The Massachusetts Healthcare Information Exchange – An Inside Look at the Policy and Technology

Print Friendly, PDF & Email


In December of 2011, John Halamka’s wife visited a suburban community hospital for a diagnostic mammogram.   The study was highly suggestive of a tumor and she wanted to follow-up with a treatment team of oncologists, surgeons, and radiation oncologists at a downtown academic medical center.   She was told that there is an information superhighway in Massachusetts – the Mass Pike.   For 25 cents a page she could get a copy of her medical records on paper and then drive them into Boston.

In September of 2012, John’s mother broke her hip and because the hospital had no access to her outpatient records, she was placed on 22 different medications based on pill bottles John’s father collected.   She takes only 2 medications, which are clearly documented in her primary care physician’s electronic health records.

Both of these scenarios illustrate that we do not have a healthcare system in the United States.  Rather, we have a disconnected set of information silos – hospitals, clinics, labs, and pharmacies – that lead to redundant, unnecessary and error prone care.

But there is hope.

On October 16, 2012 at 11:35am Governor Deval Patrick officially “flipped the switch” on the Massachusetts state Healthcare Information Exchange, called the HIWay, enabling electronic records to be sent from provider to provider  throughout the Commonwealth with patient consent.

This event, held in the Ether Dome of the Massachusetts General Hospital, was the culmination of years of hard work by many stakeholders and experts in the Commonwealth.   Here is their story.

Historical Efforts:

In 1995, Massachusetts stakeholders convened through the Massachusetts Health Data Consortium (MHDC) to found the Chief Information Officer (CIO) Forum. The CIOs from payers, providers, and employer groups, agreed to meet on a monthly basis to discuss the use of IT to streamline health care commerce, reduce costs, and enhance care delivery processes. Early work included common privacy/security guidelines, common data sets for describing clinical encounters, and early discussions of how organizations could collectively address HIPAA compliance issues as a region rather than a series of disjoined efforts.

In 1997, at an MHDC-sponsored security conference, several CIOs of the payers and providers of Massachusetts gathered at dinner to discuss the creation of a network for the exchange of claims, referrals, and benefits/eligibility transactions in Massachusetts. The group named the effort the New England Healthcare Electronic Data Interchange Network or NEHEN.

Three provider organizations (Partners Healthcare, CareGroup, and Lifespan) and two payer organizations (Tufts Health Plan and Harvard Pilgrim Health Care) worked together to formally create NEHEN LLC as an independent organization. Computer Sciences Corporation (CSC) was hired to manage a region-wide administrative data exchange effort, and by October 1998, with prior patient consent, eligibility data began flowing among these early NEHEN members. Boston Medical Center joined in December 1999. University of Massachusetts Memorial and Boston Children’s Hospital joined in February 2000. As of 2012, more than 100 million administrative health care transactions in Massachusetts flow over the collaborative NEHEN network annually.

This early work on transaction exchange built trust among the CIOs and established a business model that all could understand — cost avoidance. Before NEHEN, administrative transactions such as claims cost $5.00 each in labor to submit via paper, fax, phone and e-mail. After NEHEN, these transactions could be exchanged electronically for pennies apiece. The payers and providers in the Commonwealth recognized that IT collaboration reduced costs for everyone.

Over the past 5 years, NEHEN added e-prescribing and clinical data exchange functionality, enabling data to flow among more than 60 institutions in the commonwealth.

Over the same time period, advances in technology and incentives from the American Recovery and Reinvestment Act funded Meaningful Use stimulus program encouraged practices of all sizes to install electronic health records.    NEHEN was optimized for larger organizations with significant IT resources and was generally perceived as too expensive for small practices and providers in the rural parts of the Commonwealth.    Additionally, State government was not involved with NEHEN as officials feared conflicts of interest while serving as a board member of a private multi-stakeholder organization.  NEHEN needed to evolve into a state-wide, low cost, government engaged model.

Creating the Massachusetts HIWay:

In September of 2011, the Secretary of Health and Human Services Dr. JudyAnn Bigby created the HIE-HIT Advisory Committee as a mechanism to channel advice and recommendations to the HIT Council, the healthcare information technology governance body established by Chapter 305 of the Acts of 2008. Comprising 24 public and private sector experts from a broad range of perspectives, and 92 individuals in its working groups, the Advisory Committee has provided substantive advice to the HIT Council in a wide variety of areas, including architecture, phasing, technical specifications, consumer priorities and concerns, provider adoption, financing of the statewide HIE, and legal/policy considerations.

The 5 working groups were as follows:

•     Consumer & Public Engagement Work Group – To raise awareness of the HIT-HIE program among consumers, to engage consumers in the program, and to ensure that consumer input is considered for all critical recommendations and Advisory Committee decisions.

•     Provider Engagement & Adoption Work Group – To raise awareness of the HIT-HIE program among providers, to encourage adoption of HIT-HIE among providers, and to ensure that provider input is considered for all critical recommendations and Advisory Committee decisions.

•     Technology & Implementation Work Group – To plan and develop technical and operational requirements and approaches for statewide HIE activity conducted through publicly-funded or -supported programs. To develop strategies, standards, and requirements for an enhanced statewide HIE architecture that leverages existing networks, shared services, and standardized regional services to enable broad adoption and use of statewide HIE services

•     Finance & Sustainability Work Group – To recommend financing and business models for implementing and sustaining statewide HIE infrastructure and services.

•     Legal & Policy Work Group – To plan and develop a governance model and legal and policy framework for statewide HIE activity conducted through publicly-funded or -supported programs.

Many people put in many hours in September 2011 to engage stakeholders, create a unified statewide HIE plan, suggest a funding model, define requirements, and broadly communicate the strategy.

In October of 2011, three of us that had worked with these early efforts – Manu Tandon (the CIO of the Executive Office of Health and Human Services), Micky Tripathi (the CEO of the Massachusetts eHeath Collaborative), and John Halamka (CIO of Beth Israel Deaconess Medical Center) visited CMS to discuss a powerful idea.   We proposed a single state operated infrastructure connecting all payers, providers, and patients using national standards at low cost.    In Massachusetts, where 100% of the hospitals serve Medicaid patients and   80% of the ambulatory providers serve Medicaid patients, development of this infrastructure could be a game-changer.   Medicaid 90/10 matching funds could be applied for the first time to the construction of a statewide health information exchange.   The state would contribute $5 million and Medicaid would match it with $45 million to create an infrastructure that all stakeholders could use.  The private sector would pay its fair share and every stakeholder would pay a subscription fee that related to the value they derived from healthcare information exchange and their ability to pay.

CMS was impressed by the core elements of the proposed strategy that included:

•     Three-phase HIE plan beginning with creating the statewide Information Highway as a foundation for richer applications and services from 2012-2014.

•     Alignment with national interoperability standards and emerging Meaningful Use (MU) stage 2 requirements[1]

•     Maximization of Medicaid SMHP/Medicaid Management Information System (MMIS) 90/10 Federal Finance Participation (FFP) funding

In January of 2012, CMS approved the funding and work began on the Requests for Proposal to support an open, transparent, competitive bidding process for vendors to provide the products and services needed by the HIE.

The Plan:

The three phase plan was based on stakeholder requirements, the maturity of available technology, and the likelihood that the needed policies would be supported by payers and providers.

The first phase leverages existing workflow and processes used to release medical records today.  In a paper-based healthcare world, patients request/consent that their information be disclosed to another party and then the information is sent (we use the term “pushed” to another organization).   Information would continue to be “pushed” from one organization to another, but we would replace all these paper flows with secure, fully electronic ones. Such a workflow supports coordination of care between primary care givers and specialists; hospitals and primary givers; providers and payers.

The second phase uses this new “push” technology to send data from provider offices and hospitals to registries and data warehouses for quality measurement and population health analytics.

The third phase envisions a solution for the “unconscious in the Emergency Department” problem.  You arrive in the Emergency Department with only a wallet and no ability to communicate.  Using only your name, gender, and date of birth, information from clinician offices and hospitals where you have previously consented to disclose your data make that information available to the emergency physician.

The Technology:

These three phases require an array of technology components and policies.   For the first phase, we implemented 5 components.

  1. A transmission gateway – just like email, a server is needed to send and receive pushed data between organizations.  As part of the Federal stimulus program for electronic health records, a set of standards for exchange of data, called Direct, is required.   We needed to create appropriate hardware and software to support the state’s efforts to enable secure transmission between EHRs.
  2. A provider directory – just as email has an address book, we needed an address book of every provider organization in the Commonwealth and its members.
  3. Certificate management – to send data securely between organizations, there needs to be appropriate encryption over the wire.   Digital certificates enable us to prove the provenance of the sender and ensure only the rightful recipient organization can unencrypt the message.
  4. Skilled nursing facility/long term care interfaces – we received a grant to accelerate adoption of data sharing in post-acute facilities that often do not have an EHR.
  5. Webmail – for those organizations without EHRs, we needed a method of sending and receiving secure messages.  A secure webmail portal meets those requirements.

All of these were competitively bid and procured from a single vendor (Orion) and then, implemented over the Summer of 2012.

In 2014, we will complete a statewide consent repository.  Each institution will record opt-in consent for disclosure of that institution’s data and that consent will be forwarded to a statewide registry, which will store patients’ consent preferences.  At any time a patient may opt-out of disclosing data from an institution.  To support stored consent function, we will need a secure, statewide citizen index.  We will also need this index to support patient-matching of medical records across organizations.  For other phases in the future, we will need other additional components.

The Policies:

Before we could send patient identified data between organizations over this infrastructure, we needed policies to delineate roles/responsibilities, support business associate agreements, and ensure patient consent is obtained and patient privacy preferences are respected.

We assigned roles and responsibilities as follows:

  • Executive Office of Health and Human Services (EOHHS) – provides the infrastructure, the overall project governance, and manages the participation agreements/business associate agreements.   A new HIT Council, as enumerated in the Healthcare Cost Containment Bill (Chapter 224 of the Acts of 2012), will serve as the ongoing governance body.   Advisory workgroups will continue to engage community and other stakeholders to provide input to the HIT Council.
  • Massachusetts eHealth Institute (MeHI) provides the connections from EHRs to the state HIE via its “last mile” program, which offers grants to vendors to develop interfaces, incentives to providers to implement connectivity to the HIE, and community-based collaborative working groups to encourage adoption that fits the needs of the local healthcare community..
  • Massachusetts eHealth Collaborative – provide Last Mile Management Office support to MeHI and facilitation support to other stakeholders and agencies.  Part of that facilitation included running the 5 HIT Council Work Groups that suggested initial policies and procedures.

EOHHS created a single participation agreement that included business associate language.   Each stakeholder that wants to use the state HIE must first sign this common participation agreement.   The Participation Agreement defines key aspects of roles and responsibilities of EOHHS and participants, especially those relating to maintaining patient privacy and technical data security, including audits and investigations of suspected incidents or breaches.

Highlights of this Phase 1 (pushing of information only) Participation Agreement include:

  • Permitted Users and Uses:  Initial participation is open to Massachusetts-licensed providers and entities, Massachusetts-licensed health plans, Commonwealth agencies, and certain employees and agents of the foregoing who are authorized as users. Use of the Massachusetts HIWay is limited to exchanges of information that are allowed by law and that are related to treatment, payment, or healthcare operations as defined by HIPAA. EOHHS may, if it determines, in its sole discretion that such actions are in the public interest:
    • allow additional participants and/or authorized users;
    • allow additional uses;
    • deny or suspend participation, or use, for any organization or individual
  • Delegated Authority:  Each Participant must execute a Delegated Administration Agreement before being granted access to the Massachusetts HIWay.  Each Participant must identify at least one individual to serve as an Access Administrator, as provided in the Delegated Administration Agreement.  Each Participant’s Access Administrator is responsible for administration of the Participant’s Authorized Users and must sign the Access Administrator Agreement.
  • Patient Privacy and Consent:  Each Participant is responsible for obtaining any and all necessary patient consents and authorizations relating to the use and exchange of patient information, including without limitation consent to release HIV test results, genetic test information, substance abuse information, and as otherwise required by law.  In addition, the Participant and/or the Authorized User is responsible for obtaining patient permission to share patient information over the Massachusetts HIWay.  It is the responsibility of the Participant to maintain these consents and permissions as required by law and their policies. The method by which the Participant maintains the consents will be determined by the Participant but proof of consent may be subject to audit by EOHHS.

As noted above, standard practice is that health records are only disclosed from one organization to another when the patient has signed his or her written consent to such a release.  We adopted the same approval to disclose (oral, written) that is in place in healthcare workflows today.   All that changes is that phone, fax, email, and paper is replaced by secure electronic transmission.

The end result of obtaining common participation agreements among all the providers in the Commonwealth over a single secure infrastructure governed by the underlying principle of achieving patient consent to disclose before transmission creates a fabric of trust that protects patient privacy.

Acquiring Customers:

With policies in place and technologies under construction, we could begin acquiring customers.  In the Summer of 2012 the Advisory Committee supported efforts to recruit and prepare early adopters to go live with the statewide HIE on its launch date or “Golden Spike” event. A large number of early adopter organizations have come forward to participate including Atrius Healthcare, Baystate Healthcare, Beth Israel Deaconess Medical Center, Boston Children’s Hospital, Greg Harris MD, Holyoke Medical Center, Network Health Plan, Partners, Tufts Medical Center, and Vanguard Health Systems representing a significant portion the Commonwealth’s active providers.

The “Golden Spike Group” began meeting in August to review, react to, and help refine the statewide HIE participation agreements, pricing, and technical interfacing requirements.

The Go Live:

In front of the press and leaders of Massachusetts, I accessed my wife’s actual hospital records, with her consent, and sent them electronically to her actual doctor’s office, a payer, a private primary care provider affiliated with another hospital, and the Massachusetts eHealth Collaborative (a quality measurement and analytics service provider).  We broke down silos, demonstrating that care coordination, population health, and quality analytics based on healthcare information exchange is now possible in Massachusetts.  The electronic records involved included an institution’s home-grown electronic medical record, eClincialWorks, a custom payer system, and self built analytic applications.

Other transactions followed.

With patient consent, Tufts New England Medical Center sent patient-identified summaries to and received summaries from Vanguard Health Systems New England illustrating a primary care physician-to-specialist closed loop workflow.  EHRs included Siemens Soarian and Meditech.

Also with patient consent, Boston Children’s sent pediatric patient-identified summaries to Atrius Healthcare, a multi-specialty group, illustrating tertiary hospital-to-primary care giver coordination.

All were successful and were documented in real time on the Twitter stream.

The Governor distributed golden spikes made from actual railroad spikes salvaged from rail near Promontory Point, Utah, the site of the original transcontinental railroad connection.


Just as the original Golden Spike in 1869 issued in a new era of connectedness, so does the Massachusetts healthcare information exchange change business as usual in Massachusetts. Over the next year, we will be building new “bridges,” ensuring that every payer, provider, and payer can send transition of care summaries with patient consent.

This achievement, although conceived in Fall of 2011 and completed in the Fall of 2012, builds upon over 15 years of trust building, early experiences with healthcare information exchange, and an array of public/private investments along the way.

Simple policies – a common participation agreement and consent to disclose complemented by simple technologies – gateways that support secure transmission, a provider directory, and a digital certificate infrastructure, funded by both Medicaid funds and private sector contributions, make the Massachusetts a first-in- the-country model for the rest of the U.S.   We look forward to breaking down healthcare information silos over the coming months.  Never again will issues such as those which affected John’s wife and mother be caused by the lack of healthcare information superhighway in Massachusetts.


John D. Halamka MD, CIO Beth Israel Deaconess Medical Center

Manu Tandon, CIO EOHHS

Micky Tripathi, CEO, Massachusetts eHealth Collaborative

Laurance Stuntz, Director, Massachusetts eHealth Institute

[1] Medicare and Medicaid Programs; Electronic Health Record Incentive Program—Stage 2, 77 Fed. Reg. 53,968 (September 4, 2012).