In a March 2014 report, the United States Government Accountability Office (GAO) identified major and on-going challenges with the practical implementation of the Health Information Technology for Economic and Clinical Health (HITECH) Act.

The HITECH Act provides funding to promote the adoption and “meaningful use” of health information technology (HIT), as well as certified electronic health record (EHR) systems. While the Act itself provides the funding and statutory framework, the Department of Health and Human Services (HHS) and two of its subsidiary agencies—the Centers for Medicare and Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC)—have also developed and issued strategic guidance in order to promote and advance the exchange of electronic health information under the Act.

Unfortunately, to date, many providers and stakeholders have reported difficulties with implementing the exchange and those difficulties have yet to be remedied. Based on in-depth interviews with providers and stakeholders across four states, the GAO report cites four major issues that continue to plague the electronic health information exchange (HIE):

Insufficient Standards for Electronic Health Information Exchange. Providers cited compatibility problems when exchanging certain types of health information with other providers that have different EHR systems, primarily due to a lack of sufficient standards supporting the exchange. The most common example included differing standards in the terminology, definitions, and classifications of certain health information (e.g., whether an allergic reaction should be classified as a side effect or an allergy). In response to this concern, HHS now requires participating providers use the 2014 edition of HHS-certified technology when exchanging health information. This technology now: (1) identifies certain vocabularies to be used by providers; (2) provides a structured format/template for patient care summaries (referred to as continuity of care documents (CCD)); and (3) defines a standard format for the transmission of secure health messages (called the Direct Protocol). Despite this move towards standardization, however, providers remain concerned by the standards’ sufficiency, the inability to measure the standards’ success, and the limited capabilities of the Direct Protocol system.

Varying Privacy Rules Across States and Lack of Clarity. Providers and stakeholders also expressed concerns about variations in state privacy laws, particularly where those laws vary significantly from or are stricter than federal or other state privacy laws. This issue is especially vexing for providers that border other states and serve a large number of patients across state lines. ONC has responded by offering high-level guidance directing providers to seek state privacy law information from state agencies, regional extension centers (RECs), and other professional associations. ONC also implemented the Data Segmentation for Privacy Initiative to develop and pilot test standards for managing patient consents and data segmentation (e.g., sharing some, but not all, of a patient’s health information). Despite these efforts, providers have requested additional training and suggested that HHS focus its resources on consent policies and electronically-obtained consents to address some of these challenges.

Difficulties Matching Patients to their Records. Providers and stakeholders noted difficulties with accurately and efficiently matching patients to their records when exchanging health information. Inaccurate matches naturally raise safety concerns, and inefficient matching processes are time-consuming and deter participation in the exchanges. To address these concerns, HHS implemented the Patient Matching Initiative (officially launched in September 2013) to: (1) asses the current approaches used; (2) identify key attributes and algorithms; and (3) define best practices. HHS also sought recommendations from the two federal advisory committees established by the HITECH Act, and HHS is currently working to respond to the recommendations. Providers themselves have suggested alternative methodologies, such as algorithms, and the creation of a national patient identifier for matching patients to their records.

Difficulties Regarding the Cost of Exchanging Health Information. Finally, providers identified financial concerns based on the costs of upfront expenses associated with purchasing and implementing EHR systems, as well as establishing the additional interfaces needed to fully utilize the exchanges. Providers also noted that limited participation by other providers in state or regional exchanges has created fewer opportunities to exchange health information, and therefore do not justify the costs associated with joining the exchange.

Based on the aforementioned challenges, the GAO recommended that HHS: (1) develop and prioritize specific actions that it will take to advance the health insurance exchange, and (2) develop milestones and timeframes for the completion of these actions. While these solutions are both practical and relevant to the concerns raised by providers, the on-going and fairly basic nature of the challenges has the potential to significantly slow the use of HIEs. Moreover, as providers move forward in an effort to embrace the Act’s mandate, the fact that many of the costs currently outweigh the benefits could chill and perhaps even deter full-scale implementation of the HITECH Act in the immediate future.