This toolkit provides an overview of Query HIE to assist providers in adopting this Health Information Exchange (HIE) method, which leverages the Query-based Exchange method to improve health care. The content was developed with input from the 2019 Query HIE Learning Collaborative.
Frequently Asked Questions
This page answers frequently asked questions regarding HIE Query. Scroll down, or click on a button below to jump to a specific topic:
What is Query HIE?
Query HIE allows providers to search for (query) and retrieve patient information that was made accessible by other care providers. Query HIE is often used to support unplanned care, but it is beneficial in many instances of planned care as well.
What is the difference between Query HIE and Query-based Exchange?
Query HIE uses the HIE method known as Query-based Exchange to exchange health information between healthcare providers.
Besides Query HIE, the Query-based Exchange method can also be used to obtain health information from other sources, such as data repositories of federal and state health agencies, or HIEs that centrally store health information.
This toolkit is focused on supporting providers in using Query HIE to exchange information from provider-to-provider. These other applications of Query-based Exchange fall outside the scope of, and are therefore not discussed in, this toolkit.
When do I conduct a query?
Queries can be conducted before, during, or after a patient visit.
Ideally, providers should conduct a query before the patient arrives, so they can review the information ahead of time. However, during a visit, a patient may tell a provider that there are more records available at other organizations, but that they have not yet given consent to share those records. For more information about consent, see the Patient Consent FAQ section below.
How many patient records will I receive?
That depends on whether the patient sees providers who are connected to the Query HIE Network. If none of the patient’s providers are on the network, you will receive no records. If all the patient’s providers are on the network, you will receive a record from each provider that received consent from the patient. For more information about consent, see the Patient Consent FAQ section below.
What is the patient record look back timeframe?
Only patients records maintained electronically are made available upon joining the Query HIE Network. As such, the timeframe and availability of past records depends on how many years of data the record-holding organization has maintained electronically.
How is Patient Health Information (PHI) protected?
The patient controls whether their health information can be made available for Query HIE access.
Providers must ask their patients for consent, and record the consent in their EHR system. For more information about consent, see the Patient Consent FAQ section below.
Is there a cost to Query HIE?
While most EHR vendors now include Query HIE in their product, there may be upgrade and/or implementation costs, fees to join a Query HIE network, or transaction charges. For more information, review the "Vendor Status Directory" tab in the Query HIE Toolkit, and contact your vendor.
Query HIE Networks
What is a Query HIE Network?
Query HIE networks enable providers to exchange information via Query HIE. There are many private and public initiatives that work on making Query HIE functionality widely available. Some initiatives collaborate with each other to connect their networks together, as combining networks enables participants to exchange health information with more providers across multiple networks.
The effectiveness of a Query HIE Network depends on how many providers participate in the network. The more providers that make information available on the network, the better the network works.
How do I join a Query HIE network?
Individual providers cannot join a Query HIE Network on their own, because connections to these networks are dependent on the provider’s EHR vendor. For more information about the Query HIE Networks available to you, review the "Vendor Status Directory" tab in the Query HIE Toolkit, and contact your vendor.
What are commonly used Query HIE Networks?
The two most commonly used public initiatives are Carequality and Commonwell.
- Carequality is an initiative that provides a framework of common standards and rules to Query HIE implementers. For instance, Epic has implemented its Query-based Exchange solution based on this framework, and its users have been able to conduct Query HIE within the Epic universe for several years.
- Commonwell Health Alliance is a consortium that provides Query HIE services to users of other EHR products, including Cerner, Meditech, or Athenahealth, for example. Commonwell adopted the Carequality framework and its users can now exchange information with EHRs that have incorporated Carequality.
Is nationwide Query HIE available?
Most EHR systems conduct queries based on a predetermined geographic location (i.e. a 50 mile radius). Many systems also allow providers to conduct targeted queries outside the preset geographic radius.
For example, if an Emergency Department provider in a Massachusetts hospital is treating a patient who is visiting from Colorado, the provider can conduct a query for any records within a certain radius of the patient’s hometown zip code.
Does a Query HIE Network store the health information?
The health information is typically not stored on the Query HIE Network itself. The functionality works based on indexing, meaning that the network only knows on what EHRs the information is accessible and for which patients.
The information retrieval is done directly from the systems that hold the health records. Basically, the network mediates the exchange.
What information should patients know about Query HIE?
The answer depends to an extent on the type of practice and the provided specialties. When defining the answer, it is good practice to consider that patients are your customers. They will want to know how participating in Query HIE is in their interest and outweighs any risks.
Patients will want to reasonably understand how it works. For instance:
- What data will other providers be able to see?
- Who would be able to query my data?
- When will they be able to see my data?
- Where can they retrieve my data?
Patients will want to understand the benefits. For instance:
- What are the advantages if other healthcare providers can query my data?
- When is it advantageous that they can query my data?
- What are the alternatives and how is this better than those alternatives?
They will consider the risks to their privacy. For instance:
- Can I decide to opt out again later, and what happens with information already shared?
- Can I limit who can see what information?
- Can I exclude pediatrics or specialist information I don't want included?
- Can I ask my doctor to exclude certain diagnosis, lab results, etc.?
- Can I ask my doctor to exclude his notes of sensitive conversations?
- Can I limit queries to emergency situations only?
- Can I tell other providers that they can't make a query?
How can this information be presented to the patients?
There are a number of ways to convey to patients the "who, what, when, and why" of Query HIE, and to communicate the benefits and risks of participation. For instance: a patient handout to read at home, a poster patients can scan while waiting for their visit, or information in the patient portal. Some patients will want to know more than others, so organizing the information will be important.
However, ultimately the information on Query HIE may be best presented verbally in a conversation with the patient. This can be done by an administrative person, but it is likely more effective if this is done by a clinical person the patient knows and trusts.
What is meaningful consent?
As per ONC, consent should not be a “check-the-box” exercise: Meaningful consent occurs when the patient makes an informed decision and the choice is properly recorded and maintained. Specifically, the meaningful consent decision has six aspects. The decision should be:
- made with full transparency and education,
- made only after the patient has had sufficient time to review educational material,
- commensurate with circumstances for why health information is exchanged (i.e. the further information-sharing strays from a reasonable patient expectation, the more time and education is required for the patient before he/she makes a decision),
- not used for discriminatory purposes or as a condition for receiving medical treatment,
- consistent with patient expectations, and
- revocable at any time.
How do patients provide consent for Query HIE?
To maximize privacy, a patient must grant consent, to make their health data accessible, to each provider they see. For instance, a patient may provide consent to a PCP, but may withhold consent from a Behavioral Health specialist. In this case only the PCP may make the patient’s records available for Query HIE access. Consent may work on an Opt-In or Opt-Out basis.
Some Query HIE implementations may require the receiving provider to separately ask each patient for consent to query and retrieve the patient's records. This step enables the patient to further limit who can query their health data. Check with your organization's EHR vendor and Query HIE Network provider whether and how this is addressed.
What are the differences between Opt-In and Opt-Out?
An Opt-In HIE policy means the provider cannot exchange a patient’s information via HIE until the patient gives specific consent to make their data available via HIE.
An Opt-Out HIE policy means the provider can exchange a patient’s information via HIE without the provider having to ask the patient for consent. Patients have to explicitly request that their information is not exchanged electronically.
Query HIE is typically Opt-In based, but check your state’s regulatory requirements, and verify with your Query HIE Network vendor how consent is handled. Organizations may also have their own opt-in/opt-out policies and procedures, above and beyond state regulations, so we recommend checking with your organization's legal/administration team as well.
To learn more, click here.
Who asks the patient for consent?
For the purpose of Query HIE, the record-holding organization requests that their patients complete a prospective consent authorization, and records the consent in their EHR system. At most organizations, a receptionist, admin, or medical assistant requests consent as part of registration or intake process.
When a query comes in, the EHR system can then automatically determine whether it can share the patient’s record, and what information can be shared.
In some implementations, the receiving provider must first ask the patient for consent to make queries. In this case, the automated query process cannot be enabled for the patient until the patient has provided such consent.
How is patient consent documented?
Patient consent documentation protocols are organization-specific. In general, organizations require patients to sign a consent form and then document the patient’s consent decision in their EHR. Some organizations have added information about Query HIE to their general consent form. Many organizations review and confirm patient consent on an annual basis.
Who maintains patient consent?
Generally, the record-holding organization manages and maintains patient consent, because the consent relates to the disclosure of information for which that organization is responsible.
For Query HIE to work, the consent must be recorded in the EHR system, so that the Query HIE Network can automatically determine which records it can access.
What is prospective consent?
Prospective consent covers any potential information-sharing that may happen at some point in the future. Essentially these consent authorizations ask: “In the event another healthcare provider queries your record, can we make it available?” Prospective consent prevents the need to request the patient for consent each and every time a query is made.
Prospective consent is not necessarily indefinite. The patient may give consent for a restricted time period, e.g. a year. In this case, consent would have to be renewed when it expires.
What is one-time consent?
One-time consent covers a single event where information-sharing is necessary. This can be used when a patient declines to authorize prospective consent, but is okay with sending their information to a specific provider on a one-time basis, e.g. for a referral.
In Query HIE, one-time consent is typically not practical. The record-holding organization likely would not have immediate access to the patient when the query is made, and would therefore be unable to request consent.
Can a patient authorize partial consent?
Yes, when authorizing consent for HIE, patients may authorize only partial consent if they wish. Patients may be comfortable sharing their general health data, but may not want to openly share data that they deem sensitive.
In most EHR systems, custom rules can be applied based on the laws and requirements related to certain subsets of patients or data (e.g. behavioral health issues, substance use disorders, HIV testing or status, genetic testing, or notes designated as sensitive).
This functionality allows a provider to limit what information other providers can see and who can see it. This level of sophistication may vary by vendor and implementation.
Can a provider ask for consent on behalf of a record-holding organization?
During a visit a patient may inform a provider that there is a record at a specific organization where the patient did not yet give consent. To accommodate this scenario, some Query HIE networks allow providers to ask for consent on behalf of a record-holding organization. This allows the provider to make a query on the spot. For instance, this may work as follows:
- Dr. Smith requests a one-time consent form from a record-holding organization.
- Dr. Smith completes the form and has the patient sign the form.
- Dr. Smith submits the completed form back to the record-holding organization.
- Record-holding organization releases the record to Dr. Smith via the Query HIE Network.
In this case, the record-holding organization may restrict access to the patient’s record to just the requesting provider.
Pros and Cons of Query HIE
What are the pros of sharing data via Query HIE?
In general, sharing patient records using Health Information Exchange (HIE) enables providers to obtain the most complete picture of their patient’s health, and thereby deliver safer, better- informed, and more comprehensive care.
Specifically, Query HIE may allow providers access to important information that may have otherwise been missed. For instance, medication allergies that a patient had not mentioned, or test results that were not previously provided.
While some effort is required to establish Query HIE, it can ultimately reduce the burden on administrative staff. Query HIE reduces the number of phone calls and faxes necessary to obtain the same information via conventional means. It increases the reliability and accuracy of the information exchanged, and can largely eliminate having to enter the data into the EHR system manually.
What are the cons of sharing data via Query HIE?
There are a few potential concerns to keep in mind when using Query HIE to share data:
- “Echoing” of data may occur, which means that data that originated within a provider’s own organization comes back to the provider via a query (see FAQ section on data provenance below).
- In addition, healthcare organizations may find it challenging to integrate complex federal and state privacy regulations to ensure their system manages each specific patient’s situation appropriately. For instance, Massachusetts law imposes specific restrictions on sharing behavioral health information for MassHealth (Medicaid) patients.
Query HIE actually has the potential to help in this regard, because providers can customize their system settings so that sensitive information is segmented and protected, thereby reducing the likelihood that human error results in the release of sensitive information.
Keep in mind that these concerns are not unique to Query HIE. Echoing concerns also apply to Direct Messaging, and privacy and security regulations apply to all methods of Health Information Exchange.
Enabling Information Access
How do I enable Query HIE and make my patient information accessible to other providers?
Connections to Query HIE networks are dependent on the provider’s EHR vendor, and the process of enabling Query HIE functionality varies by vendor. For more information about the Query HIE functionality available to you, and how to enable this functionality, review the "Vendor Status Directory" in the Query HIE Toolkit, and contact your vendor.
Conducting a Query
What is the recommended workflow for conducting a query?
The workflow may be dependent on your EHR system and the Query HIE Network(s) it can connect to. Example workflows are provided in the “Workflows” tab of the Query HIE Toolkit.
What if a query returns multiple potential patient matches?
In all cases, there is a threshold for the quality of potential matches that are returned. The threshold and what the system does may vary depending on criteria defined by the EHR vendor and the policies in place at the provider’s organization. For instance, when a patient match is found:
- If there is a perfect match, the system may automatically “link” the patient and integrate their outside record.
- If a query found the right patient but the “high quality” threshold is not met, the record may not be shown at all.
- If there is no perfect match, the system may display the best potential match(es) and allow the provider to either confirm or reject the patient’s record(s).
- If there are multiple matches, the system may not show any patient record, or it may show all matches but the records won't link automatically.
For more information about how your EHR may handle the various scenarios, contact your EHR vendor.
In what format is the information made available?
Typically, the information is shared as a Consolidated Clinical Data Architecture (C-CDA) document. Sometimes information may be shared via PDF or other document types. Many EHR systems offer features that allow providers to select the information they consider relevant for reconciliation and integration.
Is manual manipulation of data still required during the reconciliation?
In some cases, providers may wish to specifically select certain data to integrate into their patient’s record.
The data reconciliation process may combine automated and manual elements.
For more information about the data reconciliation process, see the "Functionality" tab in our Query HIE Toolkit.
What is data provenance and how does it impact Query HIE?
Data provenance is defined as the "origin of data". In HIE, provenance indicates who originally sent the information stored in the patient’s record.
During HIE, “echoing” of data may occur, which means that data that was originally shared by a provider comes back to the same provider via HIE. The result is that the information may start to duplicate.
Query HIE Networks are working on solutions for tracking data provenance and minimizing echoing. By recording where the data originated, the Query HIE Network will be able to eliminate the echoing of query data.
Query HIE functionality may also minimize duplication by visually highlighting information that has already been accessed before, so providers can focus on only the data that is new.