English | Español

FAQ

Frequently Asked Questions for Providers

 

What is health information exchange?

Health Information Exchange (HIE) provides the capability to electronically move clinical information between disparate health care information systems to facilitate access to and retrieval of clinical data, thereby helping to provide safer, timely, efficient, effective, equitable patient-centered care.

What is SHARE?

The State Health Alliance for Records Exchange (SHARE) is Arkansas’s health information exchange. SHARE allows unaffiliated doctors and hospitals to share and access health information in a secure network.

How does SHARE work?

When all parts of the Arkansas health care system use standardized electronic health records and connect those systems to SHARE, it will be possible for patients to ensure that their doctors, hospitals, clinics, insurers and pharmacies have the information they need at the time and place they need it to provide the best treatment possible.

For many providers, patient information is collected and stored the same way as it was decades ago: in bulky paper files kept in one practitioner’s office. The doctor sees a patient, jots down notes in a folder, fills out a form to order tests, and scribbles out a prescription on another piece of paper. Later, if the patient needs to see a specialist or get a prescription filled, numerous paper records must be retrieved, copied and sent. Health care providers in Arkansas are transitioning to electronic health records (EHR), with 37 percent of providers using EHRs in 2011, and marked increases in adoption every year.

But moving from a paper-based system to an electronic system for managing health information does not help the majority of patients who see more than one doctor. How can all of their treating providers have a complete picture of the patient’s health when each provider only keeps their piece of the patient’s medical information? SHARE is the answer to this problem.

Electronic health records connected through SHARE allow a patient seeing a doctor in one part of the state to share or retrieve health information from a health care provider (e.g. hospital, lab, or surgeon) in another part of the state – instantly and accurately, to ensure timely and informed delivery of care.

How is health information technology and health information exchange being funded?

Arkansas received $7.9 million in funding as part of the State Health Information Cooperative Agreement Program made available through the Office of the National Coordinator for Health Information Technology (ONC). This money will cover the initial costs of planning and developing the health information exchange.

There are several other HIT-related federal stimulus grants that have been awarded to several different agencies and organizations in Arkansas for:

  • Regional extension centers that help doctors make the transition from paper to electronic health records.
  • Incentive payments, (based on population and Medicaid enrollment), for doctors, hospitals, and other health care providers who become meaningful users of electronic health records.
  • Increased matching funds to cover states’ administrative costs for Medicaid.
  • Broadband and telehealth
  • Electronic health record adoption in community health centers

How secure are electronic health records?

Traditional methods for securing medical records are regulated to lock-and-key solutions for protecting physical medical record files. Electronic health records provide a high level of accountability for use and access through enhanced security and privacy layers such as electronic access control, electronic logging of access and use, electronic auditing of access, and the ability to review individual access to data in near-real time. These enhanced security operations are in addition to and build on traditional security controls such as housing resources within physical secure locations.

What principles of security and privacy are followed?

Existing privacy and security requirements under HIPAA and HITECH that cover access to and use of health information apply to electronic health information as well as traditional paper documentation. SHARE utilizes technologies, policies and processes to incorporate HIPAA and HITECH requirements into the management and oversight of health information that is exchanged through SHARE.

Can the HIE Record be subpoenaed?

Yes, the HIE Record may be subpoenaed. OHIT will comply with all applicable state and federal laws in making disclosures of Protected Health Information.

What is the process, supporting policy and procedure for highly sensitive Protected Health Information?

Information that is subject to special protection may not be included in SHARE. OHIT’s Privacy Policy 500 states that Participants should assume that the following information is not available through SHARE: alcohol and substance abuse treatment records, records of predictive genetic testing performed for genetic counseling purposes, certain records of minors including diagnosis and treatment of suspected abuse.

Is the hospital liable if it has access to the data in the HIE and does NOT use it for treatment?

A Participant will not be liable for access, which complies with all applicable policies and regulation. The OHIT Privacy Policies 400 and 1200 state that all Participants are responsible to access, use and disclose Protected Health Information though SHARE consistent with applicable federal and state laws and regulations. Participants are all responsible for training and supervising their authorized users consistent with the Participants’ and OHIT’s Privacy Policies and the terms of the Participation Agreement.

 

Are Participants required to get the patient’s signature on the opt-out form?

OHIT Policies allow the Participant to determine the process by which to notify OHIT when a patient has opted out. OHIT will use the documentation supplied by the Participant for auditing purposes.

Does SHARE provide an accounting of disclosures or documentation to determine records that are viewed within the HIE?

SHARE can provide audits for accessing records through utilization reporting.

Does the HIE through surescripts provide a "last date of fill?"

A connection to SureScripts must be in place to provide this information.  SHARE is in negotiations with SureScripts for the connection in order to include the SureScripts medication requiry.

If my clinic receives non-discreet data (for example, scanned lab reports) in our EHR, does it remain non discreet within SHARE?

Yes, SHARE cannot restructure data that is concurrently not normalized.  It will  be viewed as a non-structured document and not as structured data.

If there’s a breach at another facility, will liability be shared amongst all the participants?

The answer is “No.”  If there is a data breach, the sending clinic would not be held responsible for the breach so long as the clinic has complied with all applicable law and policy. Only those participants and bad actors who have not complied with applicable law and policy will be held liable for any breach.