I was reading the popular HIStalk health IT news/opinion site the other day when I ran into a blurb stating that beginning in 2014, a new “North Carolina law requires hospitals with EHRs to connect to the state’s HIE and submit data on services paid for with Medicaid funds”. For the uninitiated, HIE stands for Health Information Exchange, and in this context it refers to a federally funded organization whose mission is to facilitate clinical information exchange in the State. There are similar organizations in most every State, funded back in 2009, alongside Meaningful Use and other shovel ready economic stimulus activities, through the ARRA and its HITECH Act.

The noble goal of HIE organizations everywhere is to improve care for patients by simplifying interoperability between disparate EHR technologies, allowing clinicians timely access to relevant, up-to-date medical information at the point of care. It makes perfect sense that North Carolina would like to “nudge” hospitals into sharing information with community physicians to improve care coordination and hopefully outcomes for its citizens. What doesn’t make any sense at all though, is the narrow requirement for Medicaid information only. Wouldn’t North Carolina want better care coordination for all people? And how does a hospital submit data only for a subset of services (not necessarily a subset of patients)? And why is this limited to submission, and there is no requirement that hospitals avail themselves of HIE data submitted by others? Obviously, I needed a bit more information to satisfy my foolish curiosity….

The first step was to check out the North Carolina HIE. Like many other organizations of its kind, the NC HIE chose to create a clinical data repository to be fed by prospective customers with “prescriptions, vaccinations, allergies, lab and test results, image reports, conditions, diagnoses or health problems and medical visit notes”, and with hospital ADT (admission-transfer-discharge) information as well. So far, like similar HIE organizations across the country, NC HIE is failing to garner active support from local hospitals. In an interview with the Carolina Journal earlier this summer, Mark Bell, CIO of the North Carolina Hospital Association (NCHA), suggested that “[t]ypically, a provider will not be thrilled with the idea of somebody else making money off of their data” which seems to be a “hot button topic”. Indeed, the NC HIE client list is remarkable for the absence of North Carolina’s famous academic centers of excellence and their affiliates. 

Mr. Bell’s hardly novel implication that some HIE organizations are seeking “to aggregate all that data and sell it to anyone who wants to buy that data, or for research, or a number of other uses” does raise the uncomfortable specter of patient privacy. According to its website, the NC HIE is an “opt out” exchange, which means that patients are “automatically” enrolled in the exchange whenever they “visit a participating doctor or hospital”, at no cost to the patient, of course. For inquiring minds, the NC HIE explains that it is only acting “as a “virtual medical record department” to collect and store medical records, and allow authorized providers to review and upload records”, and that “[h]aving a third party manage medical records is common practice”. Right. People may still opt out by calling a certain phone number or by mailing a certain form. As with most HIE organizations that engage in data accumulation, the “opt out” mechanism does not prevent patient information from being sent to the HIE, being stored in the HIE database, being disclosed to public agencies, or being used for other purposes when required or as permitted by Applicable Law. It only prevents disclosure to doctors and hospitals that are actually treating the opting out patient.

With that in mind, let’s go back to the brand new Applicable Law. The original bill contained language stating that effective January 1st 2014 “any hospital, as defined in G.S. 131E-76(c), that has an electronic health record system shall connect to the NC HIE and submit individual patient demographic and clinical data on services paid for with Medicaid funds”. This is a pretty lucrative arrangement for the NC HIE, which stands to gain approximately $5.5 million per year from subscription fees (at $250 per bed per year) alone, and undetermined amounts from interface charges, which as we all know can run into tens of thousands of dollars for each facility. Forcing the rich and famous North Carolina health systems to support the floundering public exchange may have been good enough reason to introduce this legislation, but that’s not the end of the story. The final bill, which is now the law of the land in North Carolina, was amended to include the following: “The NC HIE shall give the Department of Health and Human Services real-time access to data and information contained in the NC HIE”, and goes on to specify that the “Department of Health and Human Services and the NC HIE shall execute an agreement regarding the utilization and sharing of data and information contained in the HIE Network”, in a manner that complies with HIPAA and federal law. Note that the amendment language is not specific to “services paid for with Medicaid funds”.

It looks like the State of North Carolina came up with a rather innovative method for participating in what Mr. Bell from the NCHA terms a “hot button topic”. I am not sure how, or if, the State is planning to enforce this law, and I am not sure if hospitals will take the extra trouble (and expense) needed to segregate and submit to the State only those medical records that contain a Medicaid charge, but one thing is certain: individual patients in North Carolina have absolutely no say in this matter.  And so we take one more step on the road to trusted exchange.