Most can foresee the essential role that the secure exchange of electronic health information will play in the future delivery of health care in our country. Indeed, Presidents Clinton, Bush and Obama all took significant steps with Congress and federal officials to advance the use of digital health records through a series of actions that included funding, enacting security and privacy laws, and enhancing standards that encouraged providers to adopt Electronic Health Record (EHR) systems.
State governments are also supporting the movement by passing laws and creating agencies to bolster the electronic use and exchange of health information. In Texas, the Texas Health Services Authority (THSA) was created to provide guidance and support for the development of health information technology (HIT) within the state through the creation of locally established and managed health information exchanges (HIEs).
Improved quality and cost savings expected from the seamless electronic exchange of health information has brought state and federal leaders together, providing critical momentum to help make the use of EHR systems the norm. But the perceived risks associated with the greater use of EHR systems has presented obstacles for HIT implementers across the country as they attempt to build user confidence and trust.
Recognizing the delicate and sensitive challenge presented by the transition, Texas leaders have taken extraordinary steps to put the state at the forefront of ensuring adequate privacy and security safeguards are in place for the electronic sharing of protected health information. Building on protections provided through federal and state laws, THSA created its HIETexas legal framework to help guide HIE implementers and ensure the exchange of health information is timely, private and secure.
The framework is intended to serve as the basis on which trust can be established between the parties involved in the electronic exchange of health information. The HIETexas legal framework includes:
- access to certification and accreditation programs to ensure compliance with federal and state laws, including the Health Insurance Portability and Accountability Act (HIPAA) and the Texas Medical Records Privacy Act;
- Business Associate Agreements that outline the standards for sharing protected health information;
- a State-Level Trust Agreement between THSA and HIEs that defines the responsibilities that all HIETexas participants owe to each other, including breach notifications and appropriate requests for information; and
- Participation Agreements that describe the business relationship between THSA and HIEs.
Because of the extremely sensitive nature of patient health information, first and foremost, HIEs must ensure that privacy rights are protected. Additionally, because providers share the same expectations for confidentiality while also requiring timely and accurate data in delivering care, all parties involved in the exchange of health information must maintain an unwavering partnership of trust in order for the process to work properly. The HIETexas legal framework was developed to allow HIEs and HIETexas to offer each other and their users the assurance that health information is shared in a secure, private and accountable manner.
“Without confidence in the HIE system, our partners will be reluctant and patients may resist participating,” said Tony Gilman, chief executive officer of THSA.
Gilman added, “Building and maintaining trust is imperative to our success. The HIETexas legal framework is the backbone and key building block of our efforts to develop a robust HIE infrastructure for our state.”