EHR interoperability: benefits, barriers and best practices

Most EHRs are very complex, with many functions intertwined, which renders trouble-free updates and scaling virtually impossible. For providers, this is indeed a long and costly process. Duke University researchers revealed that modern EHR systems were unable to serve as population health management software amidst the crisis:

This issue concerns the lack of a patient identification standard accepted nationwide (NPID) that would assist with patient matching, lowering the rate of repeated tests and delayed care instances. Moreover, a unified patient number (UPI) could assist healthcare organizations with combating important EHR issues – overlays and duplicate entries, common culprits of patient misidentification.

In turn, patient misidentification may have graver consequences, such as erroneous prescriptions, repeated procedures and tests, and extra costs. Hence, ensuring correct patient identification remains the responsibility of providers.

Insurance companies store loads of diverse patient data, and yet they are reluctant to share it with healthcare providers. With value-based care in place, providers and payers need to share data for efficient operation and have the same goal – reducing the cost of care with no harm to patients. 

Thus, payers need access to clinical information or the meaningful insights that data provides. At the same time, providers need details about patients’ demographics and social determinants that insurance agencies store. A clear view of the common goal can facilitate the mindset shift and help payers and healthcare facilities embrace mutual data sharing.

The Fast Healthcare Interoperability Resources (FHIR) standard has promptly become a protocol for connecting different healthcare-related systems to ensure cross-EHR communication. It is a “data transport layer” which actually enables interoperability. While most providers observe FHIR, the lack of rigid guidelines hinders seamless data sharing. 

The problem is that FHIR defines over 150 resources – the smallest possible units of meaningful data – but healthcare organizations typically choose to follow only some of them. This limited selection can undermine interoperability because the main FHIR concepts are interconnected. To establish interoperability with FHIR, providers need to make a set of components and resources required.

To ensure quality care, providers employ a range of health information technology systems – from EHR to hospital inventory management solutions and healthcare analytics tools – and should achieve seamless integration of these disparate systems.

However, many providers erroneously believe a health IT system integration is a costly investment that only large healthcare networks can afford. At the same time, most healthcare systems are typically integrated into the hospital’s IT environment upon implementation by IT vendors.

Patient data security can pose a serious challenge for EHRs. To enable seamless and safe data transmission, providers should put safeguards under the HIPAA Security Rule and other applicable standards. 

Technical safeguards are applied to the technological systems that access ePHI – electronic protected health information. Healthcare organizations should implement a mechanism to encrypt and decrypt electronic protected health information. They should also ensure transmission security measures to prevent unauthorized access to ePHI during its transfer.  

Certain healthcare providers may still resist sharing data with peers. For example, hospitals may compete for patients with urgent care clinics and have low motivation to share patient data if the request comes from emergency rooms.

However, health data should be accessible and available across organizational boundaries. The ONC’s Cures Act Final Rule calls on healthcare industry actors to adopt standardized APIs, which will enable individuals and healthcare providers to securely access structured electronic health information from mobile applications. If the data is not available, the provider could be fined and reported as a data blocker.