Healthcare Information Security

Cybersecurity News

Interoperability Program Comes to Florida Health System

By Elizabeth Snell

- As hospitals and healthcare systems continue to implement new technologies, it is likely just a matter of time before interoperability is a hurdle they must overcome as well. Data sharing and the safe transport and exchange of patients’ protected health information (PHI) is a critical step that healthcare organizations need to be able to securely take.


Florida’s Memorial Healthcare System knew that it needed to implement a secure interoperability option when it decided to connect with Henderson Behavioral Health. Henderson can now receive confidential emergency room referrals from Memorial. The move was done to more effectively treat patients, save money, and ensure care continuity.

Memorial Senior VP and CIO Forest Blanton and Clinical Informatics Supervisor Elizabeth Cole discussed the interoperability process with According to the duo, this was an opportunity to create a direct connection between the two agency’s EHRs, which would provide patients with a more secure exchange of their behavioral health information.

READ MORE: How HIE Security Concerns Impact Patient Data Withholding

Patients might not want to exchange this type of sensitive information in a standard health information exchange (HIE), according to Cole. Memorial already had its HIE, but this was going to be something different, she said.

“It’s a bidirectional interface,” Cole explained, “so it works in a similar manner in that when Henderson has the need to refer a patient, maybe to an inpatient type setting, they have the option to send a summary of the patient’s care.”

The transfer is done through secure means with the patient’s consent, Cole added. This secure process involves multiple means of encryption, she explained.

READ MORE: Unauthorized EHR Access Potentially Exposes 14K Records

“Both of our organizations exchange security certificates ahead of time, so that we have to recognize each other as an organization prior to the message being sent,” Cole said. “In fact, there’s security between our organizations in the communication, but by also encrypting the message, only the organization that has the previously exchanged certificate can decrypt the message once they receive it.”

The importance of healthcare interoperability

There are tremendous inefficiencies that are created by the lack of interoperability in the healthcare industry, according to Blanton.

For example, the CIO explained that Memorial operates a clinically integrated network with its physicians. That network is participating in a couple of different collaborates, he said, which is working with reducing the cost of medical care and generating shared savings. With that collaboration, Memorial has to collect lots of data and determine the protocols and registries that particular patients should be part of.

“What are the gaps in care?” Blanton said. “We have to communicate that to our physician so they can intercede and do those interventions that are necessary for that patient’s well being. And that data collected process is hindered by the lack of interoperability.”

Additionally, it is not only a lot more work, effort, and expense, but it also lowers the quality and types of information that Memorial can collect for ensuring proper care, Blanton said.

“We also have the issue of once we’ve calculated those gaps in care and produced reports, of distributing that information back to physicians in their native EHR in ways that are congruent and efficient for their workflow,” Blanton explained. “And that also is a challenge that is made more difficult by the lack of interoperability.”

Cole agreed that interoperability can be challenging, but it’s beneficial because the exchange is not only impacting an organization’s clinical workflow, but also patient care. Specifically, it affects the seamless transition to their next point of care.

“Without interoperability, that seamless and secure transition really struggles,” Cole said. “That’s why [Memorial has] been focused on health information exchange and the next chapter -population health management.”

Advice for other healthcare providers

Interoperability might be challenging, but Cole and Blanton stated that healthcare organizations should not be discouraged by those potential challenges. Cost concerns and privacy concerns over the exchange of data are legitimate, but facilities can work through them.

For Memorial, all parties – vendors included – came together and established a tiered approach for the pilot program, Cole said. Very specific goals were created and the bidirectional exchange of information was created. Operational topics, such as ensuring patient confidentiality, were addressed first, she explained. Memorial also made sure that patients were clear on the process.

“After ensuring that the operational piece was in place, [it] kind of cleared the gateway for us to focus on the technical piece,” Cole said. “And that’s where we relied on our EHR vendors to have that technology for the exchange.”

However, one of the things that made the interoperability process as seamless as possible was the fact that it was a team effort, she explained. With dedicated team members in all facilities, creating that interoperability was cohesive. Clear communication was essential, and everyone was willing to follow up with any problems, Cole stated.

“Everyone really kind of held each other accountable throughout the project,” Cole said. “which was of great benefit.”


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...