December Reflections from Intrepid Ascent

Dear Colleagues,

As 2022 draws to a close, both the season and the sequence of events in our field make this a time of deep reflection, anticipation, and hope. The waves of the COVID-19 pandemic have diminished in force and regularity. Hospitals, clinics, and public health departments have begun to emerge from crisis mode to survey the wreckage, to appreciate institutions that held the line, and to consider opportunities to rebuild in new ways. The disparities spotlighted by the pandemic are adding policy-making momentum to integrate health care with allied fields, such as social services and housing, to address the social determinants of health and structural racism. Billions of dollars will flow into the Medicaid delivery system alone linked to related models and initiatives.

Just as importantly, we’ve begun to come together in person again to advance this work. Last week I attended the annual conference of the California Association of Public Hospitals / Safety Net Institute (CAPH/SNI) with several hundred companions. The positive in-person vibes and feedback loops flowed from the podium to the dance floor, which was hopping. And the commitment in the room to a robust public health care infrastructure was infectious and inspiring: check out these videos on award-winning health systems for advancing high quality equitable care in 2022. Several of these efforts incorporate technology tools in new and promising ways, such as linking clinic patients with healthy food delivery (Santa Clara County) and proactively engaging populations to improve health outcomes (Contra Costa County). At Intrepid, we are delighted to be supporting the overall award-winner – Alameda Health System’s BElovedBIRTH Black Centering – to onboard to a public health case management system.

Intrepid took several steps in 2022 that broadened our horizons and positioned us to journey further with our clients in 2023:

  • Early this year we created three consulting groups – Technology Strategy, Policy Innovation, and Community Change – and have continued to hire talented, passionate people to our team  
  • We published a series of “Data Exchange Explainers” with the California Health Care Foundation to inform policy-making for the state’s Data Exchange Framework, honing our abilities to translate complex topics to broader audiences
  • We supported multiple communities in the adoption of technology for collaboration across sectors, from planning to implementation to training and workflow redesign, increasingly in the context of CalAIM goals to transform the Medi-Cal delivery system
  • We expanded our work with public health as it emerges from the pandemic, beginning with the case management system in Alameda County mentioned above, but also with other public health departments building data integrations with health care delivery partners; and we facilitated a multi-region initiative on approaches to addressing congenital syphilis
  • We also broadened our work in the behavioral health arena, assisting multiple behavioral health entities to advance their technology and policy infrastructure for data sharing
  • We actively monitored New York’s proposed 1115 Medicaid Waiver program, engaging in conversations with colleagues throughout the state, as we adapt our services for California’s 1115 Whole Person Care Program and CalAIM initiative to the emerging New York environment; and
  • We prepared new ways for clients to access our expertise, with significant investment in developing toolkits, off-the-shelf resources, and technology-assisted services that will become available in 2023.

We are grateful for the opportunity to participate with you in this transformative moment and look forward to joining forces next year. In the meantime, I hope that all of you are able to slow down, to settle into the changing season, to reflect, and to gather in warmth with family and friends.

See you next year,


Do We Need a Privacy Risk Paradigm Shift to Achieve the Goals of CalAIM?

As California shifts towards cross-sector collaboration under the sails of California Advancing Medi-Cal (CalAIM) there is an increasing need to share data between organizations subject to HIPAA (covered entities) and those that are not (what we refer to as non-covered entities or community-based organizations (CBOs)). For more than 20 years, health care providers have relied on privacy and security frameworks derived from the HIPAA Rules, which provide controls under three primary areas for safeguarding patient data: administrative, technical, and physical. Administrative controls generally encompass the training users would receive and the types of policies that would be implemented to control user access to patient data; technical controls manage the ability to authenticate, authorize, and audit user and system activity against internal misuse and external malicious actors; and physical controls involve the ability to secure patient records and information systems that contain patient data. However, one thing that health care organizations have always needed to manage is what the appropriate balance of these controls is — in other words, where is the greatest risk? 

Currently, most health care data systems are managed via cloud-based software and solutions providers, which generally provide physical and technical security against external threats and distributes some risk away from the organization. Furthermore, organizations can attain additional certifications, such as HITRUST CSF, as required by either health care payors or organizational leadership. Security certifications are generally a third-party evaluation of your security measures according to industry standards and best practices. HITRUST CSF is one of the better-known types of security certifications, but with a particular focus in compliance to HIPAA requirements.

However, this outsourcing of physical and technical security leaves a potential gap: what about data access within a system, or more broadly, within a trusted network, such as a regional or local Health Information Exchange (HIE)? The fact remains that under HIPAA, despite these distributed networks and service providers, it is ultimately the responsibility of a given organization to determine who can access patient data, to what extent, and for what purpose. In health care systems and organizations, the ability to share patient data with other providers within the confines of HIPAA has traditionally been acceptable, as it was assumed the data could is relevant to patient care. This level of access may remove the need for layers of privacy controls for personal health information (PHI); however, what happens if you are a community-based organization, like a homeless shelter or food pantry? This is where a spectrum of philosophies emerge, and the cross-sector data sharing challenge begins.

Most health care privacy and security teams think in two dimensions of patient data: breach and misuse. A breach occurs when patient information is accessible to non-authorized users, whether by a malicious party or when a user with access to the information inadvertently releases it to a third party. These types of events have severe consequences (including fines) for organizations and can potentially threaten patients’ identities depending on the type of information released. On the other hand, misuse occurs when authorized users utilize patient information for unjustified purposes, such as looking up a colleague or celebrity. These types of events can be managed with proper training (administrative) and audit controls (technical). Privacy and security teams generally stop there, but aren’t there other risks, specifically to patient care?

Figure 1, Multidimensional Data Risk Assessment, proposes a different lens that organizations should look through when considering patient data risks. The proportions of the chart are not indicative of any empirical findings, but they could represent a real scenario for any community.  By healthcare organizations deferring to strict access controls, particularly with CBOs, the focus is only on breach of patient data or misuse by CBO staff. However, there are several other risks that could have greater ramifications. What if a referral to an organization only included demographics for a patient contact? How can a CBO really determine eligibility, service needs, and priority without more information? This is a risk which impacts service enablement (i.e., not sharing information with a CBO that is necessary for efficient service enrollment and coordination). An additional risk to consider is patient endangerment, which can occur in several different types of scenarios, such as 1) when people are assigned as roommates in a housing development without considering potential behavioral health issues that may arise between the two, or 2) when medications prescribed by one provider might conflict with those prescribed by another (particularly if the patient did not indicate they were given prescriptions previously). A third major risk category arises in patient experience and the potential for consent fatigue and re-traumatization. For example, should a victim of domestic abuse or child neglect retell their story to several related organizations since they all have strict data privacy policies and do not share relevant information among each other?

Risk is generally the intersection of probability and loss. A breach can certainly be considered a high degree of loss, but often we do not consider the probability of this occurrence. What incentives do malicious parties have with cross-sector information versus web servers that house financial data? Some may offer that identity theft may be the objective, but these systems that contain safety net populations have data which fluctuates constantly, particularly addresses, making it a poor choice for someone trying to establish a fraudulent credit line or bank account. Furthermore, before electronic records, organizations had to trust employees were handling client paper records appropriately and with integrity. How did the onset of technical safeguards diminish this trust? Lastly, reflecting on Figure 1 and cross-sector collaboration involving both HIPAA-covered entities and CBOs, what has the greatest probability of occurring any day of the week:

  1. A hacker will breach a CBO system.
  2. A staff member will look up a client that is also a neighbor.
  3. A patient/client will have to fill out several intake forms with the same information between referring organizations due to strict privacy controls, delaying services while eligibility is confirmed.  

 Critics will continue to cite consent issues and staff misuse/mishandling of information (all valid concerns), along with unique organizational problems as a primary concern above some of the others I’ve mentioned. However, these problems often all resolve to the basic fact that a given organization tends to be most concerned about its own liability versus its patients’ needs. For CalAIM to be successful, we need an effective cross-sector data sharing model that puts patients/clients at the center and effectively mitigates their risks, otherwise, while there may be “no wrong door,” there certainly will be several an individual needs to walk through before receiving services. 

What is CIE? Developing Community Information Exchange in California and Beyond 

Community Information Exchange (CIE)i networks develop shared governance and technology to support cross-sector collaboration addressing social determinants of health. They bring together diverse partners from health and behavioral health care, social services, education, the legal system, tribal entities, and other organizations to build relationships, goals, and agreements. By delivering core infrastructure and methods for active planning and collaboration across organizations and programs, CIEs serve as critical hubs in communities integrating systems of care to improve services and outcomes, especially for their most vulnerable residents. 

Many related initiatives have advanced integration within systems of care. For example, Health Information Exchange (HIE) efforts aggregate medical data in one record that clinicians across health systems can access, while housing Continuums of Care have come together to build coordinated entry services and shared documentation in homeless management information systems. CIEs, in contrast, knit together these partners through tools and data that span sectors to provide more holistic and actionable views of community needs and the complexity of individuals. My colleague Mark Elson provides more information on the distinctions between HIE and CIE in a companion post. 

There are many types of processes that CIE networks try to improve through shared goals, agreements, and technology. These often include:  

    • Assessments of individuals’ needs 
    • Eligibility and enrollment in appropriate programs and services  
    • Building an individual care record and a holistic care plan 
    • Facilitating referrals for services across organizations and sectors linked to a community resource directory 
    • Communications and workflows among distributed care teams 
    • Individual consent for data sharing and participation in organizing one’s care 
    • Reporting and analytics to illuminate inequities and upstream causes of health and social issues, and to identify gaps in service supply  

Policy Drivers 

Many programs and funding streams across the country are driving cross-sector collaboration. These include Accountable Communities for Health, Medicaid transformation projects, issue-focused funding (such as Adverse Childhood Experiences (ACEs) Aware), and state legislation that all push for collaboration between health care providers and community-based organizations. Each has a slightly different focus, but all are pushing communities to build connections across sectors to improve services, experiences, and outcomes for vulnerable populations. Below we describe a few programs that have allowed innovative communities and CIE pioneers to start building capacity, infrastructure, and sustainable collaborative practices.  

Federal programs: Center for Medicaid Services (CMS) 

Starting in 2015 to advance the triple aim, CMS began funding some states to implement Accountable Communities for HealthThese began as regional public private partnerships that are designed to be conveners, coordinating bodies, and investment hubs to better connect health care delivery systems to community service providers. In 2016, CMS funded additional five-year Accountable Health Community pilots in 28 communities, which focused on connecting eligible residents with community services to address five core health related social needs: housing, food security, utility assistance, transportation problems, and interpersonal violence. Services focus on screening, referral, and navigation, with most screening occurring in hospital settings. The first evaluation report indicated that most communities built upon existing infrastructure and relationships, but that AHC funding allowed for the formalization of processes for screening and referrals, and expanding capacity for navigation services.  California funded 8 regional ACH communities through these State Innovation Model funds. In the years since then, many other California Medicaid innovation projects have continued to drive cross-sector collaboration. 

 In 2016, California matched CMS funding with state general funds and local sources to test new cross-sector collaboration approaches with DHCS’s Whole Person Care pilots. This program funded 25, 5-year pilot programs to develop new wrap-around case management services to better serve clients with complex needs. These funds allowed lead entities,  

to receive support to integrate care for a particularly vulnerable group of Medi-Cal beneficiaries who have been identified as high users of multiple systems and continue to have poor health outcomes. Through collaborative leadership and systematic coordination among public and private entities, WPC Pilot entities will identify target populations, share data between systems, coordinate care real time, and evaluate individual and population progress – all with the goal of providing comprehensive coordinated care for the beneficiary resulting in better health outcomes. 

This program funding continued regional pressure in California to knit together health, behavioral health, and social service systems of care with improved agreements and collaboration processes or tools. Rather than just focusing on referrals from hospitals, many WPC pilots required the development of a shared care plan across organizations providing care within 30 days of enrollment. This pushed many counties towards identifying cross-sector care teams, developing more sophisticated data sharing frameworks, and implementing secure collaboration tools. Some counties built upon assessment and referral infrastructure. Others focused on implementing tools that would allow for more in-depth data sharing for long-term case management and collaboration. 

State Initiatives: 

Two other initiatives continued to push collaboration for specific populations. In 2018 the State passed Senate Bill 1152 (Health and Safety Code § 1262.5) which requires hospitals to have a written plan for coordinating services for patients experiencing homelessness. This bill increased pressures on hospital systems to have an efficient way to refer patients to community-based services and has led many regional efforts to implement directory and referral networks. In 2020 California also announced funding for the Adverse Childhood Experiences (ACEs) Aware initiative. This program provides grant funding to communities across California to build networks and strategies to address Adverse Childhood Experiences and toxic stress. Grants support provider engagement and training, but also building a network for care planning and care implementation, creating new opportunities and new challenges for existing networks and service providers. 

The outcome of many of CMS’s pilot projects is the creation of a new a Medicaid benefit for vulnerable California residents. This year, Whole Person Care pilots are transitioning many services into Medicaid benefits offered by Managed Care Organizations (MCOs) under California Advancing and Innovating Medi-Cal (CalAIM). The program is focusing on building capacity to implement population health management strategies, and offering integrated services to key populations of interest, starting with Medi-Cal members with complex medical needs (Enhanced Care Management) or who are experiencing homelessness or require other community services to support health like medically tailored meals (Community Supports). Future waves of implementation will include better access to behavioral health services and re-entry services for justice involved adults and youth. While important for long-term sustainability of critical case management and community services, transition of the program to MCOs is challenging the systems set up under WPC pilots. 

CIEs as Multi-Purpose Infrastructure 

What all of these examples illustrate is that there are often short-term initiatives that drive innovation; however, each of these efforts has its specific program requirements and target populations. Building a CIE requires stepping back from each individual program’s specific needs, to consider the broader long-term goals of a community. CIE development must start with those broader goals to build a system that centers the experience and rights of community residents, that does not over-burden community-based service providers, and does not continue to build and re-build with every program transition. Braiding together program funding can bring new providers into the network of stakeholders, or could allow the network to serve new groups of residents, but the goals should be to build a resilient, multi-purpose system of care and collaboration that will outlast any one programmatic funding stream. This requires the lead local entities on specific programs to work through a broader community framework, an approach that at times generates resistance from program managers whose jobs require them to deliver on their specific program needs, often on short timelines from state or federal funders.   

One CIE pioneer, the 211/CIE San Diego, has harnessed programmatic funding opportunities over the past two decades to establish and expand their network of service providers, build a community governance framework, and implement multi-purpose technology solutions. CIE San Diego defines CIE as  

a community-led ecosystem comprised of multidisciplinary network partners using a shared language, a resource database, and integrated technology platforms to deliver enhanced community care planning. A CIE enables communities to have multi-level impacts by shifting away from a reactive approach towards proactive, holistic, person-centered care. At its core, CIE centers the community to support anti-racism and health equity.”  

In a presentation at the California Primary Care Association meeting in 2019 entitled, “Community Information Exchanges (CIE): Changing the Landscape – Coordinating Social Determinants of Health,” they present a timeline that shows how they have harnessed opportunities to grow, test, and iterate their service offerings over time (Slide 9). These have included initiatives like the ONC’s Beacon Community grants that supported HIE expansion after the passage of the HITECH act, partnership and funding from Managed Care Health Plan partners for health navigation services, and California Whole Person Care funding that helped expand structured approaches to assessment, risk ratings, and developing a longitudinal care record in a shared technology platform. They expand upon some of the influences shaping CIE in the opening sections of their CIE Toolkit, which they offer to other communities engaged in this work. 

211/CIE San Diego has produced and shared many practical resources designed to help communities build beyond individual program requirements. 211/CIE San Diego’s CIE toolkit and the Data Equity Framework (Collaboratively developed with Dr. Rhea Boyd and Health Leads) provide tools that center community vision, goals, and control of information and data. They offer both written materials and a series of sessions from the 2021 CIE Summit called “Leading with Community to Drive Systems Change.” In addition to sharing lessons learned on broad CIE implementation they offer many materials to help CIE communities put equity theory into practice through their series on Leveraging CIEs for Equitable and Inclusive Data. This includes the data equity framework, a vision for the future, and examples of CIE work in communities around the country. In 2022, they are focusing their convening efforts on a conference called Aligning California, Maximizing Opportunities to Advance Local Community-Led Networks. The need for this type of convening stems from both the opportunities and challenges communities feel as CalAIM and other pressures push regional networks to adapt to new programmatic demands. 


CIEs are ideally positioned to power cross-sector collaboration and data sharing to address community needs across programs. Many communities developing CIE services are sharing learnings and tools to build policy and technology frameworks that center on clients, support front-line service providers, build local control of data, and unify systems of care. We will explore how large-scale initiatives such as CalAIM can support broad systems planning and collaboration rather than building new program silos, and how some communities are doing this work, in future posts. 

i CIE® is a registered trademark of 211 San Diego. For more information about the trademark, see the following webpages on the legal status and brand guidelines for the term.  

Understanding HIE and CIE Alignment

Propelled by local and government demand for services coordination across health, behavioral health, housing, and other social services, the concept of Community Information Exchange (CIE)i is gaining momentum in communities across the country. As explained by my colleague Keira Armstrong here, CIE enables collaboration and data sharing to address social determinants of health through whole person care approaches. 

In this post, I contrast Community Information Exchange (CIE) with Health Information Exchange (HIE) to cast into relief important differences, highlight core similarities, and explore the alignment of HIE and CIE services. A primary goal here is to assist health care colleagues who are familiar with HIE to grasp more concretely the opportunities and challenges of CIE and what they mean for our field. I conclude with considerations for HIOs that wish to expand to offer CIE services and, on the other side of the coin, offer recommendations for CIEs that seek to leverage the value of health information exchange in their communities. 

What’s in a Name? 

It has become standard practice to refer to the act of health information exchange (“the verb”) as HIE (or “data exchange”), while referring to organizations that facilitate and manage HIE as Health Information Organizations (HIOs). In contrast, the term Community Information Exchange (CIE) designates both the act of engaging in CIE and the organizations dedicated to facilitating this activity (CIEs). I will focus here on HIOs and the services they provide rather than on broader national EHR-based networks for data exchange given that CIEs have much more in common with HIOs than with the national networks. 

The name “Community Information Exchange” bears a clear resemblance to “Health Information Exchange,” and “CIE” likely was coined in reference to “HIE.” Whether intentional or not, the name “CIE” gives the impression of describing the same phenomena as HIE, but with a twist: a focus on the community level of exchange and the inclusion of non-clinical data from social and human services. However, as we will see, CIE generally does not simply take the form of HIE and sprinkle in some additional data elements; while they do share important characteristics, there are fundamental differences in orientation, services, and aims. In short, while HIOs facilitate data exchange among health care providers and health plans for a complete historical clinical record, aspects of which can be delivered into clinical workflows, CIEs serve as user-facing collaboration hubs for coordination of services across sectors.   

Many programs, for instance Medicaid delivery system integration efforts such as the 1115 Waivers in California (CalAIM) and New York (DSRIP 2.0), require significant CIE services but do not use the term “CIE” to denote them – reflecting the fact that we are dealing with emerging phenomena without fully settled naming conventions. As this and our companion piece describe, we take a broad view of CIE as the best single lens – to date – through which to understand a range of related activities and infrastructure. 

Similarities and Differences 

The table below compares HIOs and their HIE services with CIEs and their CIE services; this mapping represents core prototypes of each category and may not apply in marginal cases.  

HIOs/HIE  CIEs/CIE  Key Similarities and Differences 
Mission  Facilitate clinical data exchange among health care providers to improve health care services and outcomes  Enable cross-sector collaboration addressing social determinants of health through shared governance and technology  

Similarity: Foster coordinated care across organizations serving shared populations 

Difference: While HIOs emphasize exchange of historical clinical data, CIEs focus on enabling collaboration across sectors 

Multi-Purpose Infrastructure  With robust clinical data density, HIOs support a multiplicity of health care use cases, programs, and needs With robust governance and technology for collaboration across sectors, CIEs support a multiplicity of use cases, programs, and needs  

Similarity: Both HIOs and CIEs provide multi-purpose infrastructure that breaks down organizational and program siloes in defined communities or regions 

Difference: HIOs support health care-focused use cases and programs, while CIEs support cross-sector-focused use cases and programs 

Service Area  Regional or state  Generally more focused in a local region or community 

Similarity: Value increases with local data and user density 

Difference: CIEs tend to focus on similar or smaller regions than HIOs

Participants  Health care providers, plans, and government partners  Same as HIOs plus social and human services, CBOs, and  community resource directories (such as 211s) 

Similarity: Multiplicity of organizational participants 

Difference: Whiles HIOs focus on clinical organizations, CIEs have a much broader footprint 

Governance and Leadership  Typically regional or state-level non-profits or private-public partnerships  Typically local/regional non-profits or public-private partnerships  

Similarity: Both benefit from stakeholder governance via a non-profit structure 

Difference: HIO governance is now well established, whereas CIE governance bodies bring together partners across sectors on boards and committees, requiring more time to align goals, agreements, expectations, and capabilities 


Move clinical data between participants’ IT systems; build a centralized data repository to create a longitudinal patient record; clinical alerts pushed into participant EHRs; analytics and population health management, among other services. 

Typically read-only access to historical information, with some data pushed into participants’ systems for their usage and manipulation in workflow 


Assessments/screenings; eligibility/enrollment; shared care planning and curated care record; closed-loop referrals, especially between sectors (such as health care to social services); other workflows for distributed care teams; consent management 

Typically read- and write-access to data in user-facing collaboration tools  

Note that CIE, from our perspective, is much more than a referrals network as it is sometimes defined; it is also much more than the addition of SDOH data fields to an HIE record 

Similarity: Aggregation of data from multiple sources with user views into relevant, actionable data 

Difference: HIOs facilitate clinical data exchange between disparate systems and provide access to longitudinal individual records and population analytics; CIEs provide a platform for care coordination across disparate organizations, which may include user access to individual care plans or records and population analytics 

Data  Primarily clinical data to date (patient demographics, procedures, diagnoses, problem lists, lab results, medications, claims, etc.), with feeds from all participating organizations; HIOs may serve as a “source of truth” with a comprehensive patient clinical record  Mix of clinical, SDOH, and social services data generated by usage of a shared CIE platform, often enhanced by data feeds from external sources with actionable information; platform may be accessible within EHRs or other systems via Application Program Interfaces (APIs) or Single Sign On (SSO) 

Similarity: Data integration across organizations 

Difference: Data integration and exchange is an HIO’s core function, whereas CIEs focus on actionable data that directly supports effective workflows in their network 

Data Governance Well-established mechanisms for data governance anchored in participation agreements, P&Ps, security controls, and adherence to laws and regulations; state law creates some variability and uncertainty, with data falling outside “the HIPAA tent” often simply not included in HIO data sets (e.g. substance use data governed by 42.CFR.2, and mental health information in some circumstances); individual consent is gathered and managed in a minority of regions (e.g. in NY)  Emerging mechanisms for data governance similarly anchored in data sharing agreements (DSAs), P&Ps, security controls, and adherence to a broader set of laws and regulations; gathering and managing individual consent, often in the form of a broad multi-use consent which covers multiple data types, programs, and uses, is a baseline requirement for most CIEs 

Similarity: Overall alignment in basic data governance frameworks, largely driven by clinical data protection needs 

Difference: The majority of HIOs do not gather individual consent for data sharing, defaulting to clinical organization NPPs and staying in the HIPAA tent, preventing themselves from being able to offer CIE services; CIEs, in contrast, have built advanced consent gathering and management practices into their core operations, enabling them to address a much broader spectrum of use cases and data to support whole person needs 

Funding  HIO revenue is primarily generated through participant subscription fees, with government grants and other funding a secondary source  CIE revenue is generated through subscription fees paid by health care participants (CBOs often don’t pay), with government grants and other funding an equally important source

Similarity: Combination of subscription fees and government funding 

Difference: While core HIE services have established revenue streams, significant new funding is supporting CIE 

Integrated or Complementary Services? 

Five or so years ago, one might have realistically imagined that HIOs would add CIE services – such as technology for community-level care coordination and closed-loop referrals between health and social services – to their offerings. Medicaid agencies in states like California and New York were pouring billions of dollars into the alignment of the Medicaid delivery system with social and human services to address social determinants of health and complex care needs, and data infrastructure was at a premium for this transition. Nevertheless, HIOs largely stayed in their clinical lane, while a new set of coalitions (CIEs, Whole Person Care Pilots, referrals networks, etc.) and vendors (closed-loop referrals, care coordination) emerged to meet the demand. This conservative approach by HIOs has been driven by the structural differences between their historical business model and the emerging CIE model documented in the table above and further elaborated here: from differences in participants and leadership, to data governance and consent, to distinct services. 

    • Participants and Leadership. HIOs are led by Boards of health care representatives from among their participating organizations, with little if any representation from social or human services; they naturally focus on clinical data exchange and workflows; to the extent that HIEs participate in cross-sector engagement, they typically do so from a health care perspective; 
    • Data Governance and Consent. Getting to “yes” for HIE has not been an easy road for most health care organizations, given legitimate concerns about data privacy and security and the use of data for competitive ends. While that set of debates has largely been settled in favor of data exchange, sharing clinical data with social and human services providers has introduced a new set of challenges. In California, state statutes and regulations specific to Medi-Cal’s Whole Person Care and CalAIM programs established a “safe zone” for cross-sector data sharing relative to state law. Even so, nearly all of these state-funded local efforts have also implemented comprehensive individual consent for data sharing that covers a broad, multi-purpose set of use cases including both HIE and CIE services. In contrast, most HIOs outside of states such as New York, which implemented an “opt-in” consent framework, do not obtain individual consent due to the perceived administrative burden. As a result, these HIOs, which include all HIOs in California, have essentially disqualified themselves from being able to offer CIE services at scale. This situation is unlikely to change unless there is action at the state level to both mandate and manage individual consents for cross-sector data sharing and collaboration.
    • Service model. HIOs are in the business of data collection, aggregation, and access. A baseline form of access is a read-only HIE portal with longitudinal, historical patient records. HIOs also deliver some patient data directly into their participants’ IT systems so that actionable information can be incorporated into providers’ workflows. In contrast, CIEs offer high-touch tools accessible through a user interface for care coordination with write-to and not just read-only functionality, and it is important for users to operate in the CIE platform itself. They do not attempt to provide comprehensive longitudinal records. To address workflow issues for providers who prefer to stay in their EHR, APIs can enable users to access the CIE platform from within their EHR, although such capability has not been broadly implemented. In any case, the provision of a user interface for real-time collaboration is a departure from the HIE service model of providing access to and delivering historical patient data. 

Due to these factors, we have not seen a single HIO in the country offer CIE services at scale – to all of its members and covering all of the population it serves through HIE. Instead, complementary rather than integrated services have emerged at the intersection of HIE and CIE where such innovative connections have been proactively pursued. In many cases, HIOs have acted as data-sharing partners to CIE efforts and their core vendors, pushing actionable clinical information to the CIE. This takes advantage of HIOs’ core service as clinical data suppliers, albeit to a new type of partner. A small number of HIOs in California have gone so far as to contract with care coordination platforms on behalf of County-led Whole Person Care pilots (we supported such developments in Humboldt, San Joaquin, and Santa Cruz Counties). These HIOs implemented focused data sharing between systems such as the delivery of hospital event notifications into the care coordination platform. Some other HIOs outside of California have begun to contract with closed-loop referrals vendors (including state HIE networks in Michigan, Arizona, and Colorado), but it remains to be seen how they will integrate such services with their core HIE offerings. In all of these cases, CIE services have been developed through parallel technical and governance infrastructure to HIE, rather than being integrated into the HIO’s governance and technical infrastructure for HIE. Alameda County’s Whole Person Care Pilot has perhaps gone the furthest, building a new Social Health Information Exchange from the ground up with its vendor partner UpHealth that offers many HIE and CIE type functions; the County is now in the process of exploring full HIO status within California’s structure for data exchange. 


HIOs and CIEs share a number of important structural features, such as data exchange across organizations to improve services and outcomes, multi-purpose infrastructure, multi-stakeholder governance, and a value proposition driven by the density of participation among organizations serving a shared population. However, they have distinct service models, different participant and Board profiles, and the majority of HIOs that do not obtain patient consent have an additional barrier to merging CIE services with HIE. Given this confluence of factors, CIEs will likely continue to emerge as distinct coalitions and networks in many regions, while some innovative HIOs will contract with CIE vendors to offer specific CIE services for a subset of their members and population, positioning them to explore deeper integration over time. Across the board, given policy and market demand, HIE and CIE services will become increasingly complementary regardless of their organizational homes – while retaining their unique identities and functions.  

Considerations for HIOs that want to expand into CIE. HIOs are well positioned to play a key role in supporting CIE. Below is a list of some ways that HIEs may do so.  

    • If CIE exists in an HIO’s service area, the HIO may offer to serve as a supplier of relevant clinical data to the CIE. This provides a “single pipe” of clinical data to the CIE, saving the CIE tremendous time and effort in establishing inbound clinical data feeds. Data governance of clinical data shared with the CIE would become the responsibility of the CIE to manage, and this should be spelled out in the data sharing agreement between the two organizations.
    • An HIO’s Master Patient Index (MPI) is one of its most valuable assets, and this asset could be used to support identity management within CIE technology tools, which may not have either the same level of patient-matching sophistication or data for identity management.
    • Some communities with multiple vendor networks for social referrals have sought a technology solution to sit in the middle of these networks to direct referrals traffic between them. An HIO could either seek to develop this capability in-house or contract with a third-party vendor to operate such a function locally, potentially leveraging other HIO assets such as the MPI in the process.  This aligns with HIOs’ commitment to interoperability.
    • An HIO may be well positioned to mediate data exchange between different types of CIE tools as well (e.g. a care coordination system and a referrals system), or mediate a CIE’s ingestion of data from other relevant non-clinical data sources (e.g. Housing Management Information Systems, jail scheduling systems).
    • An HIO may be well positioned to receive specified data feeds from a CIE system to then aggregate social and clinical data and enable population analytics.
    • As seen in several examples above, an HIO may manage a procurement process and hold contracts with CIE vendors on behalf of the community.
    • In addition to holding contracts with CIE vendors, an HIO with a strong governance structure that can accommodate new members and voices from social and human services would be well positioned to consider serving as the CIE backbone organization in its community.
    • Conducting an assessment of the HIO’s governance, technology, and business models to evaluate the HIO’s readiness to embrace CIE could help HIO leadership consider how complementary HIE and CIE services could offer stakeholders cost-effective multi-program infrastructure. Understanding state and federal requirements related to consent, and a potential reconsideration of the HIO’s consent model to enable CIE use cases, may yield important insights on both opportunities and challenges ahead.  

Considerations for CIEs that want to leverage HIE. In the other direction, CIEs can leverage HIOs in the following types of ways (many of these correspond to an item in the list above, but from the CIE perspective). 

    • If a CIE effort is early-stage and has not identified a backbone organization, consider the local HIO as part of the selection process for this role. HIOs have years of accumulated experience with multi-stakeholder governance of critical data assets, and may be in an ideal position to expand their scope and leadership structure to serve as the CIE backbone organization.
    • Explore engaging an HIO as a supplier of relevant clinical data to the CIE. This provides a “single pipe” of clinical data to the CIE, saving the CIE tremendous time and effort in establishing inbound clinical data. Data governance issues, such as appropriate user access controls, are the responsibility of the CIE, and should be spelled out in the data sharing agreement between the two organizations.
    • An HIO’s Master Patient Index (MPI) is one of its most valuable assets, and this asset could be used to support identity management within CIE technology tools, which may not have either the same level of patient-matching sophistication or data for identity management. 
    • Some communities with multiple vendor networks for social referrals have sought a technology solution to sit in the middle of these networks to direct referrals traffic between them. If this is an issue in your environment, consider partnering with an HIO that could either seek to develop this capability in-house or could contract with a third-party vendor to operate such a function locally, potentially leveraging other HIO assets such as the MPI in the process. This builds on the HIO commitment to interoperability.
    • If contracting with multiple types of CIE vendors, consider leveraging an HIO to mediate data exchange between them (e.g. a care coordination system and a referrals system);
    • Look to the HIO to mediate your CIE’s ingestion of data from other relevant non-clinical data sources (e.g. Housing Management Information Systems, jail scheduling systems), if the HIO is able to accommodate such data.
    • An HIO may be well positioned to receive specific data feeds from your CIE system(s) to then aggregate social and clinical data and enable population analytics, resulting in cost-sharing for such functionality between the HIO and CIE.
    • Consider partnering with an HIO to serve as the contract-holder with all CIE vendors to centralize vendor management; if the CIE backbone organization is separate from the HIO, it would execute an all-in-one agreement with the HIO for these services;  
    • Conduct an assessment of the CIE’s governance, technology, and business models to evaluate readiness to engage with an HIO, ingest clinical data from the HIO, and effectively align services. If the HIO collects patient consent, evaluate whether the consent form and process can be expanded to support cross-sector collaboration and data-sharing. Consider how HIO and CIE alignment offers stakeholders cost-effective multi-program infrastructure. 

New Consulting Groups at Intrepid Ascent

I am pleased to announce that Intrepid Ascent has reorganized our consulting teams into three groups: Technology Strategy, Policy Innovation, and Community Change. Our services will continue to be delivered by interdisciplinary teams, with resources drawn from each of these areas, but with one group at the forefront depending upon the challenge at hand.  

Defining our areas of focus in this manner provides three perspectives on the interconnected issues our clients face today as they integrate services across sectors to address social determinants of health and advance health equity. This definition also reflects the evolution of our focus over the past five years from health information exchange to broader community collaboration and the data infrastructure required to support it. Together, our groups provide clients with a commitment to understanding their technology needs and opportunities, navigating complex policy landscapes, and putting people at the center of change.  

Please read more about each of our groups here. Our group leads and I would love to hear from you with any ideas for how we might support you in driving positive impact. 


Who should be the HEROs of New York State’s Proposed 1115 Waiver?

As the Centers for Medicare and Medicaid Services (CMS) continues to focus on alternative payment models for payment reform and the transition to value, states have responded with innovative proposals to reform the delivery and payment of Medicaid services, with increasing focus on the integration of social determinants of health (SDOH) data and systems of care. New York state specifically has historically demonstrated creative approaches to Medicaid reform with their 1115 Waiver Delivery System Reform Incentive Payment (DSRIP) program, which sunset in December 2020. While the previous 1115 Waiver in New York[1] focused on reducing preventable hospitalizations with a tertiary nod toward improving coordination of traditional healthcare and SDOH focused services, the newly proposed 1115 waiver is intended to serve as a more dedicated statewide effort in the shift towards value-based payment with robust approaches to integrating SDOH services data and the community-based organizations (CBOs) that provide those services with traditional care delivery systems of care. The program is anticipated to start in January 2023 with community planning work kicking off this fall.

One of the main pillars of this proposed waiver will be Health Equity Regional Organizations (HEROs) which will act as regional coalitions of managed care organizations, health systems, community-based providers, long-term support and services, and regional health information organizations, among others. In contrast to the Performing Provider Systems (PPSs) under the previous 1115 initiative in New York State, HEROs will not distribute payments directly to participating providers but will receive funds in the form of planning grants focused on developing the necessary infrastructure and governance structures to ingest and share health and social data from government and proprietary sources for the purposes of regional planning. This new initiative also incorporates the development of Social Determinants of Health Networks (SDHN) which will be another type of regional entity overlapping with HEROs that will serve as a coalition of CBOs for the purposes of contracting for services to be rendered under the waiver. This post will focus on HEROs and how organizations can begin thinking about planning efforts ahead of waiver approval and we intend to cover SDHNs in detail in a future blog post.

Under the proposed 1115 waiver, there will be nine regions with one HERO per region, as defined by the Managed Care Regions used by the New York State Department of Health (NYSDOH) for Medicaid rate setting (see figure 1). Broadly, HEROs can be new or existing entities which could include local departments of health or social services, behavioral health IPAs and other structures formed by regional participants such as PPSs. During the first public comment period for the waiver concept paper, many organizations specifically requested for multiple HEROs to be allowed per-region or that one or more of the nine initially proposed regions be split. In response to this, NYSDOH stated that at least two regions, likely to include New York City, may be divided into multiple sub-regions.

While some PPSs may be well positioned to become HEROs with minor modification to meet the governance requirements, many PPSs have discontinued operations following the end of DSRIP which presents an opportunity for new collaborations to surface. Local health departments are another example of existing entities that could be well-appointed to serve as the regional HERO, being able to leverage existing infrastructure for data sharing as well as established relationships with other government entities like housing authorities – but historically these entities have been slow in New York to participate in initiatives like DSRIP and Health Homes, especially compared to States like California where Whole Person Care specifically focused on building infrastructure at this level. Given the current landscape in New York, it is likely that new organizations will by-and-large need to step up to play the HERO role in most regions.

Figure 1: New York State Department of Managed Health Care Regions

The primary function of HERO entities will be to receive and ingest data from national, State, local and proprietary data sources to enhance regional population health management enable value-based payment contracting arrangements for social and medical services. It will be up to the discretion of the HERO entity to implement a range of VBP models or other targeted interventions suitable for the needs of the region. HEROs will be responsible for developing an annual Regional Plan that will outline how the region will establish goals and milestones to accomplish the work. Regional Plans can also include initiatives to promote data collection and data sharing functionality for coordinated care management for population health improvement.

While the proposed waiver awaits a second round for public comment, it is in the best interest of the defined regions to begin strategic planning efforts for stakeholders who want to have a leadership role in the proposed 1115 waiver initiative. Regions can hold public forums to educate community partners about the proposed waiver and discuss options for defining a backbone entity, and active PPSs should determine the feasibility of applying to be a HERO organization for their region. At the very least, key stakeholders should begin to discuss the critical needs and gaps in the region in preparation for Regional Plan development. Given the significant gaps related to both IT solution design and overall data governance that impeded the ability of PPSs to comprehensively address their key goals during the first 3 years of DSRIP, it is very likely that NYSDOH will expect HERO and SDHN applications to contain clear strategies for their overall IT approaches that are linked to thoughtful approaches to the data governance challenges of linking data and services across the traditional healthcare and non-HIPAA-covered SDOH service delivery system(s) in their region. In addition, planning efforts will likely need to rely on access to benchmarking data, including data that may not be well structured as it contains SDOH or other non-healthcare data elements. Potential HEROs / regional planning efforts should consider working with the following organizations to determine what kind of benchmarking data they may be able to provide:

    • RHIOs;
    • County Public Health Agencies;
    • Continuums of Care;
    • Health Homes; and
    • PPSs or successor organizations to PPSs which may have retained DSRIP data.

    Intrepid Ascent has extensive experiencing in facilitating large multi-disciplinary stakeholder planning efforts at local, regional and state levels for the purposes of understanding key technology requirements as well as governance considerations related to data sharing and data privacy. Conducting technology needs assessments early on will have a great impact on planning efforts and can inform the infrastructure needs to be included in HERO applications for planning grants. Intrepid Ascent can also support organizations in technology selection activities for regions that lack the infrastructure needed to be successful under the proposed 1115 waiver.


    [1] Final NY DSRIP Evaluation Report 12/2021: