Key challenges for the California Data Exchange Framework

Additional standards needed

The DxF has three main data-sharing requirements: query-based exchange, electronic orders and referrals, and admission, discharge and transfer (ADT) notifications.

However, according to Adam Davis, MD, physician informaticist at Sutter Health, additional data standards are needed to support DxF implementation. For instance, while the framework outlines which purposes of use stakeholders must respond to using query-based exchange, it does not put forth standards for how to exchange data.

Davis also pointed out that while the DxF includes standards for electronic referrals, there are no specifications for electronic orders.

ADT messaging through the DxF should provide more short-term interoperability gains, Davis noted. ADT is a well-established data standard that provides information for events, including patient admissions, registrations, updates and discharges.

Once the DxF is implemented, organizations will be able to delegate ADT data management to QHIOs. Further, receivers of ADT notifications will be able to subscribe to these messages to gain a more comprehensive view of their patients' care across different facilities.

"I'd like to see how that develops in the next six months," said Davis. "We have not yet benefited from that, but we're hoping that we will."

Integrating community-based organizations

The panelists noted that ensuring community-based organizations have the necessary resources to participate in the DxF will be critical to the framework's success.

Success of the framework will depend on its ability to integrate community-based organizations effectively, ensure security and address specific use cases.

"What's so unique about the California Data Exchange Framework is the way it wants to bring in the public health and the community benefits organizations that are not included in the federal bills," noted Davis. "Whether we can do that well depends on resources for them, and I don't think that they're going to be able to do that alone."

Davis pointed out that these community-based organizations might not have the health IT infrastructure, expertise, bandwidth or resources to update their systems to participate in the DxF.

David Ford, vice president of health information technology at CMA, agreed that additional policy is needed for DxF implementation.

However, he underscored that excitement around the DxF from community-based organizations should be acknowledged. Additionally, in certain parts of the state, community-based organizations are already sharing data through community information exchange.

"San Diego County, by and large, is ahead of most of the rest of the state because of their community information exchange, so I think there are pockets where it is working very well," Ford said.

He noted that many community-based organizations received DxF grants to help them comply with the new data-sharing regulations.

"I think we're hopeful that more of that's going to happen in the future," said Ford.

He emphasized that ensuring community-based organizations can participate in the DxF will be critical for California Advancing and Innovating Medi-Cal (CalAIM), a long-term plan to improve California's Medi-Cal program.

"We can't do CalAIM without bringing those folks into the fold, and so I guess I'm just hopeful that we can just go out and get more of them involved," Ford said.

Security concerns

The conversation also touched on the complexities of privacy and security for the DxF, especially concerning non-HIPAA entities.

"It seems that there's a cyber event constantly," said Erica Galvez, CEO of Manifest MedEx, a nonprofit HIE and DxF QHIO. "I think there is trauma for most, if not all of us, from the Change Healthcare event."

Galvez said that the Change Healthcare cyberattack, which occurred in late February, prompted the HIE to implement "even more diligence than we've had historically" for data privacy and security.

"We have to balance information sharing with privacy and security diligence," said Galvez.

Adam Davis echoed these concerns, noting that smaller organizations' security frameworks need to be examined more closely.

"The security issue goes back to resources," he said. "Certainly, the discomfort for HIPAA-covered organizations sending patient information to non-HIPAA-covered organizations, despite the regulations, is uncomfortable just because of their lack of experience with security."

Davis also pointed out the need for more detailed security specifications within the DxF.

"I'm not a technical security expert, but there's less depth of specifications about security in this regulation than in some of our other federal regulations," he noted.

Focusing on specific use cases

As the state continues to advance its public health vision through the DxF, stakeholders suggested that focusing on specific use cases could help streamline implementation and provide tangible benefits.

"I think the California Data Exchange Framework tried to be all things at once, and public health is a great example of that," said Davis. "I think having a more use-case-focused California data exchange framework that tried to master one thing really well would be beneficial."

Ford agreed, suggesting that addressing housing insecurity would be a logical public health use case to pursue using the DxF.

"We know it's a problem in California," he said. "We have expensive housing. We have a homeless issue. It just seems like the natural place to start."

As California continues to implement the DxF, the success of the framework will depend on its ability to integrate community-based organizations effectively, ensure security and address specific use cases.

Hannah Nelson has been covering news related to health information technology and health data interoperability since 2020.