The Ohio Health Information Partnership (OHIP) launched in 2009 with a handful of physician offices; its health information exchange (HIE) is called CliniSync. Today, it covers nearly 90% of the state of Ohio and is one of the largest programs in the country. It includes 155 hospitals; more than 500 long-term and post-acute care facilities; 15,000 independent and hospital-employed physicians; and 60 connected EHRs. More than 16 million patients are now represented in CliniSync’s community master patient index.
The key benefits of HIEs lie in their ability to transfer accurate clinical and diagnostic information quickly, avoid medication errors, and decrease duplicate and unnecessary testing. Today, more than 70 HIEs cover more than 200 million Americans, or more than half the U.S. population.
With CliniSync, clinicians can access their patients’ Community Health Records to view visits and encounters at different facilities in a single, longitudinal record. As the program grew, it reached a scale that could no longer be audited by legacy compliance solutions. When the number of daily queries reached into the millions, OHIP leaders realized they needed to do more to ensure the integrity of the patient data entrusted to CliniSync.
By 2019, CliniSync continued to show steady growth in data exchange among Ohio hospitals and providers: that year, more than seven million records were accessed through the Community Health Record, giving practitioners timely access to information at the point of care. But with enhanced interoperability and access came a new challenge: staff and clinicians could access patient records within CliniSync without creating an audit trail within their own electronic medical record system, making it difficult for home organizations to monitor whether or not the access was permitted under HIPAA.
CliniSync could audit the access to the HIE records, but had no feedback loop to healthcare workers’ home sites to alert them to any suspicious activity. This created a situation ripe for “snooping” into coworker health records, and other nefarious behavior. OHIP leaders realized they had to act to prevent data breaches and privacy violations, and to assure members that they could entrust data to CliniSync.
Download the full customer spotlight to learn more about how OHIP used Protenus Privacy on Autopilot™ to increase stakeholder trust and develop a proactive privacy posture across the HIE.