How a patient's information moves across the Health Information Environment
Above is an illustration of how linking, identification and transfer of a patient's records might happen. A patient, Priscilla Williams, moves and wants her new primary care physician at Clinic B, to have the results of her most recent pap smear, currently held at Clinic A. If her new physician can't get the results, she will have to take the test again, resulting in additional expense, difficulty, and delay.
Clinic A, a participant in the system, has provided the Record Locator Service with an authorized, updated list of patients it holds records on. This is a background process, where Clinic A communicates directly with the Record Locator Service at regular intervals, rather than part of the individual search transaction.
Once the staff of Clinic B has taken Priscilla's identifying details (Transaction #1 above), they will authenticate themselves to the Record Locator Service (RLS) or to a local institution to allow for auditing. After they are authenticated, they will make a request for the location of any of Priscilla's other authorized records.
The request from Clinic B to the RLS will travel over secure transport such as a Secure Socket Layers (SSL). On receiving it, the RLS will compare Pricilla's information with their database. There are three possible outcomes here — the Record Locator Service finds records with such a high probability match that they can be identified as Priscilla's; it finds no records that match; or it finds records that might match, and asks Clinic B for more identifying information. (This third option would require staff allocated to handling such requests; some system designs may simply treat such ambiguous pairs as non-matches, to minimize human input, even at the expense of additional false negatives.)
Assuming there is a match, the RLS will return authorized pointers to other institutions such as Clinic A that hold her records (transaction #2 above). Clinic B will then make a request for Priscilla's records directly to Clinic A, also via a secure internet connection, again providing authorization credentials to show that it is allowed to do so (transaction #3).
Some of the resulting authorized records may be returned from A to B directly over the Internet, using standardized interfaces for secure transport. The content of the messages may also be represented in a standardized format, for direct and automatic import into the new clinic's database, while other records may be sent by secure email, or even simple fax. Once B has the results of her earlier pap smear (as well as any other records held by clinic A), the staff of Clinic B can then add them to Priscilla's file.
