Healthcare Information Security

Cybersecurity News

NY Insurer Implements Secure HIE to Improve Care

By Elizabeth Snell

- Electronic communication, along with the electronic storage and transfer of data, has drastically altered how the healthcare industry functions. As providers communicate with one another and continue to care for patients, it is essential that sensitive data remains protected. Health information exchanges (HIE) in particular are increasing in popularity and necessity. But a secure HIE that does not hinder clinician workflow is key.

New York-based insurer Healthfirst recently implemented a new, secure HIE. Having a new approach that shared information privately and securely could not only improve patient care, but also improve the daily workflow of physicians, according to Dr. Deborah Hammond, Healthfirst’s medical director.

“We did a survey of the landscape of how people were communicating electronically,” Hammond said in an interview with “We identified that the health information exchange capability would give us a strategic advantage to having a tool that shares information privately and securely.”

Hammond added that a secure HIE could send that information in a way that was easier for the hospitals to pull it into their own electronic medical records, and would also allow the doctors to use that data.

“We felt that the HIE approach, a private HIE managed by Healthfirst but shared with our valued hospital and physician partners, would provide us with that highway of information that was bi-directional,” Hammond said.

READ MORE: How HIE Security Concerns Impact Patient Data Withholding

Healthfirst opted for InterSystems’ platform, according to Hammond, because the New York facility wanted a secure HIE that met all federal regulatory requirements and was compatible with major medical record systems. That way, Healthfirst’s hospital partners would see that it was using a “proven solution for sharing information” about Healthfirst members, Hammond explained.

“It’s a singular approach that we can use with all different types of hospital and physician partners,” she stated. “In the past we may have done approach A with one organization and approach B with another organization. Now we have more of a turnkey capability.”

The new secure HIE gives Healthfirst a “common highway for sharing data,” Hammond said. Essentially, everything from pharmacy data to clinical data can be securely sent through the system. This was a particularly important factor because Healthfirst is connected with numerous hospitals, physicians, and partners. Moreover, there are 1 million members in the New York City marketplace.

Overcoming barriers in the healthcare industry

Hospitals and doctors face slightly different barriers in the ever-evolving healthcare industry, but it is important that solutions are found that meet both parties’ needs, according to Hammond. Prior to picking a vendor for the secure HIE, Hammond explained that it was extremely helpful to get the point of view from Healthfirst’s hospital partners, as well as the doctors. That way, Healthfirst knew that the security and capability of the chosen system would be beneficial to the hospitals.

READ MORE: HITPC Cites HIE Privacy, Security Challenges to Congress

Doctors on the other hand, tend to have less money, less capital, and might not be able to invest in robust EMRs, Hammond said.

“Many of our physicians bought their electronic medical record systems a number of years ago and they’re really not HIE compatible,” she stated. “So one of the things that we identified with our HIE is we have a safe way for physicians to look inside and get the data they need by going through a secure pathway with password protection and all the other things you need to have in place.”

From there, even if a doctor doesn’t have an EMR that was at the level that would let them attach to an HIE, they could still pull the necessary information on a particular Healthfirst member, Hammond said.

Tips for finding the right HIE

Different parts of the country will require different things for secure HIE setups, according to Hammond. This is why it was helpful for Healthfirst to connect with other organizations that had already put up HIEs in the same marketplace. It’s very helpful to “take the time to do the homework.”

READ MORE: Should a Health Information Exchange Be Opt-In or Opt-Out?

“We did find that the partners we talked to were very willing to share what their experiences were with their HIE: what are some of the caveats or issues they would warn us about? We asked that question and got very clear direction from them,” Hammond said.

Moreover, Healthfirst took the time to read various surveys and publications about HIE implementations. Speaking with multiple vendors, and taking the time to understand what their technology did – and did not – do was also important, she explained. It’s critical to have full comprehension of what an HIE could bring to a particular provider, and how it could potentially address that provider’s needs.

“Although HIEs are not inexpensive, the landscape for technology is changing so rapidly. Maybe you can’t do something in 2015, but if you plan for the future there may be more economic [options] or more availability for your practice, hospital, or doctors’ office for the future,” Hammond said.

Essentially, business leaders and physicians should get involved in understanding what their healthcare organization is doing when it comes to EMRs and HIEs, according to Hammond, adding that this is a “very exciting time for healthcare.”

“Don’t be put off by the fact that it’s a technical area,” she said. “Really get involved and understand your particular area of the country and what is happening with the hospitals you work in, along with facilities and other providers when it comes to how they’re using EMRs and HIEs.”


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks