Introduction

Toward the goal of a Nationwide Health Information Network (NHIN) that enables the exchange of information across multiple healthcare and related entities, federal and state policy makers have provided seed funding to local health information exchanges (HIEs) with the hope that they will become self-sustaining. Despite this initial funding support, most local HIE efforts have progressed slowly. A 2009 survey of leaders of 131 HIEs nationwide found that, of those HIEs containing at least 5,000 patients, only eighteen were actively exchanging data and covering their operating expenses [1]. Furthermore, the survey found that many of these successful HIEs were exchanging data of limited breadth, such that several potential benefits of data exchange could not be achieved [2].

With funding specifically targeted at HIE implementation, the Health Information Technology for Economic and Clinical Health (HITECH) provisions of the American Recovery and Reinvestment Act of 2009 are intended to foster new, or revitalize existing, interest in HIEs. As policy makers work toward cultivating a more fertile environment for HIE development, it is critical that investments in HIE development capitalize on prior lessons learned [3], [4].

Although there are instances of successful, mature HIEs [5], a challenge common to nascent HIEs is recruiting a critical mass of participating organizations. One interpretation of the slow progress of HIE development nationwide is that provider organizations, the organizations usually targeted to fund HIEs, do not perceive that joining HIEs will offer them a net benefit. One prior study held discussions with stakeholders of several HIEs and found that health care provider organizations saw competitive value in their own patient data, and were therefore reluctant to cede this asset [6]. Other work has suggested that provider organizations are hesitant to adopt health information technology (HIT) because they bear the costs, but patients and insurers reap most benefits [7].

We attempted to build upon prior work by addressing the issue of organizational recruitment in a new context—a very large city with significant managed care penetration at a time with increased government support for HIE. Furthermore, we employed participatory research to offer insight into the complex intra- and interorganizational relationships between HIE stakeholders. Semi-structured interviews with representatives from each of several organizations invited to participate in HIE allowed a better understanding of stakeholders’ perceived costs and benefits.

Methods

Setting

  1. 1)

    Long Beach, California and surrounding areas

Long Beach is a city of approximately 450,000 located in Los Angeles County and contiguous with Orange County on its southeastern border. Its population density and demographics are roughly representative of the Los Angeles area at large, with approximately 10% of the population over age 65 and 23% of residents living below the poverty line.

An overview of the local health care landscape is useful to better understand the challenges faced by a nascent HIE. There are five major hospitals in the city proper, including: a very large community hospital that is a member of a local not-for-profit healthcare system; a large community hospital that is a member of a large regional not-for-profit healthcare system; a medium sized local community hospital; a Veterans Administration hospital; and a small for-profit investor owned hospital. In addition, resident usage of healthcare services overlaps substantially with facilities in surrounding areas. Los Angeles County is known to have one of the highest percentages of managed care penetration in the country. There were other nascent HIEs in the surrounding area at the time of the study, but none had active recruitment efforts of any significance in the Long Beach area.

  1. 2)

    Long Beach Network for Health (LBNH)

LBNH began in 2003 as a public–private coalition of local stakeholders with the goal of establishing an organizational framework for HIE. Initial funding for LBNH began with an interest-free loan of $100,000 from one of these stakeholders. In 2007, LBNH incorporated as a California non-profit corporation. Around the same time, LBNH established a Board of Directors made up of the community’s major healthcare stakeholders and the initial conveners of the HIE effort. A five-member Executive Committee oversees the day-to-day operations of LBNH, while specific committees are tasked with addressing clinical, communications, planning, privacy and security, and technology issues.

In 2007, LBNH embarked upon what would become its first successful exchange of data: an Emergency Department Linkage Project (EDLP) to support the use of patient data by Emergency Department (ED) clinicians. Data (predominantly medications and laboratory results) would be made available at the point of care, retrieved electronically from both inpatient and outpatient providers. The decision to take on this project was driven by two important factors. First, funding targeted for this type of effort was available from the US Department of Health and Human Services, and LBNH succeeded in accessing that funding. Second, the idea of using patient data only in ‘emergencies’ was thought to be more palatable to organizations with reservations about electronic data exchange. LBNH envisioned building interorganizational trust with this first data exchange effort, and using that trust as a foundation for future efforts.

In an important initial step of the project involved LBNH leadership securing future participation from each of several sponsoring provider organizations. Although LBNH envisioned the eventual inclusion of many types of organizations (including non-provider organizations like laboratories, health insurers, and pharmacies), the EDLP only required the participation of provider organizations. These organizations responded with various levels of commitment. Our study sought to better understand organizations’ participation decisions, focusing on the perceived costs and benefits to each organization. Discussing the EDLP was useful in anchoring respondents to how their organization was actually responding to a concrete HIE initiative. However, we did not confine our interviews to discussing this project; rather, we attempted to understand larger organizational perceptions regarding participation in electronic data exchange.

Participatory research process

As part of a long term commitment to provide evaluative research, our research team engaged LBNH in a participatory research collaboration. This research approach has been endorsed by the Institute of Medicine for its capacity to improve investigators’ understanding of internal issues and increase buy-in from studied organizations, thereby improving the ability of investigators to affect change [810]. We recognized the risk that participatory research might introduce bias; however, after careful consideration, we determined that the potential benefits outweighed this risk. Therefore, we proceeded with this research approach and took steps to minimize any bias (discussed further in limitations).

Elements of the participatory research process included investigator attendance at several LBNH meetings, discussions with LBNH leadership regarding important research topics, and feedback to LBNH leadership about optimizing data exchange efforts. One organizational champion of the HIE recruited the research team, and another organizational champion later joined. To reduce bias, these organizational champions played a restricted role in actual interviews (discussed below). Other members of the research team contributed to LBNH’s quality assessment efforts, gaining familiarity with the HIE in the process.

Identifying study organizations and organizational representatives

We attempted to interview representatives from all organizations that had had any substantive discussions with LBNH regarding the EDLP. Starting with listings on the LBNH website [11], we identified all seven of the provider organizations that were “participating organizations” [12] as well as one HMO that had shareable data. In addition, we identified another organization, not listed on the LBNH website, which had had discussions with LBNH leadership regarding data exchange. Other local provider organizations had been informally invited to join LBNH, but these invitations did not lead to participation in LBNH. Our attempts to contact these organizations revealed that representatives were not interested in participating in our research project. Finally, we decided to interview a representative from LBNH leadership to provide their perspective on participation decisions.

LBNH leadership provided us with contacts at each of the nine identified organizations. These individuals were then asked to identify personnel, including themselves, who played a large role in their organization’s participation decision. We subsequently attempted to interview these key informants. Thus, the study used purposive sampling and was not random.

Two of the identified interviewees assisted in other parts of the research, though they played a relatively minor role in this research project. These team members were blinded to the results of interviews from other respondents within their organizations until they had been anonymized, and were only tangentially involved in the data analysis process.

Interview details

  1. 1)

    Oral Consent

Interviewees were told that, at any time during the project, they had the right to review transcripts and clarify their responses, including deletion of information that they felt could be harmful to them or others in their organization. As interviews were conducted by telephone, respondents gave oral consent to participate. This research project was officially exempted by the institutional review boards of University of California–Los Angeles, Cedars-Sinai Medical Center, and the Los Angeles Biomedical Research Institute at Harbor-UCLA Medical Center.

  1. 2)

    Interview Content

Although the questions in our interview guides (“Appendix”) were directed at understanding several issues, this analysis focused on the perceived risks and benefits of engaging in HIE in general, and in the EDLP in particular, for any given organization. An individualized script was developed for LBNH leadership. All other interviews began with a standard script, but IT leaders and physician leaders were asked additional domain-specific questions. The interview questionnaire was designed for interviews to last about 1 h.

Data analysis

Telephone interviews were audio recorded, and recordings were transcribed within 2 weeks. Efforts were made to protect the confidentiality of the respondents, including deletion of subject and organization names prior to transcript analysis. Using previously described methodology, two researchers read each transcript and independently coded sections pertaining to the themes of interest, then compared coding schemes for coder reliability [13]. Coded text was subsequently aggregated to summarize both the breadth and depth of data collected.

Results

The results of this study are divided into two sections. First, we report on the characteristics of the interviewees and their respective organizations, including the extent of their participation in LBNH. Second, we examine the aggregate summaries of the interviewees’ responses.

Characteristics of interviewees and their respective organizations, including extent of participation

LBNH and nine stakeholder organizations were represented, including (in ascending order by parent organization size): a network of several community health centers; a local not-for-profit health maintenance organization (HMO); two multispecialty physician medical groups (each with greater than 100 clinicians); a regional independent practice association (IPA); a very large community hospital that is a member of a local not-for-profit healthcare system; a large community hospital that is a member of a large regional not-for-profit healthcare system; a publicly traded managed healthcare company operating in several states; and an academic teaching hospital that comprises part of the local safety-net and falls under the purview of municipal government. In general, these organizations were either market leaders or near market leaders in each of their respective segments.

Eighteen interviews were conducted, and all took place during the second half of 2008. During this time period, LBNH had achieved successful exchange of test data, but no data had been exchanged in actual patient care. Approximately half of the interviewees were able to devote a full hour to the interview process; others restricted their available time, usually to 30 min. The most common interviewee titles were CEO (four), CIO (three) and chief medical information officer (two). The other respondents had various titles. Despite differences in their professional titles, several of the remaining interviewees reported similar roles in their respective organizations, often addressing legal, compliance, and privacy issues. Interview content varied somewhat based on respondents’ areas of expertise. Our participatory approach facilitated better rapport with LBNH and organizational representatives, allowing us to better identify key informants and to elicit more forthcoming answers during interviews.

Interviewing multiple subjects from most of the organizations allowed for understanding of manifold perspectives on each organization’s participation decision. We interviewed four individuals at one organization, three individuals at another organization, and two individuals at each of three other organizations. The remaining five interviewees directly represented only one organization, but at least two of these interviewees (including the LBNH representative) had links or frequent interactions with other organizations, such that some triangulation was possible in the data analysis process. Furthermore, in several organizations, interviewees were deeply involved in HIE participation decisions for other HIE efforts. Thus, we were able to learn about the successes and failures of various HIE development strategies, and to understand how the organizational decision process for HIE participation generally operated.

The extent of organizations’ LBNH participation varied widely. We simplified this spectrum by considering three relevant variables: whether the organization played a leadership role in LBNH (usually by having individuals take different leadership posts in the LBNH organization); whether the organization had made an up-front commitment to data exchange in EDLP; and whether the organization played a leadership role in the EDLP (usually by offering in-kind resources) (Table 1).

Table 1 Different levels of HIE participation
Full size table

Summaries of interviewees’ responses

  1. 1)

    Perceived Benefits

Regardless of their organizational commitment to data exchange, respondents related that all organizations appreciated several potential benefits of HIE. We discuss these perceived benefits in order of descending importance, according to the frequency with which organizations cited these benefits, and the significance organizations assigned to them (Table 2). Each benefit is followed by text which summarizes organizational views, and in some cases we provide an interview quotation in italic typeface.

Table 2 Perceived benefits of health information exchange (descending importance, and stratified by benefit)
Full size table

Improved quality of care

Almost every organization backed the belief that quality of care would improve by making clinicians more aware of patients’ medical history. There was no respondent whose organization questioned this benefit. Beyond simple review of patient data in the ED, multiple organizations hoped to eventually query LBNH data for records of their patients’ hospitalizations, and to initiate post-discharge follow-up by primary care providers and case managers.

In particular, if we were managing someone who has COPD, and maybe they had a trip to the emergency room over the weekend, or something like that, then that person’s nurse could see the data and see what happened in the emergency room, and contact them, and talk to them about that episode. And just address the issues… Are you taking your medications? What led up to this? And see if there’s any way they can identify it to help that individual.

Reduced unnecessary duplicate testing

Respondents from multiple organizations believed that participating in HIE with LBNH could reduce unnecessary duplicate testing, whether through the EDLP or ultimately in other settings. Depending on organizational type and payor type, organizations had different perspectives on why this was important. Noting their overall financial responsibility for many managed care patients, one payor organization focused on the financial savings involved. A respondent from a not-for-profit organization did not think that reducing unnecessary testing would decrease costs, but rather that the organization would be able to continue testing at the same rate to serve more patients. Because provider organizations could potentially reap financial gains from duplicate testing, their representatives were specifically questioned on this point. However, these respondents denied any organizational concerns related to financial losses associated with reduced duplicate testing.

Improved public perception of participating organizations

Respondents from several organizations referenced potential organizational public relations benefits of participating in HIE.

Maybe this will get some general level of publicity; maybe our name gets mentioned in press releases as being an active member in this process.

Congruent with altruistic organizational mission of participating organizations

Respondents from organizations of all types noted that they felt participating in the data exchange process to be congruent with their organizational goals.

There was one side of us said what are we going to get out of this that is useful and beneficial for us. There was another part that basically said, well, when you go back and look at what our vision … is, it is to work with our community for the common good, so this really was potentially something that fit the description of the common good, and as we kind of evaluated it, we felt like this was really a community initiative that we as [a healthcare provider] had sort of a community commitment to be involved with.

Creating a positive connection with other provider organizations

Respondents from multiple organizations discussed the perceived organizational benefit of working with other provider organizations. Some organizations saw this as an opportunity to improve business relationships.

Maybe this will help us enhance our relationships with the [provider organizations] in the [geographic] area.

Clinicians showed interest in formalizing a long-standing cooperative care role for patients who receive care from multiple organizations. Finally, the desire for increased public–private interaction was mentioned by respondents from both public and private institutions.

Contributing to public health research and population-level health efforts

Although the short term goal of LBNH was for clinical access of patient information in the ED, interviewees from several organizations discussed the potential to use this data for public health purposes, such as mandatory disease reporting or assessment of the burden of chronic disease.

And I think it would be awesome if we had a map where all the different diseases are coming in... [for example, the incidence of] asthma, because if you could map it along the freeway—how powerful it would be.

Consolidating existing exchange efforts

At least one respondent from almost every organization reported that they already participated in some type of data exchange, whether within their organization (site-to-site), payor-provider exchange of eligibility/billing information, or via proprietary provider-to-provider conduits. Respondents from two organizations saw a potential benefit in consolidating these efforts.

It [should be] the same whether it is data they get on patient A through [provider organization X] or patient B through [provider organization Y]. The communication networks should be the same.

Keeping up to date with data privacy and security regulations

An interviewee from one of the smaller organizations noted that being involved in LBNH would provide an avenue by which his/her organization could stay current with relevant healthcare law.

It would help keep us informed with all the privacy and security things throughout the state and federal government.

The poorest, sickest patients would benefit most

Knowing which patients would benefit from HIE is integral to understanding which organizations would benefit. Several respondents commented on this topic. Comments tended to pertain to HIE in general rather than the EDLP specifically. Respondents from nearly all organizations felt that indigent or uninsured patients with complex medical problems and chronic illness would be the most likely beneficiaries of HIE.

I think that electronic data exchange benefits the small proportion of people with complex medical problems most.

Other patients thought to benefit were those whose providers worked in solo or small group practices. Because these practices are less likely to otherwise invest in HIT, respondents believed that these patients would get some otherwise unrealized benefits of HIT via HIE access. (It is important to note that providers in small practices would not engage in HIE during the EDLP, but that participating organizations saw this project as the first step in building an HIE that would eventually include such providers.)

Percentage of patients within an organization that would benefit

Respondents were queried as to organizational estimates of the proportion of patients expected to benefit from HIE. Informal estimates varied widely: a respondent from one organization thought that only a small proportion of their patients would benefit, whereas a respondent from another organization noted “[Eventually] we all end up with each other’s patients.” Only one organization was able to provide a quantitative estimate of how many patients would benefit: this organization estimated that 50% of their patients moved in or out of their health care delivery system within a 2 year period, such that a similar percentage would be expected to benefit from HIE. The respondent further hypothesized that patients of lower socioeconomic status were more apt to change insurance and providers frequently, which was concordant with comments above regarding which patients would benefit from HIE.

  1. 2)

    Perceived Risks

When asked about factors that discouraged data sharing, respondents reported several concerns. Again, we ranked these concerns by frequency of organizational mentions and organizational significance. Apprehensiveness related to data security is discussed first in terms of legal concerns and then with respect to ethical and publicity concerns.

Data security: Legal concerns

Organizations’ greatest data security concerns related to the legal liabilities associated with data exchange, though there was significant variation by organization around this point. More importantly, organizational concern about legal liability was the factor most closely aligned with organizations’ commitment to participate in the EDLP: those organizations with the fewest legal concerns were the most avid participants.

[It] is our right to do under the current HIPAA guidelines, which allow us to use this information for treatment, payment and healthcare operation.

Conversely, those organizations with the greatest legal concerns were the most reluctant to participate. For example, one organizational representative stated that the existing indemnification policies would need to be revised for his/her organization to be able to participate in the EDLP.

Based on our level of risk, that we were comfortable with, [participation] might have involved modifying other agreements with other parties.

Another characteristic that also tracked closely with legal concerns and degree of commitment was organizational size. Although there were exceptions, larger organizations generally had more in-house legal personnel focused on these types of issues, stricter and more intricately developed organizational policies related to data exchange, and higher levels of concern overall. The largest organizations, exposed to the laws of multiple states and contracting organizations, bemoaned the difficulties of complying with these sometimes contradictory regulations as patients moved across borders.

There are challenges in terms of the HIE because you have the patchwork quilt of laws that pertain to, especially the privacy of information, and so on kind of a statewide level … you don’t necessarily have a completely level playing field in terms of … the different parties that would be involved in HIE.

For these larger organizations in particular, much of the concern about legal liability stemmed from perceived inadequacies in the Health Insurance Portability and Accountability Act (HIPAA).

A vendor … wouldn’t actually be subject to all the HIPAA security rules … [HIPAA was] not really written to address the HIE environment, and there really needs to be some changes to that statute in order to cover all the players…

There were also high levels of concern regarding recent California legislation, including California Senate Bill 541 of 2007–2008, which imposes strict penalties for disclosure of patient health information.

It makes HIPAA look like a walk in the park ... it allows every man and your grandmother to have a right of action under those two bills … we are astonished it was allowed to pass … possibly we are now the only industry where we have to number one notify, and number two are subject to fines for inappropriate uses. The banks or any other industry are not subject to any laws like this, but we also think the biggest problem is it is going to cost patients health issues. People will be afraid to look at records when they should have a reasonable good faith exception in there, and organizations will be afraid to participate in HIEs.

It is important to note that there was some disagreement about how to interpret HIPAA Privacy and Security Rules. The quotation below demonstrates frustration on the part of those who wanted to exchange data towards those who felt HIPAA precluded them from doing so.

I think they [those who felt HIPAA precluded them from exchanging data] over-interpreted those legal issues, particular HIPAA, they have been way over to the other side of over interpreting them and doing things. I think most people think they are a bit out of line in terms of privacy, etc., etc., because they are just so worried about law suits or negative press.

Data security: Ethical concerns and concerns about public perceptions

Although organizations felt an ethical duty to protect their patients’ health information, this was not new to them. As most organizations were already exchanging data electronically in one form or another, they recognized the potential for large scale data breaches, but also had some comfort in securing electronic records. One respondent even mentioned the ability to obtain better security electronically than with paper documents.

I think ultimately you can have better security with electronic information, you can have audit trails and things like that, which are very difficult to compare to paper.

Respondents related organizational fears about the publicity consequences of any data breaches, or even public concerns about the possibility of a breach. For instance, one interviewee discussed how a poorly worded press release could threaten LBNH even if no patients were harmed.

I worry about any kind of marketing or promo or press releases that we do that talks about us willy-nilly exchanging information with health plans and employers … one [inaccurate] blowup like that could ruin the whole project.

Financial costs, other resource constraints, and organizational opportunity costs

Although respondents from two organizations volunteered that HIE would reduce societal costs, none of them believed joining LBNH would reduce their organizational costs. Instead, almost all respondents acknowledged organizational concerns associated with the costs of joining an HIE. These concerns were usually focused on the costs of hardware, software, and associated labor.

Despite near universal concern, financial concerns were not as grace as data security concerns. Costs most often represented drains on existing organizational resources rather than new funding outlays. For example, because most of the organizations could only focus on a limited number of new initiatives, respondents from some organizations reported that the greatest costs would involve other opportunities foregone. Some non-participating organizations discussed the other projects that were currently taking priority.

We’ve just … rolled out our internal EHR. And so we were kind of busy doing that, and didn’t want … to commit our technology resources to participating.

Many organizational financial concerns intertwined with concerns about the financial sustainability of the HIE. Respondents reported that their organizations wanted to ensure that resources would only be spent on an enterprise that could eventually be sustainable.

When we dedicate resources we want to see … a business model for sustainability.

There’s going to have to be some public contribution for making this all work. We can make this work at the hospital level, but everybody knows that 90% of the data is outpatient data. So unless there is some way to make it easy, either through incentives or grants or other kinds of support mechanisms, for individual practices, surgeon centers, smaller outpatient facilities to participate and to share data, then we’re never really going to get this off the ground.

Finally, we explored whether organizations might be reluctant to exchange health information if this could adversely affect reimbursement by reducing unnecessary, albeit billable, duplicate testing. When one respondent (from an organization among the most likely to be affected in this manner) was questioned about this, the respondent felt that organizations were unlikely to consider this potential adverse impact.

In all seriousness, that really is pretty weak. Patients don’t deserve duplicate procedures.

Encountering bureaucracy

Another concern that correlated with organizational size was the fear by internal champions that they could become hamstrung in organizational bureaucracy. In general, bureaucracies involved complex internal stakeholder structures with multiple approvals needed. In some cases, there were competing demands within an organization that were difficult to satisfy simultaneously. Although these obstacles generally appeared to be surmountable, they demanded greater political capital and sacrifice from the internal champions of larger organizations. One respondent explained the approval process in a large organization.

We just have multiple layers of approval processes to go through ... a lot of the holdup has more been getting it through our approval process … it’s still, as far as I know, going through it. A lot of that is not under one person’s control … we can’t do anything until the board says, okay, you have our blessing.

In contrast, interviewees from smaller organizations recounted easier courses in encouraging their organizations to participate in data exchange.

The board does not micromanage … it was our management decision that it was important enough, so we didn’t have to go get approval of the board.

Marketplace competition concerns—losing patients and increased quality transparency

One respondent considered that future data exchange partners, particularly small groups of physicians, could be sensitive to concerns about losing patients to other organizations due to reduced barriers to switching. In general, however, this was not a major organizational concern.

We’re not worried about losing patients because we’re sharing information … we’re pretty confident in the kind of care we deliver.

Although an LBNH board member reported that LBNH had taken steps to allay concerns they had heard voiced by outside physicians related to increased data transparency, respondents generally did not report that this was a major concern.

Ultimately we’re going to be in an environment, if we’re not already there, where everything is outcomes based, performance … and if you’re not following up to that standard, it really doesn’t matter whether you’re sharing data not, you’re not going to get paid for it, you’re not going to have patients that are going to want to come to you with report cards being published online all the time and so forth.

Technical concerns

In general, most respondents minimized any technical concerns. When pressed, some respondents were able to cite technical challenges, but these were always felt to be surmountable.

We exchange data all the time. The physical technical process of exchanging data is not something that is foreign to us or scares us.

Discussion

Federal and state governments have devoted substantial resources to the development of local and regional data exchange networks with the idea that they will 1 day be active, self-sustaining, and interoperable on the NHIN. Unfortunately, most HIEs fail to achieve this goal [14]. To better understand the value perceived by provider organization stakeholders, the targeted long-term funders of most HIEs, we conducted semi-structured interviews with representatives from organizations that were invited to participate in a local HIE.

Qualitative analysis of interview transcripts revealed several important findings. First, the fact that many organizations showed a high level of commitment to HIE, despite an expected net financial cost, demonstrates that they expected data exchange to provide an overall advantage to their organization via some non-financial benefits. Furthermore, we found that all organizations, even those that ultimately decided not to participate, could see some potential benefit in HIE. Indeed, more potential benefits were proposed than we had accounted for in our interview scripts. More importantly, despite a paucity of evidence, the face validity of HIE appears to have led to a generalized acceptance of HIE’s potential benefits among organizational decision-makers. The major significance of these findings is that they can be used by HIEs to improve organizational recruitment. Consistent with the goals of our participatory research partnership, these findings have impacted the LBNH organizational recruitment process.

A second important finding came from our ranking of perceived benefits, and the stratification of these benefits into those that accrue to a participating organization versus society-at-large. Misalignment between those who pay for HIT and benefit from HIT has been previously noted, and has generally been characterized as providers paying for HIT while patients and payors reap the efficiency and quality benefits [15]. Because we found that HIE was perceived to benefit the poorest, sickest patients most, HIE adoption may be more affected by this barrier than other types of HIT. Given that most health care organizations are not well reimbursed for the care of these patients (and would not receive more ongoing funding for HIE adoption), this may be an instance of market failure that suggests an increased role for public funding of HIE. Again, as part of the participatory research process, LBNH has taken this finding into account in its planning for long term sustainability, and is working with other organizations across the state to explore public funding options.

A third significant finding involves organizational perception of risks. We found that the greatest organizational concerns related to legal liability from data security breaches. Our results were consistent with prior findings of wide variation in organizational interpretation of relevant law [16]. However, we are not aware of other work that has found organizational size to correspond closely to perceived risk. Although larger organizations can contribute more data, resources, and credibility to lead a nascent HIE, they also tended to be more sensitive to data security concerns. Furthermore, HIE champions working within these organizations tended to encounter more bureaucracy and less flexibility.

Since the time of our interviews, HITECH has attempted to rectify several shortcomings of HIPAA [17]. Especially notable are provisions that would subject business associates, including HIEs, to the same standards applied to provider organizations and other previously covered entities, mandate patient notification for data breaches, and restrict commercial use of personal health information. Future studies should assess whether stakeholders perceive the recent and proposed changes to lessen the risks associated with HIE adoption.

A fourth significant finding involves the specifics of organizations’ data security concerns and their relationship to public policy. Shortcomings in HIPAA and differing organizational interpretations of HIPAA have been previously identified [18, 19], and the hesitance regarding state and local policy has been generally mentioned, but we are unaware of prior work that has documented organizational reluctance to engage in data exchange due to specific state laws. In our interviews, multiple respondents believed that state laws (including California Senate Bill 541 of 2007–2008) exposed their organizations to disproportionate liability.

Finally, contrary to the results of a prior similar effort [20], we found little evidence of organizational concern regarding loss of patients to other organizations or publication of potentially unfavorable quality data. There are at least three explanations for this discrepancy. First, there may be differences in cultural context. This HIE is attempting to take root in a region with a substantial history of quality assessment [21], such that provider organizations may already be accustomed to being judged on quality data. Second, because our data are more recent, it may reflect a nationwide secular trend of increased acceptance. A third explanation is that our sampling plan did not include the chief financial officers (CFOs) and chief operating officers (COOs) who the prior study cited as being most conscious of these concerns. However, since we interviewed organizational representatives who reported consulting with CFOs and COOs before bringing organizations to internal consensus, we believe that we accurately captured the overall organizational perspective.

Limitations

Our study had several limitations, beginning with the fact that we only interviewed subjects from one HIE. We attempted to address this deficiency by interviewing some subjects who handled organizational participation decisions for other HIE efforts, which increases the generalizability of our findings. Furthermore, based on a recent survey of HIEs, LBNH appears to be a rather typical HIE: [22] LBNH intends to exchange the most commonly identified data elements (test results, inpatient data, and medication lists) between the most common providers and receivers of data (hospitals and ambulatory care practices). Nonetheless, it would be useful for future research to conduct this same type of qualitative analysis with several nascent HIEs in other regulatory and cultural contexts.

Second, by virtue of having LBNH assist us in identifying interview subjects, and due to probable self-selection bias, our interviewees tended to be internal champions rather than skeptics. Still, use of a participatory research model helped to involve us in the HIE to an extent that we were able to contact some skeptical subjects. Moreover, there are several advantages to interviewing subjects that represent an HIE to their organization. Organizational representatives are at the nexus of organizational participation decisions. They have to sell HIE to their organization, and they have to go back to the HIE with organizational demands. Thus, they are well positioned to understand the intricacies of the participation decision.

Finally, our interviewee identification process resulted in another limitation. Organizations completely uninterested in participating in HIE were also largely uninterested in participating in our research project. However, because nascent HIEs are likely to address most initial efforts towards organizations whose spectrum of commitment reflects those seen in Table 1, analyzing the perceptions of these organizations’ representatives is probably more useful for nascent HIEs in the near term.

Conclusion

Taken together, our first three findings offer two major lessons for nascent HIEs. First, although no organizations expected a net financial benefit, some organizational decision-makers saw an overall benefit for their organization, and all respondents recognized several potential benefits of HIE. Thus, addressing varying organizational concerns should be considered in addition to promoting potential organizational benefits. Second, large organizations should be approached early in the HIE process, so that HIE policies can be designed to accommodate the policies of large organizations, rather than vice-versa. This consideration may be necessary to help internal champions secure organizational approval, particularly for any policies relating to data security, as larger organizations were particularly sensitive to such concerns.

Because we found first-hand reports of policy impeding HIE participation, policy makers could also benefit from this analysis. The first insight relates to our current health care financing environment, where care for the poorest, sickest patients is inadequately reimbursed. If our respondents are correct that these patients are HIE’s major benefactors, it will be difficult to align HIE costs with benefits [23]. Instead, state and federal governments may need to consider ongoing subsidies for HIEs. Empiric evidence also supports this premise: Adler-Milstein and colleagues found that only 28% of operational HIEs ever expected to cover operating costs with stakeholder funding [24]. Given large organizations’ concerns about navigating a nationwide patchwork of varying data security policies, it will be important for policy makers to heed the ongoing findings of the Health Information Security and Privacy Collaborative, whose members are attempting to put forth a coordinated framework of policy solutions to support interstate HIE [25]. To improve consistency and understanding of regulations, bolder solutions like the IOM’s recommendation to exempt health research from the HIPAA Privacy Rule will need to be weighed. To respond to perceptions of disproportionate liability, California legislators may need to consider amending the regulations of California Senate Bill 541 of 2007–2008. Addressing each of these concerns could help patients nationwide to capture the many expected benefits of HIE.