There is a perfect storm brewing in healthcare. Rapidly advancing technologies and evolving consumer expectations are forcing the industry to face a brave, and scary, new reality. Breakthroughs in how we stay connected, share information and engage online have created endless new possibilities for more coordinated, integrated care. Meanwhile, consumers are increasingly demanding that their encounters in healthcare keep pace with the convenience and tech enabled experiences they enjoy in other areas of their lives, e.g. retail and banking.

A great example of this storm in action are Health Information Exchanges (HIEs).

The promise of HIEs

HIEs are designed to enable the sharing of electronic health records by physicians and other healthcare providers. HIEs offer unprecedented availability and accuracy of health information among providers and patients, but they also create additional pitfalls for safeguarding sensitive data.

On the plus side, HIEs hold great promise for improving health outcomes and reducing costs. According to, HIEs “can help prevent errors by ensuring that everyone involved in a patient’s care—whether in a primary care setting, a specialists’ office or emergency department—has access to the same information. They also encourage efficient care by enabling automatic appointment reminders or follow-up instructions to be sent directly to patients, and prescriptions directly to pharmacies.”

They also reduce the amount of time patients spend filling out paperwork and briefing their providers on their medical history, allowing more time for discussions about health concerns and treatments.

The sting in the tail

But HIEs do not come without obvious risk. The AHIMA/HIMSS HIE Privacy & Security Joint Work Group identified six areas of concern regarding HIEs, including regulatory challenges, administrative security, technical/physical security, access management, public health/population health uses and consumer privacy and permissions. You can access an in depth whitepaper on these issues by clicking here.

HIEs do deliver against pressing needs for providers as well as patients, but they enter the picture at a time when many healthcare organizations have struggled to protect information within their own four walls. The idea of information being shared more fluidly among organizations creates cause for concern.

And with hack attacks and medical ID theft on the rise, there are many who will be more than ready to take their shot at using HIEs as a way to compromise data.

While the industry can’t stop innovation and adoption of technology solely because of increased security and privacy risks, your organization needs to invest time and energy considering the implications of new technologies, specifically HIEs.

Face the challenge head on

As part of your security risk analysis and information risk management plans, you must squarely address the new threats that exist in a more connected world where data is being served up on demand. If you are a provider organization engaging with an HIE, you should be having specific discussions about how this activity impacts the way you keep patient data safe and secure, and what new processes, protocols and other controls you need to implement.

Learning to share can be tough. Don’t let your organization be the example of a tough lesson.

Register for one of Clearwater’s complimentary webinars on risk analysis and risk management basics and get to grips with these issues and more.