What You Need to Know: Benefits and Liability of Health Information Exchanges, Part 2

December 8, 2015 Laura Hale Brockway

by Andrea I. Schwab, JD, CPA and
John Southrey, CIC, CRM, Manager, Consulting Services, TMLT

A health information exchange (HIE) is an electronic network designed to facilitate the secure exchange of patient medical records and information among public health organizations, hospitals, physicians, and payors. These organizations include public HIEs funded through the state’s Local HIE Grant Program, private physician-led HIEs, hospital-based enterprise HIEs, and Accountable Care Organizations, among others. HIEs are designed to facilitate more coordinated patient care and increase efficiency. HIEs also promote the use of standardized data that can be seamlessly integrated with EHRs to improve the speed and quality of patient care.

HIE connectivity:

  • improves patient safety by reducing medication and medical errors;
  • increases efficiency by eliminating unnecessary paperwork and handling;
  • provides caregivers with clinical decision support tools for more effective care and treatment;
  • eliminates redundant or unnecessary testing;
  • improves public health reporting and monitoring;
  • engages health care consumers regarding their own personal health information;
  • improves health care quality and outcomes; and
  • reduces health related costs.

Since the passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009, there has been tremendous growth in the adoption of health information technology and HIEs. The U.S. Office of the National Coordinator for Health IT (ONC) has played a critical role in accelerating improvements in HIE and interoperability among EHR systems, including the development of policies and standards to facilitate HIEs, as well as the funding of cooperative agreements and grant programs.

The Texas Health Services Authority (THSA) was charged by the Texas legislature with the implementation and maintenance of a statewide HIE. The THSA is working to identity best practices and successful models that demonstrate HIE financial and business sustainability, as well as providing Texas HIE Accreditation.

HIEs are viewed as the building blocks for a Nationwide Health Information Network (now called “eHealth Exchange”) to provide universal access to electronic health records across jurisdictions and health care systems. The ONC is charged with driving the completion of this nationwide patient data network.

While the benefits are numerous, HIE use also contains areas of potential liability for physicians. Risks can come from physicians reviewing an incomplete or incorrect medical record; failing to review information that may have been accessible; or inadvertently accessing the wrong patient record.

What happens when a patient alleges personal injury stemming from an HIE system breach? Will a physician be held accountable for entering into a contract with an HIE or EHR vendor who later fails to protect data? Will physicians be required to have their own information back ups? There are no simple answers, but all of these questions represent scenarios for physicians to consider.

Contractual liability is another concern. Contracts with HIEs or EHR vendors should be reviewed carefully to avoid any liability that may arise based on the terms of the agreement. Vendors should be properly investigated, and contract negotiations should be robust. Ask vendors any questions you may have about security, access, and the ultimate ownership of data.

Be careful not to enter any agreements that would unfairly shift risks to your practice, relieving your business associate of liability for their own actions. Ensure that you understand the details of the contractual language, and that you agree with its terms, whether they be technical requirements, such as encryption and automatic logoff, or substantive ones, such as rules regarding who will have access to information. Violating contractual terms could create liability risks for you or your practice.

For more information, please contact John Southrey at john-southrey@tmlt.org.

Andrea Schwab may be contacted at andrea@aschwablaw.com.

Part one: Cyber crime and liability

Part three: House Bill 2641 and HIEs


This article is purely informational and not intended to be legal advice and should not be construed as such. 

About the Author

Laura Hale Brockway is the Vice President of Marketing at TMLT. She can be reached at laura-brockway@tmlt.org.

Visit Website More Content by Laura Hale Brockway
Previous Article
What You Need to Know: House Bill 2641 and HIEs, Part 3

Texas House Bill (HB) 2641, which was passed into law in June 2015, provides physicians with some liability...

Next Article
Cyber crime and liability, Part 1

The health care sector is four times more likely to be affected by online attacks than any other industry. ...

Telemedicine in Texas: Risks, Rewards, and Where We Go Next [CME webinar]

Learn More