Exchanging Healthcare Data: A Look at 3 Standards Competing to Provide Interoperability

February 5, 2020
Brenda Hopkins
Brenda Hopkins

Brenda Hopkins, eFax Corporate Chief Health Information Officer, specializes in the area of healthcare interoperability where she is focused on open data exchange of healthcare information inside and outside of the electronic health record and using open platforms and tools such as APIs as a means of sharing. She started her career as a pediatric/neonatal transport nurse and brings a patient/user centered team-oriented approach to technology build and enablement for leading software solutions. Prior to joining eFax Corporate, Hopkins held leadership positions at GE Healthcare, Kaiser Permanente and Adventist Health purchasing, building, implementing and scaling large enterprise electronic health records and ancillary solutions with a strong focus on meeting clinical, revenue, safety, and quality goals in value-based payment models and care delivery programs.

Three standards—Direct, Fast Healthcare Interoperability Resources (FHIR), and cloud fax—all hold promise for helping healthcare organizations more easily share information.

Clinicians struggle to streamline communications around referrals and prior authorization. Patients clamor for easy access to their full records and information on recent visits and tests. Clearly, improved interoperability is in everyone’s best interest.

Last February, HHS was unequivocal about the need for seamless (but secure) access to electronic health information. Essentially, it demanded that Medicaid, the Children’s Health Insurance Program, Medicare Advantage plans, and Qualified Health Plans in Exchanges provide enrollees with immediate electronic access to medical claims and other health information electronically by 2020. Despite all the demand, standards for healthcare data exchange remain a hodgepodge, with none gaining sufficient traction to advance interoperability on a large scale. However, several candidates seem to be emerging from the pack: Direct, Fast Healthcare Interoperability Resources, and cloud fax. Here’s an overview of each with notes about their potential to eliminate paper-based information sharing.

Direct

Development of the Direct standard began in 2010 by a public-private collaboration, with the backing of the Office of the National Coordinator for Health Information Technology, which oversees federal health IT certification. A year later, the collaboration published the first standard, with updates in 2012 and 2015.

Essentially, Direct is email that, instead of being maintained by an employer or email provider (eg, Google), is maintained by a Health Internet Service Provider (HISP). The HISP carries out the encryption/decryption and digital signing of each message and attachment.

In November, DirectTrust announced that 197 million messages were sent and received within its network during the third quarter of2019, a 3-fold increase over the same quarter in 2018. The total number of Direct exchange transactions was over 1.2 billion in 2019, an average of 68 million per month.

Use cases range from bidirectional referrals to automated patient summaries for emergency department (ED) visits; automated push event notifications for admissions, discharges, and transfers (ADT); and bidirectional patient messages.

In April, DirectTrust earned accreditation from the American National Standards Institute (ANSI), which should help the nonprofit advance its interoperability mission. In May, it unveiled plans to develop health data standards for instant messaging. The Trusted Instant Messaging+ standard will be used to enable real-time health data exchange and communication in a secure manner between trusted entities.

Despite the steady increase in transactions, Direct faces barriers to adoption, including a notable lack of education about the technology, costs, and technical difficulties handling certain types of messages. Additionally, participating providers must have Direct addresses to receive messages and know their recipients' addresses to share information, addresses that can be hard to find.

FHIR

Thanks to mainstream press coverage, Fast Healthcare Interoperability Resources (FHIR) is the best known health IT standard in the market. FHIR messaging mirrors that of HL7 v2, the organization’s first information exchange standard. Unlike its predecessor, it supports a multitude of transfer mechanisms, such as HTTP-based transfer and the HL7 minimal lower layer protocol (MLLP).

FHIR’s versatility is its strength. According to HL7, the solution’s modular components can be assembled into working systems that “solve real-world clinical and administrative problems at a fraction of the price of existing alternatives.” FHIR is suitable for use in a wide variety of contexts—mobile phone apps, cloud communications, electronic health record (EHR)-based data sharing, and server communication in large institutional healthcare providers.

According to ONC, in late 2018, 32% of health IT developers certified that their solutions were using FHIR, specifically FHIR Release 2. Slightly more than half (51%) appeared to be using a version of FHIR combined with OAuth 2.0. However, further analysis revealed that 82% of hospitals and 64% of physicians used FHIR-enabled products from this third of health IT developers.

Further ONC analysis of Medicare providers found that 87% of hospitals and 69% of clinicians were using products certified to be using FHIR. When restricted to FHIR Release 2, hospitals remained the same, but the number of clinicians dropped to 57%. ONC officials were quick to downplay the appearance of widespread FHIR use, emphasizing the difference between development and implementation.

There are 3 main use cases. First, FHIR-enabled systems can support the aggregation of data into a personal health record (PHR), so patients can access their medical records through a portal or other application. Second, FHIR supports document sharing (XDS) via a federated system of repositories. Third, it supports integration of clinical decision support tools into the provider's EHR system (eg, drug-drug interaction, prescription safety checks, and patient surveillance).

Although enthusiasm for FHIR is high, there are drawbacks. Until federal regulations for interoperability and information sharing are final, there’s no rule specifying which FHIR version stakeholders should use, which could hinder data sharing. Additionally, many EHR developers have placed restrictions on the use of FHIR, making documents sent via this protocol read-only.

Cloud Fax

Fax remains healthcare’s most interoperable communication protocol, and an improved form known as cloud fax is quickly emerging. According to one estimate, 75% of all medical communication occurred via fax in 2018. In part, that’s because faxing is a mainstay of provider-payer communication for prior authorization.

An American Medical Association survey found that a majority of physicians use phone and/or fax as the primary method for completing prior authorizations.

Unlike physical fax machines, which hold the potential for unauthorized access to sensitive health information, cloud fax services rely on internet protocols to send and receive faxes. Cloud fax technology lets users send email messages with attachments to other fax services, both digital and physical. The cloud-based services are hosted onsite in a private cloud or offsite in a fully-hosted environment, with hybrid models also available.

Leading cloud fax technologies include added layers of security to maintain compliance with health data security and privacy laws and regulations:

Transmission security: Encryption using Transport Layer Security (TLS) encryption over the deprecated Single Sockets Layer (SSL) maintains HIPAA-compliant transmission security for data in motion.

Data encryption: Alongside the use of TLS encryption protocols, certified cloud faxing technologies use Advanced Encryption Standard (AES) of at least 128-bit, though some products have exceeded that level by including 256-bit encryption for added protection for incoming faxes and data at rest.

Access control: Certified cloud faxing technologies require the use of unique IDs, administrative privileges, and AES encryption (as well as other protocols) to limit ePHI access to authorized personnel only.

Audit control: HIPAA technical safeguards stipulate that covered entities and business associates have in place technical policies and procedures to manage authorized access to individuals and software programs. Top-of-the-line cloud faxing solutions offer multiple levels of audit control (e.g., secure archiving and transmission tracking) that allow providers and other stakeholders to adhere to HIPAA.

Cloud fax use cases include all types of information sharing: referrals, transitions of care, prior authorizations, and more.

Obstacles to adoption include a lack of awareness about cloud faxing as compared to traditional faxing, as well as government efforts to eliminate the fax as a mode of health data exchange.

A combination of health IT standards and technologies will certainly be required to attain interoperability. Nevertheless, the effort is essential, as it allows providers access to the critical health data they need to make impactful clinical decisions.