This global pandemic is one more tragically loud siren in a series of alarms about the need for health data sharing in the U.S. We can’t act soon enough.

We are far less prepared than we should be for the volume of data sharing needed to address Covid-19 and other serious health issues, but hope is around the corner.

Deep shifts are occurring in the policy landscape, in the technology climate, and, most importantly, in the culture of our sector that signal change ahead. Health information exchanges (HIEs) play a key and important role in the safe, secure transfer of health-care data.

Data Sharing and Competition

As a privacy lawyer, I see how often health-care players hide behind privacy when they just don’t want to share data. The Health Insurance Portability and Accountability Act (HIPAA) too often becomes a shield, not a patient data portability law.

I served as an attorney on a project to connect health data in California a decade ago, and discussions from those planning meetings are still imprinted in my brain. I quickly became convinced that privacy was in no way the true obstacle to data sharing. It was the cover for the other anti-competitive concerns bubbling underneath. They feared that competitors would analyze and attack their health outcomes data and that being honest and transparent would hurt their business. The idea of sharing data was seen as losing something.

Privacy and security are critical to make sure we are sharing data in ways that are secure and respect its sensitivity. Medical providers, health plans, and health information exchanges (HIEs) are covered by federal health privacy laws—mainly HIPAA—but many other entities holding data are outside of HIPAA, particularly entities that collect data from consumers (like apps and devices).

A federal privacy law that covers all personal data, including health data, is long overdue, and in the absence of federal action states are enacting their own strong privacy laws. This could lead to a patchwork of regulations that still leaves many consumers unprotected.

This is not an either/or question: We need health data sharing in ways that protect privacy and security.

Health Information Exchanges In the Spotlight

Ten years later and a shift is happening. The pressures of value-based care, steady regulatory progress from federal leaders on information blocking and interoperability, a potential update to HIPAA to place even greater emphasis on data sharing, and the Covid-19 pandemic are fueling a growing understanding that sharing data can result in gains, not losses.

Today, more than 90% of health-care leaders say they are aligning their technology plans with interoperability objectives. The motivation exists, but action is lacking. That same survey of technology executives at U.S. hospitals and health systems found that “nearly a third say their data-sharing efforts are insufficient, even within their own organizations, and fewer than 4 in 10 say they are successfully sharing healthcare data with other health systems.”

To better serve patients, health leaders need to start sharing data in a way that is seamless, private, and secure for everyone. Providers and plans are not prepared for this data management role. But health information exchanges (HIEs) are purpose-built for it. This is the reason that HIEs exist, to facilitate data exchange, making sure that good data gets to the people who need it.

Several state HIEs today are advancing this role of shepherding data for hospitals in innovative ways. One Maryland hospital used data from Maryland’s HIE CRISP to safely reduce opioid use by 46%. Hospitals across Indiana replaced their fax process with a connection to their state HIE for faster, more accurate public health reporting. A small rural hospital in Missouri used HIE data to understand and address Covid-19 hotspots. And we’re seeing more networks launching in this pandemic, including in Mississippi and Connecticut.

What an exciting future this can be. Supported with the structure of independent nonprofit HIEs, health-care organizations can really put data to work. I know health care moves so slowly, but this more robust data sharing will unleash powerful use cases that benefit patients and reduce burden on providers.

It is a strange thing to find some hope in the heart of a devastating pandemic. What I see and hear from health-care leaders today is refreshing. There is a new openness about collaboration and the value they can receive from data. With HIEs at the forefront, we are all waking up to the incredible opportunity for health data. With fear behind us, let’s go make the lives of patients and providers better.

This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.

Write for Us: Author Guidelines

Author Information

Deven McGraw is a co-founder and the chief regulatory officer for Ciitizen, a consumer health technology startup, as well as a board member with Manifest MedEx, California’s nonprofit health data network. Previously she served as deputy director, health information privacy at the HHS Office for Civil Rights and acting chief privacy officer of the Office of the National Coordinator for Health IT.