Kansas health information technology exchange act

Home For Providers FAQs

Frequently Asked Questions for Health Care Providers

About Electronic Health Records and Health Information Exchange

KHITE, KHIE, KHIN, LACIE, HIE, HIO…..so many “K’s”, “H’s”, and “I’s”….it’s all very confusing. What does all this mean and how does it all fit together?

Overview
The key term here is “HIE”. The acronym stands for “Health Information Exchange”, which is a system that allows for the secured exchange of electronic patient health records.

HIE’s are formed and are operated by “HIOs”, or Health Information Organizations. Two such HIOs are approved to operate in Kansas. These HIOs are the Kansas Health Information Network (KHIN), and the Lewis and Clark Information Exchange (LACIE).

The HIOs are required to make formal application for certification by a regulator. The regulator is an organization named “KHIE”, an acronym that stands for the “Kansas Health Information Exchange”. To some extent, the name is a misnomer, because KHIE doesn’t provide any exchange services…it simply approves and monitors the organizations that do provide exchange services….in this case KHIN and LACIE.

The laws in Kansas that make this possible are called “KHITE”, an acronym for the Kansas Health Information Technology Exchange Act. KHITE was passed by the Kansas legislature in 2011, and authorizes KHIE to create certification criteria for health information exchanges. It also requires KHIE to promulgate and publish policies related to the electronic exchange of health information in Kansas, and, again, to monitor the operations of the organizations that provide health information exchange services in Kansas.

What else does KHITE do ?
KHITE provides a measure of immunity for all providers who participate with an approved health information exchange in Kansas, provided that the provider follows the privacy and security guidelines as defined by the federal Health Insurance Portability and Accountability Act (HIPAA). The immunity shields providers from state civil and criminal action and adverse action from regulatory agencies and boards….again if they follow HIPAA privacy and security guidelines.