R.I.'s Direct Approach To Health Information Exchange

Figure 1: Gary Christensen, CIO/COO of the Rhode Island Quality Institute

As the operator of Rhode Island's centralized health information exchange, Gary Christensen could have seen the Direct Project as a threat. Instead, he became its biggest champion.

"Regardless of how you do it, the point is to get information flowing," Christensen said in an interview. As CIO and COO of the Rhode Island Quality Institute, he oversees its best-known technology initiative, CurrentCare, a hub for the exchange of patient data and medical information from hospitals and medical labs across the state. But to get more doctors participating, CurrentCare has also encouraged the creation of a parallel system in which doctors can exchange patient records without the involvement of the central HIE, using a special type of secure email that can be used to send messages with XML-formatted continuity of care documents as attachments.

Using Direct, providers can bypass state and regional HIEs entirely, with secure email replacing the exchange of faxes between provider's offices. But even without having a chokehold on this system, CurrentCare is able to take advantage of it to accept records from providers and to send them alerts -- for example, to notify a primary care physician whose patient has just been admitted to the hospital or seen by the emergency department.

[ When your family's already conquered politics, how do you make your mark? Read Athenahealth CEO Jonathan Bush's Quest: A Healthcare Internet.]

The project was started in a 2010 public/private partnership, blessed by the Office of the National Coordinator for Health Information Technology (ONC) within the U.S. Department of Health & Human Services. Essentially, its approach is to build a parallel email system in which all messages are encrypted using public key cryptography and messages are only exchanged between trusted parties, identified with digital certificates. Participating practices and institutions contract with a healthcare Internet services provider (HISP) that manages these secure email accounts. Electronic health records systems (EHRs) can be configured to connect with HISPs, and some cloud-based EHRs act as HISPs.

HIEs may also act as HISPs; for example, San Diego Health Connect has made acting as the region's premier HISP part of its business plan for remaining viable after the expiration of federal grant funding. However, Christensen has avoided getting into what he perceives as a commodity business. CurrentCare does, however, act as the certificate authority that validates Direct email accounts and issues the required digital certificates (under a reseller agreement with DigiCert). This simplifies the process of exchanging Direct messages for all certificates, since there is one common directory for authenticating the account of any other provider or hospital in Rhode Island.

Some cloud startups talk up Direct health data exchange as a simpler alternative to centralized HIE infrastructure, eliminating the need for exchanges like CurrentCare. Christensen said some of his peers at similar institutions similarly perceived Direct as a replacement -- and therefore a threat -- and some are still inclined to view it as competition. He never saw it that way.

"I jumped in right from the beginning," Christensen said. Although CareCloud was systematically enrolling hospitals throughout the state to send it HL7-formatted documents over virtual private intranet connections, he knew that approach could never work for the hundreds of individual doctor's practices across the state. And as long as the network was limited to hospitals, its usefulness was also limited, he said.

"Most of the data about patients is not in hospitals; it's in EHRs sitting in practitioner's offices," he explained. Further, the vast majority of the doctor's offices and practice groups don't have a CIO or an IT staff that can invest time in setting up VPNs and testing software. They really needed to have something as simple as email -- if only the security risks associated with ordinary email could be eliminated. And if the Direct Project could pull that off, it would open up other possibilities.

"What struck me was that if it were true that everyone could basically pass information over the Internet in a  secure way -- and everybody was going to do it that way -- then we could use it, too, to get information from a practice into the HIE," Christensen said.

Rhode Island Quality Institute (RIQI) is well-positioned to steer doctors toward EHRs that support these data-exchange scenarios because one of its other roles is acting as a federally funded extension service that advises physicians on technology purchases and implementation. "In that role, we're kind of acting as the CIO for all the practices that don't have  a CIO -- I don't want them signing up with clunkers," Christensen said.

RIQI is a state-chartered organization, founded in 2001, and governed by a board of representatives from payers, hospitals, and doctors associations, that pursues a variety of healthcare quality improvement programs. About eight years ago, Rhode Island became one of the six states to receive a $5 million grant to explore the potential of using healthcare data to improve the quality of care, which was the beginning of the RIQI's HIE project. In 2008, the state followed up with enabling legislation for the creation of CurrentCare.

At a time when the economic viability of some other HIEs is in question, following the end of the federal grant programs that got them started, CurrentCare is fortunate to be funded on a utility model where the state insurance department collects $1 for every member in a health insurance plan (and most self-insured employers contribute voluntarily). That's enough to cover the core service, Christensen said, although he continues to seek grants that would support greater innovation and expansion of the network. CurrentCare does not collect transaction fees but does earn some contract revenue with analytics services based on its repository -- which pose another opportunity for growth.

Unlike some other HIEs, CurrentCare does not limit itself to acting as an information broker. Instead, it operates a statewide repository of health data, providing a centralized data warehouse that can be queried to look up any participating patient's records. Under R.I. law, individuals must give consent before their data can be transmitted online or stored in the CurrentCare repository. About 350,000 citizens are enrolled out of a population of just over 1 million. CurrentCare currently has participation from almost every hospital in the state -- with the last holdouts scheduled to come on board soon -- but the next challenge is to get all the individual doctors and practices around the state participating.

In other words, the database does not represent all healthcare activity in the state. Meanwhile, there are signs that, where it is used, it is making a difference. An example is its system for alerting doctors when a patient is admitted to or discharged from the hospital. The goal of this program is to allow doctors to follow up more proactively to promote a full recovery. The statistics suggest an impact on the 30-day readmission rate -- a common metric showing how likely patients are to find themselves back in the hospital shortly after discharge. Those whose doctors are enrolled in the alert system are 14% to 16% less likely to be readmitted within that timeframe than those whose doctors do not participate.

So far, there has been no formal study to translate that correlation into proof of cause and effect, Christensen acknowledges. "It might be that the early adopters for this kind of technology are the ones who are really good at avoiding readmits in the first place," he said. "Still, it's holding up."

As more doctors find themselves getting paid based on results, rather than hours, it will be the availability of these alerts and similar services that will drive them to enroll with CurrentCare.

The Direct architecture has made it much easier to work with EHR vendors, since sending a Direct message is not much more complicated than sending an email, Christensen said. To layer on functionality such as sending alerts, or sending regular updates to the CurrentCare repository, all that's required is some sort of trigger mechanism -- such as detecting the release of a lock on a database record -- to cause the system to generate and transmit an XML-formatted patient record every time new information is recorded. Getting the systems to generate correctly structured continuity-of-care documents that CurrentCare can actually import and make use of is usually where the real challenges lie, he said.

The payoff is that CurrentCare is positioned as the only statewide database with records for all patients, regardless of where they have received care, providing of course that patients and the providers involved participate in the system. This is where HIEs that operate on a federated model -- coordinating the exchange of data, rather than acting as a central repository -- are missing out, Christensen said. Federation is an easier model conceptually, compared with creating a data warehouse and dealing with all the attendant HIPAA patient data privacy issues, he said. However, achieving the data-exchange scenarios for which HIEs were originally envisioned is only the beginning of the potential, Christensen said. He talks about second- and third-order benefits, such as playing a bigger role in population health studies and providing other analytic and even consumer services. "I think it will be hard for the federated HIEs to achieve those second order and third order benefits," he said.

For example, one current initiative known internally as "my HIE" would use the CurrentCare repository to support apps that would be provided directly to consumers. The downfall of most personal health record programs has been the assumption that consumers would take the time to key in their own data, or obtain their electronic records from a provider to be imported. But an app that plugged in to CurrentCare could take advantage of the fact that it already has the data. The first such app on his list, which he's dubbed "MyMeds," would be one for the elderly and their caretakers to keep track of all the medications they're taking.

A first customer he has in mind is his sister, who is the one in the family who takes their mom to her doctors' appointments and keeps track of a growing medications list with a piece of paper tacked to the refrigerator.

"There are potential markets all over the place -- we're just early on in this," Christensen said.

Follow David F. Carr on Twitter @davidfcarr or Google+. He is the author of Social Collaboration For Dummies (October 2013).

Though the online exchange of medical records is central to the government's Meaningful Use program, the effort to make such transactions routine has just begun. Also in the Barriers to Health Information Exchange issue of InformationWeek Healthcare: why cloud startups favor Direct Protocol as a simpler alternative to centralized HIEs. (Free registration required.)