Patient Privacy

CHIME Fall Forum Interview Series: Todd Rogow, CHCIO, Senior VP & CIO, Healthix

Todd M. Rogow, MPA, CHCIO

Todd M. Rogow, MPA, CHCIO Healthix

Healthix is the largest public health information exchange (HIE) in the nation, serving the most comprehensive range of organizations in New York, from the largest hospital systems to the smallest community health centers and physician practices. Healthix delivers data of more than 16 million patients to participant organizations that include hospitals and health systems, provider practices, behavioral health organizations, long-term and sub-acute care organizations, health plans, other public HIEs, and private HIEs. Todd Rogow, Senior VP & CIO, recently led the organization’s move from an outsourced resource model to an insourced technical team, including the implementation of a robust security program and SOC 2 Audit. In this interview, Todd elaborates on the benefits of building a mission-driven internal team to support the HIE, including improved scalability, nimbleness and responsiveness, but also cost effectiveness and innovation. Todd also shares his perspective on HIE funding models and sustainability, innovative approaches to patient identity and matching, leveraging predictive analytics to drive insight to the point of care, and the responsibility of the HIE in ensuring security and privacy.

CHIME Fall CIO Forum provides valuable education programming, tailored specifically to meet the needs of CIOs and other healthcare IT executives. Justin Campbell, of Galen Healthcare Solutions, had the opportunity to attend this year’s forum and interview CIOs from all over the country. Here is the next interview in the series:

Key Insights

When I joined Healthix two and a half years ago, I observed that we were losing ground because we were getting 11K new potential patient matches every day that required manual review.  With such a high volume, we couldn’t possibly keep up using a manual approach.

Having direct relationships with our vendors – whether they represent an application we leverage, hardware we run, or a service provider we work with – expedites the process of getting results by removing unnecessary overhead.

Insourcing the IT work has allowed us to become experts and facilitated a mission-driven, dedicated team that stays on top of our operations and growth. Being in this unique niche of healthcare IT and health information exchange really makes this approach advantageous.

Of key value to residents of New York is giving them access to their healthcare data. It’s something that we’ve taken steps to deliver through APIs made available to any of our participants that wish to tap into Healthix.  This enables them to make Healthix data available to patients through their own patient portals.

We believe that federal and state funding will continue to be a part of our sustainability model moving forward, although we can’t be sure of funding levels.  We are always exploring other revenue streams.

As a steward of PHI, Healthix understands that it is critically important to secure the data that we are entrusted to hold.  Technically, we do not own the data; it comes from a variety of participating organizations such as providers, payers, behavioral health, pharmacies, or in some cases Medicaid. It is therefore our obligation to protect it to the highest security standard we can offer.

Campbell: Tell me more about your bio, background, career trajectory, the organizations you’ve worked with, and the technologies they use.

Rogow: I’ve been involved in healthcare information technology for 15 years. I got my start working with electronic health record systems while as a contractor at Northrop Grumman, working for the Department of Defense. I helped to build their unique custom EHR, which was used by DoD, and spent several years enhancing that EHR product, from seeing its client-server application evolve, to helping create its first cloud hosted model. I then moved into the HIE space, spending over 5 years at HealthInfoNet, the statewide HIE for Maine. I was among the first five employees engaged there and saw the organization grow to a staff of 27. I led the redesign of the HIE from a technology perspective. One of the first things we did was to evaluate best-of-breed vendors to design an effective HIE solution for collecting data and providing real-time services to the participants, who are really the customer base.  The participants were comprised of clinicians in Maine’s healthcare community.

HealthInfoNet really shaped me and set me on a good path for what we’re doing here in New York. Going through that rebuilding experience and tackling scalability, having scaled the Maine HIE to be truly statewide, was impactful. In terms of the data we were collecting, the organizations we worked with ranged from behavioral health, with HIV sensitive data, to the common clinical data you would expect from reference labs or from hospitals or private practices.

When I joined Healthix, it was really to redesign the HIE, and begin a program to insource operations. For several years before I joined, the IT department was outsourced. One of the major tasks I was given was to build a team to handle the complexities of this business. We talk about Healthix as the largest public HIE in the nations. We really measure not just for the number of connections or data feeds we have built, but rather the size of the population we serve. At this point, we’re well over 16 million unique identities which contain clinical information. We have a lot of people who come in and out of New York City from all over the state, the country and even the world who may end up in our healthcare system.

On average there are 46 million messages coming into the Healthix system.  Over the last few years we’ve really focused on pushing data out. Like HealthInfoNet, Healthix is a real-time HIE, and that is where a lot of the value lies.  We have close to a half million real-time clinical alerts each month and push out over one hundred thousand continuity of care documents. In many cases, we build a tight integration into the EHR product, especially in those cases where the participants don’t have that capability, depending on the vendor they use.

Campbell: A well-rounded overview. I appreciate you reinforcing some of the high-level statistics you publish and highlighting some of the advanced work that’s occurring within the exchange today. If we could dive into one topic in particular, you mentioned managing more than 16MM lives. I want to touch on identity. You provided some detail around how a patient search is accomplished through demographics and MRN. Tell me a little bit about Healthix’s patient matching and identity management strategy, how exceptions might be handled, and what solutions you may leverage.

Rogow: I’ll provide you with another number. If you think of the variety of data sources that feed into Healthix – behavioral health, private practice, and hospitals – we get different medical record numbers from each of those organizations. As such, we have just over 58MM MRNs that we’ve brought in for the 7-8 years of data that we have. The challenge, as you pointed out, is really knowing that Todd Rogow is the same thing as T Rogow or just Todd Rogow who has gone to a different organization and has another unique identifier associated with him. We’ve been able to boil that down to close to 16MM unique identifiers and we have a couple of technologies in play that facilitate patient identity. We use IBM’s product, which was built by Initiate.

In addition, the velocity of matching associations wasn’t fast enough for us. We had a lot that fell into a gray area where we think they’re the same person, but they really need to be manually reviewed. As you can appreciate, this is extremely laborious. When I joined Healthix two and a half years ago, I observed that we were losing ground because we were getting 11K new potential patient matches every day that required manual review.  With such a high volume, we couldn’t possibly keep up using a manual approach. To automate the process, we contracted with Verato, a company that has a service that does something unique. They realized a while ago that there are a lot of public records for Todd Rogow. For example, I have an electricity bill, so there’s a public record of me and my address. There could be a credit agency that also has my name and my address and could include other things like a social security number, home phone number, or my date of birth. All of this is publicly available. They built an application that we reach out to as a service through an API, and we provide two identities for who we think may be the same person. We’re not certain, so we reach out to them and we ask them to query their public datasets from credit agencies, public utilities, etc., and come back with a recommendation on identity matching. Basically yes, maybe or no. It’s similar to what IBM is doing, but it’s another pass with more data that we don’t have access to.

With that, we have seen tremendous improvements. Not only have we dropped our manual approach of auditing these records individually, but we were able to go back and revisit our full backlog – anything which was a potential match. We were able to further collapse, by several million identities, and consolidate clinical records. From a clinician’s point of view, we’re now bringing extra clinical value around the proper identity of the patient and all of his/her records through that service. That’s been a really big improvement that we’ve made since I joined Healthix, and represents a new vendor that we’re working with very effectively.

Campbell: From sitting in on a New England HIMSS HIE advocacy panel event put on in early spring, outside security and privacy, identity is top of mind for HIEs. Thank you for elaborating on that. Shifting gears, you mentioned that you had out-sourced and then moved to an in-sourcing model. What challenges occurred with that, and what benefits did you realize as a result of moving to that model?

Rogow: I’d like to spend more time on the benefits, but let’s start with some of the challenges of moving from an outsourced to insourced resource model. A lot of companies go through the opposite – moving from insourced to an outsourced model. They think that outsourcing is better, only to swing the other way and insource. Just before I was hired, Healthix realized we needed more direct control over our destiny. What I mean is Healthix wanted to be very responsive to its customer base, and found that this was hard to do through 3rd party intermediaries. Having direct relationships with our vendors – whether they represent an application we leverage, hardware we run, or a service provider we work with – expedites the process of getting results by removing unnecessary overhead.

The other aspect is that Healthix didn’t feel that the growth we wanted to undertake could be accomplished without a change. Specifically, we didn’t feel that an outsourced vendor could keep pace with the scalability and amount of security required. Given the scope of the PHI stewardship responsibility of the organization, we felt that it was important to have that control.

As such, the organization engaged me to build a team and tasked me to insource our operations. Based on my prior experiences with HealthInfoNet in the state of Maine, I had familiarity with IBM Initiate for EMPI, and we leveraged Orion for the clinical data repository and clinical portal front end. However, Healthix implemented InterSystems HIE, so there was a little bit of a learning curve for me. The approach I took was to evaluate our system support needs and build a team that would address those needs. Certainly, there are some core roles you know you need to fill right out of the gate, but beyond that, there was examination of where resources were needed internally to be as responsive as possible to our customer base.

Once the core was in place, we directed focus on building new features and evaluating what resources we needed to tackle those initiatives. All-in-all, this approach offered tremendous benefits. We’ve witnessed enhanced scalability and quicker response times; a result of the direct relationship with our vendors. A major side benefit was the overall cost reduction we observed. We knew that if we were to try to scale to the same level where Healthix is today with an outsource arrangement, the costs would be too high. Insourcing the work allowed us to become experts and facilitated a mission-driven, dedicated team that stays on top of our operations and growth. Being in this unique niche of healthcare IT and health information exchange really makes this approach advantageous.

Campbell: I couldn’t agree with you more. It emphasizes the point that Ed Marx made at the NYSHIMSS meeting in that, it’s all about culture, and the ability to tap into that passion through a mission-driven team. The tough part is surely getting up to speed on a platform you aren’t necessarily familiar with, and identifying those roles you need to fill – whether its data governance and harmonization, or security and infrastructure. It’s great to hear that you were able to recognize some cost efficiencies as a result.

Rogow: Interestingly enough, we went through the same thing in Maine when I first joined HealthInfoNet. As I previously mentioned, when I first joined, I was among the first employees hired, and at that point, we had outsourced the IT portion as well. I brought that in-house. Being mission driven in this niche of healthcare really does attract the best people, and there is a lot of dedication that follows.  Ultimately, we are impacting patient care.

Campbell: I imagine you have countless stories of facilitating care coordination where key insights derived from the HIE are driven to the point of care as a result of the exchange.

Rogow: Absolutely. Both at HealthInfoNet and Healthix, I’ve heard stories where our staff goes out to visit with sites and they tell us how they are treating complex patients and how our service is being used to push insights out to them. It drives the point about mission home, and even though my staff are focused on keeping the system up and adding new capabilities and functionality to make it a more useful service, they believe, and I believe, that we are really saving lives. Not only saving lives, but also helping to improve healthcare for patients. That’s why we’re here and in this business. To have our staff get exposure to that is impactful when it comes to our mission.

Campbell: That covers the value proposition of HIEs quite well, but what about sustainability and solvency? Funding is an issue that comes up over and over again for both public and private HIEs. Whether it’s a subscription-based model that is used, or perhaps grants in play to prop up the HIE. What does sustainability look like for Healthix? You touched on having a series of clinical notifications planned, but how is that value funded?

Rogow: The state of New York is extremely supportive. The governor made a decision to support a statewide HIE through the use of federal funds that come in through CMS as well as state matching. Just before I joined, we entered into a period of 3 years where the state had allocated funding for us. 90% of our operational funds come from either federal or state funds. Before that, it was very similar to the model for Maine’s HealthInfoNet, where each participant, whether it be a hospital or private practice, would pay their portion of a service fee that would help fund the operation. We believe that federal and state funding will be a part of our sustainability model moving forward, although we can’t be sure of funding levels.  We are also exploring other revenue streams.

We’ve introduced new services, such as predictive analytics, focusing on the top 5-10% of the population that could be, or are the highest cost patients. We aim to get in front of the cost curve, and be proactively impactful, giving the care management teams of healthcare organizations an indications as to who the individuals are that we believe are likely to present in the ER or another inpatient setting, or have the potential of having a chronic condition. We highlight these patients so clinicians can effectively reach out to highest need patients. That is a Healthix service which customers are paying for today.

Other areas we’ve been exploring are customized real-time clinical event notifications. We offer a lot of the basic trigger events. For instance, if a patient presents in the ER, that will trigger an alert. However, if we’re able to provide a chief complaint, and other key data within that alert, that provides greater value to the provider or care manager.  Increasingly, we’re able to identify   services that our customers’ value and are willing to pay for. Healthix received funds for grants from various agencies, some at the New York City level, where we work on specific projects. As such, the grant money is really project-based and not a significant source of income.  Many feel that HIE shouldn’t rely on local city, state, or federal government picking up the entirety of the bill, but they do feel that there is a role for them to play in terms of funding. We’ve always thought of the three-legged stool in terms of funding – providers paying a service fee, the payers or insurance companies paying a fee, and the government contributing the remainder. The public services that we offer comprise the majority of our expenses, but we’re trying to make it a model where funding is more diversified across those we serve.

Campbell: It sounds like a very sound model. As you said, the point can’t be underscored enough in that it is truly a public service. What Healthix is doing is facilitating healthier New Yorkers, and healthier populations.

Rogow: We feel that there is a lot of untapped potential with delivery of services around predictive analytics and engaging providers or communities.  As they’re receiving a direct benefit from it, we can monetize those services. We certainly aim for a diversity of revenue stream, but having the backbone of government funding is critical. It’s helped us to mature as an organization, and to really show our value.

A critically important public value is giving the residents of New York access to their data. It’s something that we’ve taken multiple actions to deliver through APIs available to any of our participants that wish to tap into Healthix, so that they’re patient portals can make the data available for patients. Of course, all of this is contingent upon patients providing their consent, which is heavily controlled.

Campbell: That’s a great point. Being mission-driven, the most important entity in all of this is the patient. I myself use the MAHIway, and can appreciate the utility of having my chart available and being an active participant in my health. This is especially pronounced if you are managing many chronic conditions; having the HIE to lean on can be critical.

Rogow: It’s so important. We have a lot of HIEs across the country that are doing well overall and the service is getting more valuable as time goes by and technology improves. However, what’s really going to be a game-changer, is putting that control in the hands of the patient; when you’ve got a mobile device that provides you access to your records and allows for your records to be transportable. We are on the cusp of witnessing the patient really taking control of their records and leveraging that control to change healthcare. Not just the access to their clinical data, but providing awareness and contextual information around where to go for the best treatments, for instance.

Campbell: It certainly seems like there is a convergence taking place that will lead to data liberation. We know that the patients are clamoring for it given what’s at stake. Shifting gears a bit, at the NYSHIMSS meeting, the collaboration that occurs with other HIEs in New York through the SHIN-NY was highlighted. Can you touch on that and perhaps speak to other registries that you may integrate with?

Rogow: Starting at the highest level, we are connected to the Sequoia project, which is really the framework to exchange clinical information across the country. We’re also close to going live with the Veteran’s Administration for bi-directional exchange of clinical data with VA hospitals and ambulatory organizations. In terms of the SHIN-NY, it’s really a statewide clinical information exchange that’s comprised of each of the HIEs in the state. Right now, there are 8 of us serving the upstate and downstate regions. Since I’ve joined Healthix, we’ve witnessed a great deal of consolidation, which is a good thing. We know that people work, travel, reside and receive healthcare across geographic regions. Recognizing the size of the state’s population, and also the large geography, we have to collect data on behalf of the residents, regardless of the boundaries. This can be challenging, but there are services in place to identify that resident across the entirety of the state. This allows records to be exchanged within the state boundaries, and really offers a statewide support structure. Even though Healthix’s primary territory is New York City and Long Island, those boundaries go away when patients and providers retrieve data.

Going down to the next level, you mentioned attaching to different registries. We support several public registries. One in particular is the New York City Department of Health AIDS Institute. Their mission is to monitor the health and treatment of HIV+ individuals in our community and retain them in care. We identify HIV+ persons and the care they are receiving, so NYSDOH can focus public health surveillance efforts to ensure linkage to care, retention in care, antiretroviral therapy, and viral suppression.

Another registry we support that is kind of unique to New York State is what’s called eMOLST, around an end-of-life legal document. MOLST is a clinical process that emphasizes the discussion of patient’s goals for care, including shared medical decision-making between health care professionals and patients who are seriously ill or frail. The result is a standardized set of medical orders documented on the MOLST form that reflect the patient’s preferences for life-sustaining treatments. Our partnership with Excellus BCBS gives providers access, through the HIE, to the medical orders and wishes for an end of life patient.

We support a New York City Dept. of Health and Mental Hygiene service called NYCEPS – the New York Emergency Patient Search program. – After a mass casualty incident, a key concern is locating and assuring the safety of loved ones who may have been affected and cannot be easily reached or located. NYCEPs queries real-time patient data through Healthix, particularly information from encounters at acute care hospitals and nursing homes – all with the intention of facilitating family reunification. NYCEPS staff can help search for a missing person who may have been treated at a New York City hospital, thereby giving families’ one place to inquire about a family member. This potentially reduces the overwhelming number of phone calls to individual healthcare facilities which are already overburdened in times of crisis.

Campbell: Thank you for elaborating on those initiatives and advanced HIE use cases. It’s fascinating and compelling to see the many tentacles coming out of the HIE and the numerous entities that directly benefit. Any final thoughts you’d like to offer?

Rogow: I’m going to settle on security as the final thought, though it’s always at the very top of our minds. We will be undertaking the HITRUST certification by the end of next year. We’ve taken a lot of steps towards that third-party certification and have undertaken other measures, including going through a SOC 2 compliance and achieving that certification. These are critical when handling volumes of PHI.

As a steward of PHI, Healthix understands that it is critically important to secure the data that we are entrusted to hold.  Technically we do not own the data; it comes from a variety of participating organizations such as providers, payers, behavioral health, pharmacies, or in some cases Medicaid. It is however our obligation to protect it to the highest security standard we can offer.

With the recent press around ransomware attacks and digital security threats, Healthix takes this extremely seriously and dedicates a fair amount of resources and operating expense to implement the technology as well as secure the data. It’s an important message for people to understand: we consider this one of our highest priorities.

We talked about obtaining the patient’s consent in order for providers to access their record for treatment and quality improvement. The model we’ve implemented in New York State is consent to access (similar to an opt-in model).  This is what enables a clinician to look up a patient’s record. Typically, consent is obtained during the registration process. We have the proper technology in place so that we are able to control contextual access to the data, which could be sensitive, to ensure it is properly accessed by authorized and authenticated users.

Campbell: It’s reassuring to know that those safeguards are in place. It’s also refreshing to hear how serious Healthix takes their role as being a custodian of the data, especially in light of all of the other initiatives and operational functions. Considering the volume and velocity of the data, it must be top of mind, so it’s great to see that you folks are a leader in that area.

Rogow: When I came onboard, it was critical for me to bring on a Chief Information Security Officer. Our participant organizations and leadership continue to make this a priority.

Campbell: Thank you for taking time to speak with me. This has been extremely enlightening, and I am appreciative of you sharing your experiences, insight and wisdom.

About Todd Rogow

Todd M. Rogow, MPA, CHCIO joined Healthix in 2015 as the Senior Vice President and Chief Information Officer, where he is responsible for providing the vision, strategy and day-to-day operational leadership for all technical aspects of the company. Todd brings a wealth of knowledge and industry experience and has worked in the health information exchange space for over ten years.

Todd joined Healthix during a period of rapid growth and innovative change. He has fulfilled a critical role of building and leading Healthix’s Information Technology function, migrating its technology development and operations in-house through the implementation of next generation application software and completing the technical systems merger of several HIE organizations that now make up Healthix. He has driven a comprehensive security program at Healthix that includes the onboarding of a Chief Information Security Officer and achieving SOC2 security.

Before joining Healthix, Todd served as the Chief Technology Officer at HealthInfoNet, Maine’s State HIE. With 20+ years of experience, primarily in directing technical projects, he has provided business and consulting services to a range of Fortune 100 companies and many government agencies including the Department of Defense. Todd has served as a subject matter expert at conferences and on national and international panels and at conferences on the subject of healthcare technology. He has also authored a number of publications and case studies.

Todd has a Master’s in Public Administration and a BA from the University of Vermont. He is a certified Project Management Professional (PMP) and a 2012 graduate of the Hanley Center’s Health Leadership program. In 2016, he became one of only a few hundred Certified Healthcare CIOs in the nation.

About Justin Campbell

Justin is Vice President, Strategy, at Galen Healthcare Solutions. He is responsible for market intelligence, segmentation, business and market development and competitive strategy. Justin has been consulting in Health IT for over 10 years, guiding clients in the implementation, integration, and optimization of clinical systems. He has been on the front lines of system replacement and data migration is passionate about advancing interoperability in healthcare and harnessing analytical insights to realize improvements in patient care. Justin can be found on Twitter at @TJustinCampbell and LinkedIn.