Health Information Exchange: NHIN: The New Health Internet

January / February 2010
Health Information Exchange

NHIN: The New Health Internet


I have not been a big fan of the National Health Information Network (NHIN) concept. It was — and in large part still is — a top-heavy federal government effort to create a nationwide infrastructure to facilitate the exchange of clinical information. That is a high, lofty, and admirable goal, but one that is too far in front of where the market is today. Building the NHIN is like creating an interstate highway system (something that did not happen until Eisenhower came to office) while we are still traveling by horse and buggy. Through my firm, Chilmark Research, I have argued for a more measured approach, beginning locally with health information exchanges (HIEs) established by independent delivery networks (IDNs) (where there is a clear and compelling business case) and regional health information organizations (RHIOs) in areas where competitors willingly chose not to compete on clinical data, rather seeing greater value in sharing such data.

What if the folks in Washington stopped talking about the NHIN as an uber-health exchange and positioned it instead as a consumer-focused platform?

That is basically what happened in late September at the ITdotHealth event, where Aneesh Chopra, the new federal chief technology officer (CTO), and Todd Park, the new CTO in the Department of Health and Human Services (HHS), presented a new concept to a select group of thought leaders who had gathered to discuss the idea of platforms in HIT to support discrete, substitutable, modular applications (Halamka, 2009). Chopra and Park wanted to float this idea among the movers and shakers of new models for HIT, gauge their interest, and ultimately solicit support for the concept.

In something of a re-branding exercise, Chopra and Park are proposing that the NHIN now be viewed not solely as a clinician-to-clinician care coordination exchange platform, but rather one that also will focus on the consumer, creating a secure “Health Internet” to facilitate consumer access to and ultimately control of their personal health information (PHI). The Health Internet will not be a completely new Internet, rather — like the NHIN — it will leverage the existing Internet and its protocols, including various privacy and security features required for safe transmission of clinical data. The basic NHIN — let’s now refer to it as the Health Internet — retains characteristics of the technology stack that supports an independent software vendor’s (ISV) ability to build applications for consumer consumption (e.g., health & wellness services, PHRs, etc.):  platform independent, open source, and freely available with published standards. In June, I attended the NHIN CONNECT conference and published an essay that provides a few more specifics on the Health Internet (Moore, 2009).

At the ITdotHealth event, many of the participants — e.g., Google Health, HealthVault, MinuteClinic — stated that they “are in” and are willing to work with the government to insure that their respective platforms/services will be able to readily connect to and exchange PHI in response to a consumer’s request over the Health Internet. Even EMR giant Cerner voted tentative support for the idea if the Health Internet would assist them in helping their customers (clinicians, clinics, hospitals) meet some of the forthcoming meaningful use criteria being formulated by Centers for Medicare & Medicaid Services (CMS). Chopra at the June CONNECT event and Park at ITdotHealth basically inferred that providing the capability for an EHR to connect to the Health Internet would address some aspects of meaningful use (see sidebar).


In February 2009, President Obama signed the American Recovery and Reinvestment Act (ARRA) to stimulate the economy. Within ARRA, nearly $44 billion was put aside for healthcare IT and that vast majority, some $36 billion, was targeted for physician adoption and meaningful use of certified electronic health record (EHR) software. Physicians adopting and meaningfully using a certified EHR will be reimbursed $44,000. Hospitals are eligible to receive up to $11 million in reimbursement.

Within this body of legislation, the definition of “meaningful use” was purposely left vague to allow HHS to define this term in greater depth. The legislation, however, did offer guidelines as to what meaningful use should target, which were three topical areas:

  • Electronic prescribing
  • Quality reporting
  • Information exchange in support of care coordination

In July 2009, a special HHS appointed task-group developed a comprehensive set of recommendations defining meaningful use guidelines. These recommendations were approved by HHS and subsequently passed over to the Center for Medicare and Medicaid Services (CMS) to develop rules. CMS released a draft version of the rules on December 30, 2009. After the customary comment period, final rules are scheduled for release in the spring of 2010. For more information, visit the ONC blog, HIT Buzz, at


Chopra also stated that he has the support of numerous federal agencies (Department of Defense [DoD], CMS, and others) that are now working together with HHS to define how the Health Internet might serve their respective constituents. Those agencies have not yet formally committed to allowing PHI to migrate to the Health Internet, but today are addressing the critical process issues of consumer access, control, and consent as they pertain to on-ramping PHI to the Health Internet. I believe these issues will be resolved shortly. When that happens, we can expect significant movement of PHI across the Health Internet. For example, the DoD alone has nearly 4 million active duty members (multiply that by 2.2 for dependents, and the number skyrockets to over 8 million) whose PHI may begin to flow on the Health Internet.

Google Health, HealthVault, and other PHR vendors will not be the only beneficiaries of the Health Internet. A representative of the VA (yes, VA is a supporter as well) related that this will allow veterans to choose the best services available in the market to assist them in managing their health. No longer will the VA have to try and create such applications itself, or find partners to create apps to sit on top of the VA PHR HealtheVet. Instead, the VA can simply direct veterans to the Health Internet and instruct them how to access the services they need.

This is exactly what Chopra and Park envision. Chopra stated adamantly that he and Part seek, through the Health Internet, the creation of a fertile environment where innovation can flourish and consumers will benefit.

Finally, HHS & the Feds are Talking About the Consumer
I have been quite disheartened as of late with the lack of attention paid to the consumer, the citizen who ultimately will foot the bill to get doctors and hospitals wired through the ARRA legislation and HITECH Act. I have chided the HIT Policy workgroup for HIEs for failing to acknowledge the consumer’s role and ownership of PHI. I returned from a recent trip to Washington disillusioned by the nearly myopic focus of ONC on clinicians. My primary concern is  that  $44,000 per physician is not enough to insure EHR adoption; another forcing function will be required. What better forcing function than the citizen — the customer of the physician — to drive adoption of EHRs?

Others at HHS and elsewhere appear to have had similar feelings and are now moving aggressively forward with a concept that directly addresses the consumer. Hallelujah!

The Plan
At the ITdotHealth meeting, Park and Chopra stated that if interest is high (and it sure seemed to be at this meeting), they wanted to take that feedback back to Washington and work with the federal team to start laying the groundwork as soon as possible. The goals and objectives they hypothesize include:

  • The federal team will begin by working with industry stakeholders (PHR providers, EMR providers, services, hospitals, federal agencies, and others) to identify the gaps, determine if the existing protocols are adequate, and layout a roadmap. They also stress that they will seek involvement of consumer representatives and privacy advocates to insure their input is included early on in the process.
  • By February 2010, begin filling the gaps and modifying protocols and standards where necessary.
  • Launch beta early in the second quarter of 2010, moving mock PHI over the Health Internet to test the system, make modifications, and harden the network.

It is important to note that these efforts on behalf of the Health Internet are not directly tied to concurrent efforts at HHS with regards to the HITECH Act and clinician adoption of HIT. Rather, the Health Internet is a project of broader, national scope to develop mechanisms for secure, national transmission of clinical data. Yes, it may facilitate care coordination—a prime precept of meaningful use requirements — but this is not its primary objective, and thus the Health Internet is not directly tied to the tight time schedule of the HITECH Act.

Though they did not go so far as to say when the Health Internet will move live PHI, I estimate that the Health Internet will be open for business by mid-2010, assuming all goes relatively smoothly. That is a very fast track, but certainly doable as the core infrastructure is already in place. This exercise is more like fine-tuning than building from scratch.

Next Steps
It is encouraging to see the idea of health information exchange heading in a new direction with the Health Internet, designed to support secure transfer of PHI directed and controlled by consumers. Not only does it finally acknowledge that at the end of the day, all the HIT spending in the world will make little difference if we do not involve those who have the most to gain: consumers. This initiative may also create a fertile environment for innovation.

But there are some challenges ahead for the Health Internet, including:


  • The DURSA (Data Use & Reciprocal Support Agreement), which all NHIN (Health Internet) users (data providers such as physicians,  hospitals, and independent software vendors etc.) must sign to participate, stipulates that participants must abide by HIPAA requirements. HealthVault is now on record stating that they have no problem with HIPAA, but Google is another story. They have been fairly adamant that HIPAA does not apply to them. Will Google now agree to HIPAA? And what about other ISVs and service providers? Will they adhere to the requirements in the DURSA?
  • Beyond the feds and HIPAA requirements, there is a morass of state-specific laws pertaining to the release of PHI, many of which go far beyond HIPAA in their requirements. As the Health Internet looks to create one common “health interstate” for the movement of PHI, how will these state laws be reconciled to allow this to occur?
  • Lastly, there is the issue of bringing awareness to the public. While the vast majority of consumers use Google for a second opinion, very few use the Internet to store, access, and share their records. Very few even know what a PHR is. When I raise the topic in conversations with lay people, I may find one person who has heard of Google Health or HealthVault, but it is a rare person indeed who has any understanding what these services are for and why they might be interested in using such a service. This may ultimately be one of the biggest challenges for Chopra and Park, but to their credit, they are making the right moves now, garnering industry backing, which can assist them in “getting the message out.”

While the Health Internet is still in infancy, it is difficult to predict its ramifications for clinicians. What can be said at this time, though, is that the government is quite serious about facilitating care coordination beyond the confines of a single practice or IDN. In addition to providing a framework and tools such as the Health Internet, which allows physicians, regardless of location, to more easily interact with one another, it also intends to give the consumer a larger voice in how their PHI can be used to facilitate such care. Indeed, we are moving to a new care model that is truly patient/consumer-centric.

More Information can be found at:

John Moore is founder and managing partner of the healthcare IT analyst firm, Chilmark Research, LLC, which was founded in 2007. Current research at Chilmark focuses on the convergence of consumer-driven healthcare policies with consumer-centric healthcare technology and future impact on the broader healthcare sector. Chilmark Research is dedicated to understanding successful PHR deployment and adoption strategies, the future role and impact of major personal health platforms (Dossia, Google Health and Microsoft HealthVault), cloud computing in the context of healthcare IT infrastructure, the increasingly critical role of mHealth apps and new models for incorporating biometric devices, telehealth, and PHRs for self-care and behavioral change. Prior to founding Chilmark Research, Moore led corporate worldwide industry and market intelligence for Europe’s second largest enterprise software firm, Dassault Systemes. Moore blogs at and may be reached at Follow him on Twitter at

Halamaka, J. (2009, October 19). Consumer preferences and the consumer NHIN. Life as a Healthcare CIO. Available at

Moore, J. (2009, July 1) CONNECT: The feds answer to health info exchange. Chilmark Research. Available at

U.S. Department of Health and Human Services. Office of the National Coordinator for Health IT. HIT Buzz. Available at