Protecting Data When an HIE Shuts DownWisconsin Health Information Exchange Leader Explains Steps
In recent years, a number of health information exchanges across the country have faded away as seed money ran out, participants dropped out and larger, statewide HIEs emerged. What happens to the data an HIE has gathered when the organization shuts down?
See Also: A Single Cyberattack = Loss in Consumer Trust & Brand Damage
The Wisconsin Health Information Exchange, which ceased operations earlier this month, has taken a series of steps to protect patient data that was part of its now defunct information sharing effort.
The Wisconsin HIE stored certain patient data centrally, but logically separated the information in the database based on the organization providing the data. More than two dozen hospitals and clinics also provided real-time, secure data feeds that enabled member clinicians to access past medical history for a patient (see: How Wisconsin HIE Simplifies Security.)
On April 1, the HIE disabled user access. This week, it began destroying production versions of patient data. Before destroying that data, however, the exchange created a back-up copy of its data archive. That archive will be locked away for the next six years in compliance with state and HIPAA records retention requirements, says Kim Pemble, who had been executive director of the exchange since 2008.
The Milwaukee area exchange, which had been operating since 2007, had facilitated secure exchange of hospital admissions records and other information among more than 25 hospitals and clinics in Wisconsin, as well as with the state Medicaid program. WHIE had a total of about 1,000 user accounts, including pharmacists, physicians, case managers, nurses and other providers, Pemble says.
The data exchange services that WHIE provided are being replaced by the Wisconsin Statewide Health Information Network that's received funding under the HITECH Act.
WHIE communicated in advance to it participants that the exchange on April 1 would no longer accept their data feeds and would no longer be processing data for exchange, Pemble says.
"All user accounts were disabled early April 1; no one was able to access the exchange after March 31, and all data feeds [from member healthcare organizations] were terminated," he says.
Production data and "hot site" copies of data are being destroyed by the HIE's hosting vendor.
A full back-up copy of the exchange's approximately 3 terabytes of data was stored on USB devices, which will be locked away by a secure storage firm, along with other documents and files related to the HIE, for six years, Pemble says. The only individuals who will have access to that information are Pemble and WHIE's legal team.
Those USB devices were delivered to Pemble on April 18 via a secure shipment - meaning "only one package on a sealed truck," he says. Once he confirmed receipt of that back-up data for retention, all the data in the exchange's production environment and its related back-up systems was slated for destruction.
WHIE will receive a certificate from its hosting vendor once all that data is destroyed, and then the exchange will issue a similar certificate to each healthcare organization that contributed data to the exchange, Pemble explains.
While all active user accounts were manually terminated by WHIE on April 1, "the accounts were disabled, but not deleted," Pemble says. Records of those user accounts are part of what's being retained in the archive.
"We need to maintain a history for HIPAA," he says. If at any time over the next six years there is a request for the record on the release of a patient's information, "we would have to go back and reconstitute that data in the exchange and share with them that information," he says.
After the six-year retention period ends, that back-up data and other remaining HIE files and records will be destroyed as well. "We take privacy and security seriously and are ensuring that all requirements are met," Pemble says.
WHIE plans to prepare a white paper that will address a variety of lessons learned during the time it operated and subsequently shut down, Pemble says.
Many other regional HIEs have faced sustainability issues in recent years (see: Statewide HIEs Face Challenges).
Like WHIE, many regional exchanges face competition from newly emerging statewide exchanges that are being built with funding from the HITECH Act. Healthcare organizations, such as hospitals and physician group practices, that sign on to contribute and share data with those larger statewide HIE efforts may be reluctant to also pay subscription fees to participate in smaller, regional HIEs. In some cases, even statewide efforts have faltered.
"Sustainability is driven by the number of partners," said Keith Cox, former CEO of Health Information Partnership for Tennessee, a non-profit formed in 2009 to build a statewide HIE in Tennessee based on a "network of networks" model that linked a handful of smaller regional health information organizations. That effort ended last July when the state decided to take a new data exchange approach using the secure messaging Direct Protocol.