NC HIEA March 2022 Update

The clinical data flowing through health information exchanges can help providers navigate the trickiest parts of value-based care: treatment notifications, medications and diagnoses. Notifications help primary care providers accurately assess patients' care needs and risk and reconcile medications, promoting high-quality care and cost savings.

HIEs a Utility for Closing Data Gaps in Value-Based Care, Improving Health Outcomes, and Increasing Cost Savings

Jonathan Fowler, vice president, operations

Cary Medical Management

The clinical data flowing through health information exchanges can help providers navigate the trickiest parts of value-based care: treatment notifications, medications and diagnoses.

Notifications help primary care providers accurately assess patients' care needs and risk and reconcile medications, promoting high-quality care and cost savings.

"One of the biggest problems in value-based care contracts is knowing the health of your patients and where they have gone for care," said Jonathan Fowler, vice president of operations with Cary Medical Management (CMM). "Care is fragmented on both the practice and the hospital side of things due to the information silos created by EHRs [electronic health records]."

Under value-based contracts with payers, providers share in the savings when they deliver quality care at lower costs than expected based on patients' conditions. Often, though, critical clinical information is missing. Those data gaps could impact the quality of future care, and providers might not receive all the shared savings they are entitled to from payers.

Fowler gave the example of a patient with diabetes. A provider might enter a diagnosis code only for diabetes but not all the associated conditions. Neither the patient nor the payers would know the patient's full health risks and therefore could not utilize all the tools of value-based care to change the patient’s outcomes.

"We want to know all the diagnoses and medications," Fowler said. "And you don't want to leave any of that information unreviewed by the primary care team. Your providers might be doing a really good job taking care of somebody’s diabetes, but if we are unaware of conditions diagnosed by other providers, we might not be able to change the outcome and share in the savings to the system. That's the trickiest wicket in value-based care."

Rocky Mount Family Medical Center (RMFMC), which is serviced by CMM, found a solution to obtaining reliable, up-to-date and comprehensive patient information through North Carolina's state-designated health information exchange, NC HealthConnex.

RMFMC providers can use NC HealthConnex to access patients' diagnoses, medications and care from other practitioners and facilities. That makes it easier for them to accurately assess patients, deliver appropriate care and communicate comprehensive patient information to payers and accountable care organizations.

"NC HealthConnex does save a lot of time, and it's good-quality information," Fowler said.

RMFMC began using NC HealthConnex's patient-encounter alert system, NC*Notify, to make sure they were notified every time their patients got treatment at hospitals.

Missing notifications in hospitals' EHR systems meant that RMFMC providers could not appropriately treat their patients, who were consequently more likely to be readmitted to the hospital.

Fowler noted, "I hear from providers across the state that they frequently don’t know their patient was admitted until they are behind the exam room door in an office visit that should have been a hospital follow-up. Then we are really scrambling for records and continuity."

"Those readmissions are horribly traumatic for our patients and expensive to our shared savings model," Fowler said. "We have a great interest in getting those folks taken care of and getting the providers prepared to take care of them so that they don't get readmitted. It’s better for our patients clinically and financially in terms of copays, and it earns cash in terms of shared savings for our practice."

NC*Notify alerts made a "dramatic" improvement in the hospital discharge notifications received by RMFMC, Fowler said.

"Before, nearly 40% of discharges were not readily available for our care coordinator," said Siu Tong, chief executive officer of Cary Medical Management. "NC*Notify reduces cost and human suffering."

RMFMC providers now get alerts when their patients receive care at hospitals and clinics locally and throughout the state. In addition to giving appropriate care, providers can direct patients to the least-expensive treatment options, depending on their willingness to travel.

"We want to fix this problem broadly, and if we can, then everybody wins," Fowler said. "The community wins on efficiency and having healthier people in the community. Patients win because they have good discharge coordination and don't get readmitted. Practices win because we know that we're taking better care of our community and getting paid what we deserve to do it."

NC HIEA Reaches Out to Providers, Offers Legislative Recommendations Before Extended Connection Deadline

The NC HIEA is reaching out to providers about the legislative requirement to connect to NC HealthConnex, the state-designated health information exchange (HIE), before Jan. 1, 2023; its Advisory Board has offered recommendations to the state legislature on how to facilitate these connections.

Last summer, as the COVID-19 pandemic created enormous challenges for health care, the NC HEIA worked with the N.C. General Assembly to amend the Statewide HIE Act (see NCSL 2021-26). In addition to extending the connection deadline, the legislation required the NC HIEA and its Advisory Board to undertake a large-scale effort to determine the status of statewide connectivity among providers, develop recommendations to support enforcement of the HIE Act, and report on these initiatives to the state legislature.

In February and March 2022, the NC HIEA contacted unconnected providers by mail and email informing them about the Jan. 1, 2023, deadline and how to connect to NC HealthConnex.

The NC HIEA’s Advisory Board also submitted a legislative report with three overarching recommendations for consideration of legislative action by the Joint Legislative Oversight Committee of Health and Human Services for the Short Session, which will convene in mid-April. These are: 

  • Establish clear enforcement articles of the HIE Act
  • Change voluntary designations for certain providers
  • Add two seats to the Advisory Board to represent provider-accountable care and state-funded payer partners

Providers and organizations are encouraged to take immediate action to understand the requirements of the HIE Act and begin the connection process before the deadline. 

Monthly How to Connect Calls are held the last Monday of the month at noon. Register for the next call.

The NC HIEA will monitor short session actions closely and provide updates to the provider community.

2021 Trends Show Increased Globalized Threat of Ransomware

Sophisticated, high-impact, ransomware attacks against critical infrastructure, including health care organizations, increased globally in 2021 and are only expected to rise amid global geopolitical conflict in 2022, according to a joint cybersecurity advisory from the U.S. Cybersecurity & Infrastructure Agency (CISA).

Health care organizations, particularly electronic health records (EHR), can be top targets because the protected health information they maintain can be profitable on the dark web or black market. In 2021, incidents compromised more than 40 million patient records, according to the U.S. Department of Health and Human Services (DHHS).

The top three avenues of attack for ransomware in 2021 were phishing emails, remote desktop access exploitation and exploitation of software vulnerabilities. EHRs are commonly targeted by phishing attacks, malware and cloud threats.

The U.S. DHHS recently published a brief on these threats and steps health care organizations can take to mitigate them.

  • Keep all operating systems and software up to date on all workstations and mobile devices.
  • Limit access to resources over internal networks (e.g., restrict remote-access use). 
  • Implement a user training program and phishing exercises to raise awareness among users. 
  • Require strong passwords, or implement multi-factor authentication.
  • Be suspicious of unsolicited emails or messages that seem out of the ordinary – even from people they know.
  • Do not click on links and attachments they are not expecting. If there is any doubt, check with the sender using another method of communication.
  • Visit and download information only from trusted sources.
  • Learn about cybersecurity threats and how to protect themselves from reputable sources, such as the N.C. Department of Information Technology, National Cybersecurity Alliance, CISA's Cybersecurity Awareness Program and

Learn more in NCDIT Enterprise Security and Risk Management Office's March Cybersecurity newsletter.


Upcoming Events

  • NC HealthConnex Teletown Hall

    Wednesday, March 30, 2022, 12 p.m. to 1 p.m.

    Hear about how you how you can get the most out of NC HealthConnex's Controlled Substance Reporting System, single sign-on, bidirectional connections, NC*Notify and clinical portal. Find how to attend.

  • Quarterly User Audit Kicks Off

    Thursday, March 31, 2022

    NC HealthConnex Participant Account Administrators contacted by email should complete their user audits. See the Quarterly Audit Quick Reference Guide, or for assistance, contact the NC HealthConnex Help Desk Team at or 919-531-2700.

  • Upcoming How to Connect Call

    Monday, April 25, 2022, 12 p.m. to 1 p.m.

    Interested providers are invited to join a monthly call to learn about who we are at the N.C. Health Information Exchange Authority. Register for the next monthly call.

  • NC HIEA Advisory Board Meeting

    Thursday, June 16, 2022, 2 p.m. to 5 p.m.

    Find out how to join the second quarterly meeting of the NC HIEA Advisory Board.


In the News

FHIR vs. HL7 Version 2: What to Know for Healthcare Interoperability — What should health interoperability look like in less than a decade? One data exchange standard has been used since the 1980s, and the other is ushering in a new era of interoperability.

Clinical Interoperability is Close to Being Realized — David Lareau, CEO of Medicomp Systems, talks about the convergence of technology and regulatory requirements to enable more seamless data exchange for care coordination and patient empowerment.

Standardized APIs Could Finally Make It Easy to Exchange Health Records — A federal law requires that the process be simplified by the end of 2022.

Hospitals at Home Poised To Save Money, Keep the Patient in Familiar Environment — Instead of getting care in a raditional in-hospitalthe care comes to the patient using a hybrid of technology and in-home care.

Five HIE Myths Dismissed — Two speakers at HIMSS22 dispel five myths that are obstructing the health information exchange evolution.