sharing among organizations and any future NwHIN participant. To begin using this new functionality with real patients, VA and KP identified active patients who receive care from both organizations and invited them to participate in this first bi-directional electronic HIE using the NwHIN.
This paper describes the process for identifying these shared patients, obtaining their consent, and matching their identity across the participating organizations. The issues of patient consent and identity proofing are prerequisites to the exchange of information. Incorrect matching can result in misinformation and medical error and could compromise privacy and security if patient information is inappropriately disclosed. Evolving a scalable solution to these challenges is paramount to the success of the NwHIN.
Methods
System overview
At its most fundamental level, the NwHIN is a network. Each node on this network is an entity that participates in the exchange of health information with other nodes on the network. A small or large health information organization may become a node on the NwHIN - a NwHIN Health Information Organization (NHIO) through the implementation of an NwHIN-conformant Gateway. A NwHIN-conformant Gateway is the physical implementation of the NwHIN Services which allows NHIOs to securely communicate with each other across the public Internet. The NwHIN CONNECT software2 is an example of such a component available in the public domain.1 The second component of an NwHIN solution is the Adapter. The Adapter implements a set of services that connect the organization’s clinical information systems to the Gateway (see Figure 1.)
Figure 1.
NwHIN solution components include a gateway and an adapter.
The services supported by the gateway includes: patient discovery service (do you know this patient), query for document (request for a health summary for a patient known to both), retrieve document (request for a specific continuity of care document), authorization framework (user assertions – identity, role, organization, purpose of use, etc.)
With such a connection, users within each organization are given a new functionality that allows them to recognize when a patient has data from external sources to the organization. Then, they can request a summary health record and receive it in a known standard format of a Continuity of Care Document (CCD).
Patient Discovery service
Patient Discovery service is one of the main standard specifications that support the NwHIN exchange. Before one node attempts to exchange patient-specific information with another, the two nodes must reciprocally establish that they are referring to the same person. A standard Patient Discovery Service defines the mechanism by which one NwHIN node can query another to determine if it is a source of information for a specific patient.
A Patient Discovery request includes a set of demographic attributes associated with the patient (e.g., Name, Date of Birth, Gender, and often, the Social Security Number [SSN]). Each responding node attempts to match the set of demographics provided by the requestor with those in its own Master Patient Index (MPI). If a single match is achieved, the responding node responds with its Patient Identifier (PID) and its set of demographics. The initiating node can then evaluate the returned set of demographics using its own matching algorithm to determine if it agrees with the match. A successful match allows both nodes to save the “correlation” and PIDs of the patient. The PID is used for subsequent queries for information about that patient.
Note that the NwHIN does not include a master patient index itself or any database for that matter except for the Service Registry where a list of participants is maintained along with the services they support.
Pilot population determination
In order to accelerate patient recruitment in the pilot, as well as facilitate assessment of patient participation, it was agreed that there would be an active process to identify shared patients and formally invite them to participate. The initial target pilot population aimed for a large number as the project staff anticipated that the size would be reduced because some patients would decline to participate. Of these, some patients would have invalid consent authorization forms, and, of this subset, there would be patients for whom the two organizations would fail to “correlate” or successful match that they are referring to the same person.
First, a query was performed against the San Diego VA Medical Center database to retrieve all active patients that had KP as a secondary insurance. Active patient was defined as a patient with a past visit in the last 12 months or with a future appointment. The list of patients was then shared with KP to confirm those patients existed in their database. The San Diego VA Medical Center then merged all pertinent demographic information including address and phone number into a single spreadsheet that was used to support the invitation mailing process and the tracking of patient participation.
VA and DoD shared patients were determined based on a SSN comparison between the active lists of patients at the San Diego VA Medical Center and the Balboa Navy Medical Center. A similar comparison based on SSNs yielded very few DoD and KP shared patients.
Patient invitation mailing package
For both VA and KP, the patient authorization is “opt out” by default, whereas for the DoD the default is “opt in.” This means that before VA and KP can disclose patient medical record information they must obtain a signed authorization or consent from the patient. A patient is “out” of the exchange unless they sign an authorization for release of information and “opt in”. If a patient did not return a signed valid authorization form, they were considered opted out and their medical record information was not disclosed. Both VA and KP agreed to develop and send a single invitation letter to the shared patients. The aim was to simplify the process to improve the chance of patient participation.
VA mailed the invitation packages, which included the letter, the VA authorization form and instructions (VA form 10-5345), the KP authorization form and instructions, and a stamped return envelope. The letter had the patient name and address in the header, stated the benefits of the electronic exchange (e.g. better informed decisions, higher safety, less duplicative testing and therapies, reduced burden on patients for carrying their own medical information between providers, help meet meaningful use criteria, and overall system efficiency), and explained that patients are free to opt in and, once they opt in, they are able to revoke the authorization at anytime. Both VA and KP consent authorizations specifically named the other party as the only recipient of the release of information and spanned the life of the pilot in San Diego or five years, whichever came first. Mailing took place on November 27, 2009. A week later, KP notification services sent an automatic phone reminder to every invitee.
Patient consent directives management
The San Diego VA Medical Center Privacy Officer documented the returned envelopes received along with the contents in the envelope, and then mailed KP their authorization forms. Each organization then validated its own authorization form (also referred to as consent form for disclosing parts or all of the medical record), verifying that each form was completed properly and that the signature could be verified against existing documentation on file. The VA form needed additional validation to comply with the requirements of Title 38 US Code Section 7332 (38 U.S.C. § 7332) concerning protected information (i.e., diagnosis or treatment relating to drug abuse, alcoholism or alcohol abuse, infection with the human immunodeficiency virus [HIV], or sickle cell anemia). The validation process required a manual review of the Veteran patient’s official EHR to confirm that statements made by the patient on the form about the presence or absence of the four protected conditions were consistent with the information in the record. Several parts of the medical record had to be examined by health information management specialist including the problem list, the medication list, and visit clinical notes. This manual process is naturally time consuming and error prone, although no measurements were made to quantify these aspects.
Title 38 is a special requirement for the VA only. It basically requires either a redaction of information related to the protected conditions or an explicit authorization from the patient that this information can be disclosed. Since the VA cannot guarantee that this information can be redacted reliably (this information can be contained in structured and unstructured notes and can be represented in many ways), it must obtain a signed authorization from the patient. The patient checks on the authorization form which of the 4 conditions is included in their record and signs that they authorize its disclosure. Consequently, the validation by the Release of Information staff consists of verifying the information provided by the patient on the form: information checked on the form must match what is in the record. If, for instance, the patient checks that their record contains ‘HIV’ and upon verification it is determined not to be the case, then the form is invalid. Another scenario is if the patient does not check any of the 4 boxes but their record does include information about one or more of the protected conditions, then again the authorization form is invalid.
After each authorization form was declared valid, the “opt in” status of the patient was entered in each organization’s respective system. At VA, a subsystem maintains Veterans authorization preferences and organization policies, in both human-readable and machine-executable formats. The executable format is used to allow or deny information requests by only allowing requests for which an “opt-in” status exists.
In contrast, 38 U.S.C. § 7332 does not apply to DoD in the same way it applies to the VA. Thus, DoD has adopted a model in which all Servicemembers are opted in by default and no additional authorization is required for the exchange of health information under the purpose of treatment.
In the US and elsewhere, the right of individuals to state their consent directives and exercise control over their health information represents one of the foremost policy challenges related to the electronic exchange of health information3.
Patient identity matching
The entered “opt in” status triggered an announcement to the other organization attempting a patient identity match (see also Patient Discovery above). Several patient traits accompanied this announcement (i.e., First Name, Last Name, Middle Initial or Name, Date of Birth, Gender, Street Address, City, State, and Zip Code) along with the PID.
Only single matches or no matches are currently supported. In the case of multiple patient matches, the responder returns a ‘no match’ result. When the responder finds a single match, then it returns its internal patient PID and its own demographics. Then, the requester can perform a confirmation match using the received traits and accept or reject the match. Indeed, a match has to be confirmed by both organizations before it is recorded.
VA, DoD, and KP started with a deterministic matching algorithm, which requires all demographic traits match exactly. VA and KP have subsequently migrated to a probabilistic algorithm, with DoD planning to do so in the near future. Probabilistic algorithms are designed to reach significantly higher matching rates while preserving a very high specificity4. In this paper, we have only evaluated the performance of the deterministic algorithms against the initial established list of common patients where the matches were confirmed manually by healthcare identity management specialists. Furthermore, we only used a sample of these shared patients to estimate the initial matching success rate of all demographic traits were used and if the comparison algorithm required a complete character to character match (i.e., deterministic algorithm).
Results
Pilot population
The San Diego VA Medical Center database has about 60,000 enrolled patients. Based on the criteria described above, the initial query to the San Diego VA database for patients who have KP insurance yielded 1,500 patients. This initial list was shared with KP. Upon manual review, KP eliminated approximately 300 patients because of either lapsed insurance or incomplete information in the KP registration system, such as a missing Date of Birth. The final list of 1,144 patients was returned to VA to create a Pilot Tracker spreadsheet with the following demographic information: First Name, Last Name, Middle Name or Initial, Date of Birth, Gender, Marital Status, Street Address, City, State, Zip Code, and Phone Number. Additional tracking fields like date envelope received, validation completed, opt in status entered, etc. were also added.
The VA and DoD patient lists comparison resulted in 10,539 shared patients. There were no shared patients identified between DoD and KP.
To date, the number of patient records exchanged (VA and KP disclosures) is still low in the San Diego pilot (2–3 per week). The count of records exchanged between VA and DoD is larger because of a larger shared population and probably due to end-users who are used to looking for data from remote sites (20–30 per week). The disclosure of a VA, DoD, or KP record happens when a ‘correlated’ patient has an appointment at one of the three organizations and the provider seeing the patient makes a request over the NwHIN to retrieve a health summary from the other organizations where the patient has data.
The VA-KP shared population appears to be comparable with the general San Diego VA Medical Center population. This enables the extrapolation of methods and results from the pilot to the general San Diego VA population.
A two-sample t-test for equal means showed that there was a statistically significant shift to the left in the age between the “opt in” and “opt out” patients, p value<0.00001 (see Table 1). In other words, the “opt in” population was older. A possible explanation could be that older patients have more to gain from information exchange than younger ones, as they have more health issues.
Table 1.
Age and gender characteristics of the “opt in” and “opt out” populations between VA and KP.
| Total (1144) | Opt IN (501) | Opt OUT (643) | ||
|---|---|---|---|---|
| Mean | Median | Mean | Median | |
| Age | 59 | 62 | 52 | 56 |
| Male (468) | Female (33) | Male (600) | Female (43) | |
| Gender | 94% | 6% | 93% | 7% |
There was no significant difference in “opt in” decision between genders, as the overall VA population of 94% male and 6% female reflects closely the “opt in” decision.
Patient consent, authentication and identity matching
The rate of participation (44%) was very large in mail invitations for health initiatives. A large part of the responses occurred within the first two weeks of mailing the invitation and, as expected, spiked following the phone message reminder. Figure 2 below shows the flow of patient recruitment in the VA-KP NwHIN exchange in the San Diego pilot. Indeed, as expected, the final count of patients for whom an exchange of information can take place is reduced by several filters: decision to participate (n=501), returning a valid authorization (n=377), being entered into the system (n=363), and finally being successfully matched or correlated between the two organizations (n=264).
Figure 2:
patient recruitment in the VA-KP NwHIN exchange in the San Diego pilot.
Figure 3 below shows the cumulative weekly counts of patient recruiting activities. Returned authorizations are signed authorizations received from patients. Valid authorizations are authorizations that have been confirmed to have patient’s signature when compared to other signed documents and be complete. VA Opted In patients indicate that Release of Information staff have entered the opt in status of the patient in the system. VA correlated patients are patients for whom a successful identity match has taken place between VA and KP.
Figure 3.
Weekly cumulative patient participation counts in the San Diego NwHIN Pilot.
The high rate of invalid VA forms (25%) can be attributed to the complexity of the VA form, as well as the complexity of the chart review and validation process. Patients could potentially check mark any or all of the 38 U.S.C. § 7332 protected conditions to indicate that they agreed to exchange this information. However, each protected condition check-marked had to be present in the record, or the form was considered invalid. Conversely, forms were also considered invalid if protected conditions were found in the record but were not check-marked on the authorization form by the patient. Missing information or a missing signature also resulted in invalid forms. Every VA authorization form had to be manually verified by the Release of Information staff against the information in the patient’s VA record, irrespective of whether the patient check marked the protected conditions. This step was a considerable barrier to scalability at VA.
A new VA authorization form for the NwHIN has been approved, removing the 4 boxes and rephrasing the form language to have the same effect. Basically, the patient authorizes disclosure of their information whether or not it includes any of the 4 protected conditions. This is a major simplification for patients, the Release of Information staff and the NwHIN enrollment process.
Based upon a manual processing of 100 patients, we estimated that if all demographic traits were used, there would only be a 4% success rate. Consequently, we agreed to exclude Phone Number, Marital Status, and Middle Name from the deterministic algorithms because these fields were the least standardized and the most subject to variation. In addition, the street addresses were manually corrected in both systems to address simple differences in abbreviations (e.g., St vs. St. vs. Street) and Zip Code extensions (e.g., 92130 vs. 92130-3351). These changes improved the correlation rate to about 50%.
Ongoing manual intervention followed to try to match all patients who had opted in. VA and KP staffs manually indentified the differences that could prevent patient matching. When the differences were trivial as in the difference between a 5 and 9 digit Zip Code (the Zip Code extension is first verified on the U.S. Postal Service Web site) the change can be made immediately. In other cases, when a Last Name had two spellings for instance, the patient was contacted to confirm the correct spelling before a change was made.
Discussion
VA, DoD, and KP are actively planning extensions of the San Diego pilot. The extensions include simplified patient authorization forms, new patient matching algorithms, online and open enrollment, as well as expanded content exchanged, and the addition of new NwHIN participants in the San Diego area.
The project team is now considering multiple approaches to shared patient population determination and recruitment. Each organization is examining its patient records for markers indicating care elsewhere and simple direct SSN comparisons are being used. Letter invitations will largely be replaced by public announcements and open enrollment during registration and appointments.
VA and KP have already revised their patient authorization forms to simplify completion, validating them, and making them “global” to all NwHIN current and future participants. VA removed the 38 U.S.C. § 7332 check boxes and, as a result, validation against the Veteran’s EHR is no longer needed. The new forms are now available online. The long term objective is to enable eConsent, offering the ability for Veterans to review and define their “fine grain” authorization preferences online. Fine grain authorization preferences include the request to restrict information sharing to a particular health care organization or a particular provider or to omit certain data modules.
VA and KP have replaced their deterministic patient matching algorithms with probabilistic ones. This is expected to result in higher success rates (70–90%). In addition, demographic data are being shared in a coded standard terminology (e.g., Health Level 7 International gender codes).
New San Diego community partners are preparing to connect to the NwHIN to exchange health information with VA and DoD, including the University of California San Diego and others. With VA, DoD, and KP, these new partners may provide 95% of the care in the San Diego area. The initial content exchanged included Demographics, Allergies, Medications, and Problems. In the iteration released in September 2010, Laboratory data (Chemistry/Hematology), Vital Signs, and Immunization data were added and Clinical Notes will be added in an upcoming release.
The final step before records are exchanged is for clinicians to use the system each time an “opt in” patient is seen. On the VA side, a notification appears to alert clinicians that the patient has data across the NwHIN. Similarly, on the KP system, a “NwHIN Launcher” button appears for patients who have opted in. The list of appointments is being tracked for correlated patients and the project staff is contemplating various ways to increase use of the system, including phone calls to providers and providers’ assistants prior to an appointment, as well as including a note in patient appointment reminder cards.
Conclusion
The San Diego pilot is the first implementation of the NwHIN specifications between three large health care provider organizations. The system is currently being used to facilitate continuity of care across three public and private organizations. All three organizations intend to deploy the same solution to other geographical areas partnering with other private sector partners. Study of multiple pilots will inform our plans to eventually implement this medical record information exchange nationwide, with any NwHIN participant and achieve full, unconstrained NwHIN participation. Also, this will help realize the meaningful use criteria and facilitate continuity of care among organizations.
In this paper, we have described an important aspect of our experience with the NwHIN, namely, the consent authorization process and the patient identity matching challenge. We hope our reported efforts and evaluation contribute to the general understanding of implementation issues, barriers and strategies and can help others in their planning.
In San Diego, these processes started in a manual, deterministic, and time consuming fashion. This is not scalable to the larger VA, DoD, or KP populations. The lessons learned in San Diego have informed the strategy for subsequent pilot implementation. Improvements incorporated included a more integrated patient recruiting process (e.g. open enrollment online with digital signature or in person enrollment during am encounter), a simpler patient authorization form and process (global to all NwHIN partners and requiring small amount of data entry and quasi no validation steps), and a superior patient identity matching algorithm (probabilistic).
References
- 1.Office of the National Coordinator, Department of Health and Human Services NwHIN exchange architecture overview. 2010. Retrieved February 27, 2011, from http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_11113_911643_0_0_18/NHIN_Architecture_Overview_Draft_20100421.pdf.
- 2.Office of the National Coordinator, Department of Health and Human Services NwHIN CONNECT gateway: CONNECT Community portal. 2011. Retrieved March 13, 2011, from, http://www.connectopensource.org.
- 3.Goldstein M, Rein A. Consumer Consent Option for the Electronic Health Information Exchange: Policy Considerations and Analysis. Mar 17, 2010. Retrieved March 17, 2011 from http://healthit.hhs.gov/portal/server.pt?open=18&objID=911150&parentname=CommunityPage&parentid=11&mode=2&in_hi_userid=11113&cached=true.
- 4.Dimitropoulos LL. Privacy and security solutions for interoperable health information exchange: Perspectives on patient matching: Approaches, findings, and challenges. 2009. Retrieved March 15, 2011, from http://healthit.hhs.gov/