Guidance for Assessing Critical Success Factors Influencing Adoption of Health Information Exchange Solutions

The primary objective of a health information exchange (HIE) system is to share healthcare information among a variety of healthcare providers using contemporary networking technology.

In order to improve patient safety, healthcare quality, efficiency, and equity, health information must be accessible to the patient and to the healthcare professionals and support organizations involved in the care process. The potential for the provision of health information to be a valuable form of health intervention is realized at the point of care. Efforts to establish communitywide health information exchanges date back to the early 1990s; however, widespread adoption of systems designed to efficiently share information between providers and patients has been slow to take root.1


To assist healthcare entities seeking to adopt a HIE system, this paper seeks to answer the following research question: What authoritative guidance exists for entities assessing critical success factors influencing adoption of health information exchange solutions?

To that end, this paper explores sources for guidance and offers a list of factors for assessment for those seeking to adopt and use a HIE solution. According to current research, viable HIE solutions meet the following requirements: affordability, scalability, interoperability, flexibility, security, and ease of implementation and administration.2 However, no authoritative guidance exists describing how all of these requirements can be accomplished. Without clear guidance, numerous entities have tried and failed to meet expectations and demonstrate a sustainable business model. HIE success often hinges on whether the entity is willing to provide financial support for the service, which is not an optimal criterion for selection.

General frustration exists with current HIE solutions. No single HIE solution is robust enough to support the majority of necessary HIE situations.3 As a result, many providers manage and maintain multiple and parallel HIE systems and procedures. Routinely, with each new request for information, decisions must be made about which option is best suited for each HIE scenario. Entities wishing to migrate to an electronic health information environment find that they must still maintain traditional facsimile and postal HIE solutions until an affordable and reliable electronic system emerges.4 Authoritative guidance from a reliable source would facilitate earlier organizational migration from traditional paper-based solutions to electronic networking platforms.

Review of Existing Health Information Exchange Solutions for Authoritative Guidance

For providers and consumers seeking to participate in a health information exchange, a clear understanding of clinical data architectures and models is required for selecting the best solution. HIE models can be sorted into three architecture types: federated, centralized, and hybrid.5 However, in actual application, elements of these approaches are combined into HIE systems tailored to the particular healthcare setting, population, purpose, and intended use.

The American Health Information Management Association (AHIMA) practice brief “HIM Principles in Health Information Exchange” provides an overview of the various commonly implemented HIE models and provides examples of HIE organizations that are currently employing each model.6 (See Table 1.)

Regardless of the architecture and model employed, stakeholders must focus on the critical factors for the development of disparate HIE programs in the community served. These critical factors include these attributes:

  • data accessibility
  • reliability
  • accuracy
  • security
  • long-term sustainability

Driven by public and private investments, new HIE projects are constantly being launched to meet varying objectives and purposes. The process selected is driven by the purpose of the HIE. The governance model created must set standards for the data exchange process. Compliance with the HIE organization’s operational, process, and technology components is mandatory. Those who are seeking guidance can use recent reports concerning factors that support long-term solutions, such as the eHealth Initiative’s 2011 Report on Health Information Exchange: Sustainable HIE in a Changing Landscape.7 Those who wish to implement a successful HIE must further explore the elements that ensure that the system is sustainable, paying to close attention to how successful models and solutions have been translated by other HIE initiatives. The measured value that stakeholders gain from the services of a health information exchange directly impacts and influences the HIE initiative’s revenue model. Forming a clear understanding of this perceived value is paramount to achieving revenue objectives.8

Guidance for Assessing the Value of Health Information Exchange Options

In 2011, the College of Healthcare Information Management Executives (CHIME) advised that before making the decision to affiliate with an HIE organization, providers should determine if the potential exchange option will offer enough value to the healthcare organization.9 Moreover, it is paramount that the healthcare organization fully understand the cost implications of selecting the entity providing the services. Building and maintaining the necessary exchange connections is a long-term financial commitment that healthcare organizations must fully assess and comprehend before making a final decision. In addition to use fees and other continuing contract expenses, a healthcare organization should budget for unique or occasional and ongoing participation expenses. For example, federated HIEs are historically more expensive to implement because healthcare organizations are expected to cover hardware costs.10

In addition to the direct costs of hardware and/or subscription fees, there are indirect costs associated with HIE participation:

  • The development of HIE interfaces necessary to support network connectivity requires the budgeting of information technology personnel time.
  • Establishing an exchange relationship with an HIE organization demands that the business workflow processes evolve to meet the expectations of accurate, timely, and complete health data at the point of care.
  • Implementation of the new processes will impact the entire staff, requiring additional time and resource expenditures.
  • No new project is ever executed without challenges and setbacks; therefore, organizational leaders must plan for and quickly mitigate identified workflow interruptions.
  • The cost of performing data validation audits before and after the system “goes live” must also be factored into the project budget.
  • The healthcare organization must commit the appropriate level of information technology staff support to meet the expected level of service for the long term.
  • Data quality is a critical success factor key to patient safety and improved care outcomes and must be monitored and controlled. Therefore, a rigorous data quality management process is imperative to build stakeholder trust and HIE sustainability.
  • Finally, budget dollars will need to be allocated to support the implementation of security safeguards. Security administration will be an ongoing expense because procedures must be reviewed following the introduction of each new business process and/or new technological revision.

Ultimately, the level of administrative complexity, along with the required technology and staff costs, emerges as a significant barrier to healthcare organizations’ properly evaluating the benefits of HIE participation.11 Guidance in these matters is essential for responsible planning by providers.

Assessing Other Emerging Solutions

Maintaining the security and integrity of the data involved in the exchange process represents a significant factor in the selection and adoption of any method. Evaluation of the attributes and features of secure server exchange models is essential to the process of planning systems to manage data sharing. Introducing patient portal technology is one option for healthcare organizations seeking to allow patients appropriate and secure access to their health information. Patient portals can be configured to provide a subset of the health information maintained in the electronic health record in a format tailored to particular needs. For example, lab results, problem lists, medication lists, medication allergies, and brief encounter details are common elements available via a patient portal.12 Presently, providers have been allowed some discretion to determine the specific types of health information that should be included in the patient portal database. Ultimately, this determination should be made through the collaborative effort of health information management professionals, clinicians, patient representation, and legal counsel.

Necessity or practical issues sometimes determine what information is available to patients through the portal. For example, when Massachusetts General Hospital (MGH) was faced with an ever-increasing volume of requests for the release of health information, they chose the option of allowing MGH patients on-demand access to their full medical records via the organization’s patient portal, Patient Gateway. Providing patients with direct control over the access and distribution of their information frees healthcare providers from regulatory burdens as well as the majority of the administrative costs associated with requests for release of information.

Evaluating data content and how it is managed by the secure servers is also a key factor requiring authoritative guidance before selecting a system. When assessing exchange technology, healthcare providers must include in the review process an evaluation of the data content running through the servers. It is critical to assess the management of data validity in the HIE process to ensure that the results of data sharing are accurate and reliable for patient care.

HIM principles suggest the following questions to consider when reviewing the data content aspects of using an exchange:13

  • What format is used to display the health information?
  • Does the workflow process allow the information to be readily downloaded for clinical use?
  • Does system functionality allow sensitive information to be masked from view when necessary?
  • Do system audits and algorithms monitor for and mitigate the corruption of documents received in the exchange process?

In addition, the entity must ensure that the patient portal registration process is in compliance with Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act regulations. Policies and procedures are required to ensure user authentication, privacy, and security of portals. The registration process must include proper patient orientation, education, and training. Among the regulatory and policy considerations addressed by Massachusetts General Hospital are the following:

  • The secure management of psychiatric, behavioral health, and other sensitive health information available on demand to the patient
  • Management of on-demand patient proxy access to health record copies
  • Management of parental on-demand access to the health records of minors
  • A process design that tracks records generated by patients and differentiates them from records created by the healthcare organization14

Due diligence regarding adherence to the compliance process will contribute to the establishment of user trust.

Asking the questions noted above will facilitate the discovery of challenges regarding data format incompatibility or data management. Identifying and addressing these challenges will affect the success of patient portals, making it possible to develop a system that maintains data integrity and identifies areas of risk for data corruption. Guidance regarding these challenges is useful in the assessment of critical factors for successful HIE use.

Exploring Other Health Information Exchange Solutions and Related Guidance for Use

Moving ahead in creating a structure for the electronic exchange of healthcare data requires exploring a variety of factors related to requirements for the data content to be shared and specific requirements of both senders and receivers using the system. To be most productive, health information must be collected at the point of care and made available for many other requirements. These requirements include the following primary and secondary data uses:

  • provision of care
  • decision support
  • research
  • patient safety
  • quality monitoring
  • population health
  • health status assessments

Although not yet recognized as “authoritative” advice, assessing these requirements is one of the most important factors to improve healthcare efficiency and reduce the cost of data management. Primary use of the information from an exchange is the reason for the system’s existence, but it makes sense that the existing data would also be used for secondary purposes as appropriate while protecting patient privacy and security requirements.

The infrastructure of networks or systems to accomplish information exchange in healthcare is undergoing a significant amount of evolutionary change as new technologies and models are introduced across the industry. Over the next few years dramatic change is expected. The pace of change will add to stakeholder uncertainty and present a barrier to the design and implementation of HIE solutions.15, 16 Wherever there is a need to share health information, new solutions emerge to solve specific problems or offer alternatives to systems currently available. Examples of various HIE solutions include the following:

  • The Direct Project launched by the Office of the National Coordinator for Health Information Technology (ONC)17
  • Proprietary exchange solutions offered by electronic health record vendors or other entities
  • The use of facsimile (fax) machines and servers
  • Emerging Web-based platforms and subscription models

Each of these approaches provides a different method or technology and different specified guidance for moving data from place to place. Each HIE implementation attempts to adhere to existing standards and identify standards not yet available to make the process of information exchange easier and less expensive to accomplish. Adherence to existing and forthcoming standards for information exchange is an important factor to consider when exploring new exchange solutions.

Direct Project

The Direct Project was launched in March 2010 as a part of the Nationwide Health Information Network. According to the ONC Web site, the Direct Project has more than 200 participants from more than 50 different organizations. This approach leverages existing technical standards and services to send health information from one provider to another. In situations where health providers previously used traditional paper copies or fax transmission for sharing information, using the “direct” approach enables electronic communication between known entities through secure, point-to-point Internet messaging technologies. A common example of the “direct” approach is the exchange of information between a primary care physician and a surgeon or other specialty consultant. Physicians may choose to use any available Internet service provider or an e-mail client such as Microsoft Outlook, but it is advisable for them to contract with a dedicated health information service provider to ensure that these exchanges of protected health information are encrypted and secure.18

Proprietary Examples of Technology Solutions

A variety of different companies are also providing methods to exchange information between entities and/or individual care providers. According to KLAS, the number of public exchanges rose from 37 in 2010 to 67 in 2011, while the number of private solutions increased from 52 in 2010 to 161 in 2011.19 Electronic health record vendors have offered useful solutions within selected markets for the sharing of information between providers using the same systems. These proprietary systems have “built-in” interoperability, making them easier to implement and use. Examples include large-market-share vendors offering a shared medical record system for community healthcare providers. This approach provides secure messaging between providers via a Web browser. Case studies describing health information sharing using proprietary systems are available from a variety of companies. These case studies demonstrate how this model is meeting the needs for enterprise-specific HIE systems. This data sharing model is limited to providers with common organizational ties to the network.

Two factors—governance and funding—are likely to have influenced the increase in proprietary solutions. Government-sponsored exchanges require more bureaucracy and justification, and funding from private sources is perceived as more reliable for the long term as compared to grants or contracts with prescribed and limited resources.

Established Health Information Exchange Technology Solutions

Existing methods of moving data are being repurposed to meet health information sharing requirements where no HIE exists. Transmission of information using common technology solutions including fax machines remains a popular method for exchanging health information between providers. Like all other methods of sharing protected health information, HIPAA compliance for privacy protection is required. The physical location of the machine can be a risk factor when paper documents are involved. Traditional fax machine use is problematic and introduces HIPAA risks in the case of wrong numbers dialed or materials left in the machine in a nonsecure location. Fax servers provide higher security and privacy protection than traditional fax machines, but not all healthcare providers have them. A fax server integrates with e-mail servers, allowing users to send and receive faxes inside a more secure environment. When using a fax server, it is possible to back up messages sent or received on the network in a secure database location. Authentication is required for the use of secure fax servers, so the risk of sending information to the wrong recipient is minimized.

Due to the lack of widespread availability or access to other options for the sharing of healthcare information, use of facsimile technology remains the most common method of sharing protected health information. Although the use of existing technology is not a critical success factor for adoption or use of an HIE service or network, it is frequently discussed as one solution for the sharing of information.20

Emerging Web-based Technology Solutions

Increasingly, the introduction of innovative Web-based technology has expanded the selection of new options for health information exchange. An example of an emerging Web-based solution is the Verizon HIE. This subscription-based service provides a cloud-based HIE platform accessible through a Web portal application. This approach allows healthcare organizations to scale the use of technical resources to meet their HIE needs.

The Verizon HIE model is designed to offer flexibility in execution to adapt to the HIE model employed by other HIE organizations, whether the model chosen is centralized, federated, or hybrid. Centralized models allow for consolidated storage of health information within Verizon Smart Centers. When federated HIE models are implemented, the system allows organizations to maintain control over access to their data, limiting data access through edge servers that connect to the HIE through secure virtual private network (VPN) connections. Regardless of the model in use, all user access is through a Web-based portal. The Verizon HIE solution provides end-to-end secure data transport via a private Internet protocol (PIP) network. No specific network capability is required to access the HIE network. Using a secure global IP network by subscription simplifies the infrastructure requirements for adoption.

Factors to consider in the evaluation of Web-based platforms include full assessment of the type and details of the service model and the features required for a fully functional exchange process that works anywhere the information is needed. In the Verizon HIE example, all HIE service agreements are built to client specifications, which takes into consideration clinician identity management, authentication, and authorization as well as clinical workflow, interface customization, and patient identity management. Features include a record locator service, an electronic master patient index, and consent management functionality. A variety of available health record screen views include single-screen views of the entire record as well as views by problem list or disease category. To ensure semantic interoperability of health information coming from many disparate data sources, HL7 version 3.0 messaging standards are utilized to define consistent semantics for clinical messages. These features are a good start to use as guidance when evaluating Web-based models.

Creating a system to electronically share healthcare information among a variety of healthcare providers is important for many reasons. The Verizon model uses today’s technology to deliver future services in an easy-to-adopt solution using one of the largest communication networks in the world. In the future, health information exchanges will be required to share health information with an ever-expanding array of providers, patients, payers, researchers, and oversight entities. Organizations providing healthcare in a constantly changing environment are faced with the challenges of aligning proprietary systems with a widening population of HIE stakeholders. Moving beyond the provider’s integrated delivery network and the regional HIE network will be a complex, demanding, and expensive proposition. The HIE solution implemented must address the issues of system performance, reliability, scalability, privacy, and security. Subscription services must be able to provide the same attributes as other models, so the guidance regarding critical factors for assessment of these services is the same as for other types of services.

The Verizon HIE is provided as a subscription-based service, similar to cell phone service, with additional functionality provisions specific for health information transport that leverage the Verizon network to support the necessary attributes. Factors of interest regarding subscription-based services include the following:

  • In order to ensure continuous secure access to essential health information, the issues of business continuity, encryption, and secure transport need to be addressed at a national level so that all services, including subscription-based models, adopt a threshold standard of performance.
  • A uniform standards-based information security program will need to be defined, developed, and implemented for subscription-based Web technology services. The information security program should be designed to address security issues related to changes in business processes and information workflows as well as threats identified through periodic risk assessment.

The Federal Health Information Technology Strategic Plan identifies the establishment of trusted privacy and security safeguards as a must-have component essential to winning consumer trust and confidence in health information technology. Informed patient choice is a critical element for success in the development and maintenance of a trust relationship between patients and providers in an electronic health information exchange.21 Few resources have been dedicated to research on human factors and development of policies and procedures to ensure that patients are adequately informed and educated regarding the choices they make with respect to sharing health information.22 Current efforts to address informed consent by patients for health information exchange are disparate, fragmented, and inadequate and do little to adequately educate healthcare consumers.23, 24 Subscription-based services will be more successful if they fill this gap by gaining consumer confidence in network security and protection of health data from unauthorized personnel or entities.


Organizations developing selected HIE solutions may be unable to identify authoritative guidance to evaluate factors critical for success. In this study, selected resources adequately addressed only some of the challenges encountered in efforts to share protected health data with external entities. This lack of authoritative guidance regarding HIE implementation and governance frustrates HIE proponents and hinders the adoption of HIE solutions. All healthcare stakeholders want viable methods of moving data from place to place, or from portal to portal, that are affordable, scalable, interoperable, simple to implement and administer, secure, and flexible enough to allow for ease of upgrades when needed. Cost implications continue to create significant barriers to adoption of currently available choices. Building and maintaining HIE connections is a long-term financial and operational commitment that healthcare organizations must fully assess from a business perspective, and open-source, easily accessible resources for evaluation are urgently needed. The industry status of HIE infrastructure is still evolving, so this may be a reason for the delay in provision of comprehensive materials for guidance.

Patients in many healthcare entities are receiving the benefit of information sharing using a variety of different methods. There is a compelling need for industry consensus around exchange standards to enable more functionality at a lower cost. Establishing a standard data set for health information exchange is a recommended step in the right direction. An authoritative standard could be enhanced as the need arises, and published guidance would help to advance the model. AHIMA’s review of clinical data exchange models (see Table 1) shows diversity in structure and process for consideration with examples of implementation. It is expected that a solution with financial sustainability, ease of adoption, and reliability of point-to-point communication will emerge as the preferred system for supporting information exchange in the future.25 Emerging solutions, including Web-based platforms, are showing significant promise for organizations that desire function and features without concerns regarding hardware maintenance and network reliability.26 Although our research suggests that only limited authoritative guidance exists for entities assessing critical success factors for HIE implementation, some advancement is evident. Innovative companies, organizations, and networks are beginning to work together to find solutions. AHIMA encourages stakeholders seeking to explore HIE solutions to demand authoritative guidance for effective business planning.

Harry B. Rhodes, MBA, RHIA, CHPS, CPHIMS, FAHIMA, is the director of practice leadership for AHIMA in Chicago, IL.

Rita A. Scichilone, MHSA, RHIA, CCS, CCS-P, is the senior advisor of global standards for AHIMA in Chicago, IL.


1. Ciriello, James N., and Nalin Kulatilaka. “Smart Health Community: The Hidden Value of Health Information Exchange.” American Journal of Managed Care 16 (2010): SP31–SP36.
2.  Banger, A. K., P. Dullabh, J. Eichner, and S. Kissam. Lessons Learned from AHRQ’s State and Regional Demonstrations in Health Information Technology (AHRQ Publication No. 10-0075-EF, prepared by RTI International under Contract No. HHSA2902009000027i). Rockville, MD: Agency for Healthcare Research and Quality, May 2010.
3. Guerra, Anthony. “ Survey Shows CIOs Frustrated with State of HIE.” November 23, 2011. Available at
4. Joshi, J. K. “Clinical Value-Add for Health Information Exchange (HIE).” Internet Journal of Medical Informatics 6, no. 1 (2011). Available at
5. AHIMA e-HIM Workgroup on HIM in Health Information Exchange. “HIM Principles in Health Information Exchange.” Journal of AHIMA 78, no. 8 (September 2007): online version. Available at
6. Ibid.
7. eHealth Initiative. 2011 Report on Health Information Exchange: Sustainable HIE in a Changing Landscape. Washington, DC: eHealth Initiative, 2011.
8. Ibid.
9. College of Healthcare Information Management Executives (CHIME) and eHealth Initiative. The HIE Guide for CIOs. 2011. Available at
10. Healthcare Information and Management Systems Society (HIMSS) HIE Guide Work Group. Topic Series: HIE Technical Models. November 2009. Available at
11. College of Healthcare Information Management Executives (CHIME) and eHealth Initiative. The HIE Guide for CIOs.
12. Radiological Society of North America. “Patient Portals Move Toward Widespread Use.” RSNA News, June 2009. Available at
13. AHIMA e-HIM Workgroup on HIM in Health Information Exchange. “HIM Principles in Health Information Exchange.”
14. Haas, Mark. “DIY ROI: Putting Release of Information in the Hands of Patients.” Journal of AHIMA 82, no. 4 (2011): 26–29.
15. President’s Council of Advisors on Science and Technology. Report to the President Realizing the Full Potential of Health InformationTechnology to Improve Healthcare for Americans: The Path Forward. December 2010. Available at
16. Kuperman, Gilad. “Health-Information Exchange: Why Are We Doing It, and What Are We Doing?” Journal of the American Medical Informatics Association 18 (2011): 678–82.
17. The Direct Project. Available at
18. Ibid.
19. KLAS. “Total Number of Live HIEs Exchanging Data More Than Doubles in Past Year.” Press release, July 2011. Available at
20. Davis, Nancy, et al. “Facsimile Transmission of Health Information” (AHIMA Practice Brief, updated August 2006). Available at
21. Office of the National Coordinator for Health Information Technology (ONC). Federal Health Information Technology Strategic Plan, 2011–2015: Putting the I in Health IT. September 2011. Available at
22. Consumers Union. Consumer and Patient Principles for Electronic Health Information Exchange in California. June 21, 2010. Available at
23. Interstate Disclosure and Patient Consent Requirements Collaborative. Health Information Security and Privacy Collaboration: Final Report of the Interstate Disclosure and Patient Consent Requirements Collaborative. Washington, DC: Office of the National Coordinator for Health Information Technology, March 31, 2009. Available at
24. Consumer Partnership for eHealth. The Consumer Platform for Health IT: Advancing Patient and Family Engagement through Technology. May 2011. Available at
25. Office of the National Coordinator for Health Information Technology (ONC). Federal Health Information Technology Strategic Plan, 2011–2015: Putting the I in Health IT.
26. Guerra, Anthony. “ Survey Shows CIOs Frustrated with State of HIE.”


Canant, M. A. S. “The Foundations of Information Assurance.” In T. W. Herzig (Editor), Information Security in Healthcare: Managing Risk. Chicago: Health Information Management Systems Society, 2010, 247–54.

Emery, Steve, and Jan McDavid. “Electronic Copy versus Electronic Access.” Journal of AHIMA 82, no. 3 (March 2011): 38–39.

Eramo, Lisa A. “Patient Portals and Meaningful Use: Using Portals to Meet the Patient Access Objectives.” Journal of AHIMA 82, no. 3 (March 2011): 42–43.

Harry B. Rhodes, MBA, RHIA, CHPS, CPHIMS, FAHIMA, and Rita A. Scichilone, MHSA, RHIA, CCS, CCS-P. “Guidance for Assessing Critical Success Factors Influencing Adoption of Health Information Exchange Solutions.” Perspectives in Health Information Management, (Winter 2012): 1-14.

Printer friendly version of this article.


Posted in:

Leave a Reply