Ending the HIV Epidemic Resources
Strategies for Capturing Outside HIV Test Results for Your Health Center

Strategies for Capturing Outside HIV Test Results for Your Health Center

Providers working with patients coming to or from health centers may need important health information, such as HIV test results, to help care teams provide the best care possible to the patient. What strategies exist to help health centers give and receive data so that providers can render seamless care without interruption? We’re glad you asked. Data sharing agreements, tools, and standard operating procedures (SOP) are a few strategies that health centers can use to ensure a patient’s electronic health record (EHR) is as detailed and up-to-date as possible. 

Establish A Data Sharing Agreement With Other Health Care Providers
Establishing data sharing agreements (DSAs) is an easy way to obtain HIV testing data from other health care providers. What to share, when to share, and how much to share with other health centers can be challenging. Several templates exist for data sharing agreements. The HIPAA Business Associate Agreement is a great example. This agreement lays out the what, who, where, and why of data-sharing between two entities. Consider working with your legal department to develop a standardized data sharing agreement for your health center. The Centers for Disease Control and Prevention (CDC) National Center for HIV/AIDS, Viral Hepatitis, STD, and TB Prevention offer the following data sharing principles to help inform data sharing agreements:

  • Limit sharing of confidential or identifiable information to those with a justifiable public health need; ensure that any data-sharing restrictions do not compromise or impede public health program or disease surveillance activities and that the ORP (Overall Responsible Party) or other appropriate official has approved this access.  
  • Assess the risks and benefits of sharing identifiable data for other than their originally stated purpose or for purposes not covered by existing policies. 
  • Ensure that any public health program with which personally identifiable public health data are shared has data security standards equivalent to those in this document. 
  • Ensure that public health information is released only for purposes related to public health, except where required by law. 
  • Establish procedures, including assessment of risks and benefits, for determining whether to grant requests for aggregate data not covered by existing data-release policies. 
  • Disseminate non-identifiable summary data to stakeholders as soon as possible after data are collected.
  • Assess data quality before disseminating data
  • Ensure that data-release policies define purposes for which the data can be used and provisions to prevent public access to raw data or data tables that could contain indirectly identifying information.

Data Sharing Tools
Health centers can use many data-sharing tools to give and receive data related to HIV testing. Health centers may choose to use tools such as your state or area’s Health Information Exchange (HIE) or DirectTrust. We will talk more about these tools in just a bit. Health centers may also decide to go “old school” and fax record requests between each other before exchanging patient information. Lastly, there may be features already built into your EHR or network that can support data exchange between health centers, such as connection through CommonWell and Carequality or CareEverywhere, which allows Epic users to access results from other Epic users. New rules against information blocking rules prohibit health care providers from blocking information from being shared without specific exceptions, which should continue to expand pathways for efficient data sharing. Be sure to review your data sharing approaches to ensure that they comply with HIPAA and applicable state and local laws related to information security, data sharing, and data privacy. 

Health Information Exchange

A Health Information Exchange is a technological approach that allows health care professionals and patients to securely access and share patient medical information over the internet. The cloud-based service provides ease of sharing no matter where patients are receiving care—specialists’ offices, labs, or emergency rooms. An HIE facilitates safer, more effective care tailored to patients’ unique medical needs. Participation in an HIE can help avoid patient readmissions, reduce medication errors, improve diagnoses and decrease duplicate testing. An HIE is capable of interfacing with EHRs to optimize data sharing. There are currently three key forms of health information exchange:

  • Directed Exchange – ability to send and receive secure information electronically between care providers to support coordinated care
  • Query-based Exchange – ability for providers to find and/or request information on a patient from other providers, often used for unplanned care
  • Consumer Mediated Exchange – ability for patients to aggregate and control the use of their health information among providers

You may be wondering how to access the Health Information Exchange? A quick visit to HealthIT.gov’s webpage can provide you with guidance on getting started with an HIE.


Established in 2012, DirectTrust provides organizations with the ability to exchange information via direct messaging for organizations who may not utilize an HIE due to limited funding or resources. With DirectTrust, organizations can set up reciprocal DSAs. As part of an agreement, organizations may choose to send patient information in batches on a daily, weekly, or monthly basis using DirectTrust via a secure email or through their EHR. To exchange messages via Direct, health centers need to partner with a HISP (health information service provider). A Health Information Service Provider, or HISP, is an accredited network service operator that enables nationwide clinical data exchange using Direct Secure Messaging. Health centers interested in DirectTrust must obtain membership and pay an annual fee. Membership is open to any individual or organization with interest in secure and trusted exchange of sensitive information. Members include systems integrators and exchanges, like health information service providers (HISPs) and HIEs, healthcare providers like hospital systems and clinics, insurance payers, governmental agencies, individuals and consumers, and other organizations with interest in data sharing.

Manual Records Requests
Traditional, single record manual release forms are still in use today. Health centers may have standard forms that are faxed to other health centers to obtain patient records. Though rare, health center staff may also travel to health centers to obtain records and hand-carry them back to their health center. Either way, once the data is received, health center staff may import the information manually into the patient's EHR.

Create a Standard Operating Procedure (SOP) or Standardized Workflow
Once you have a plan to obtain HIV test results for your patients, work with your health Information Technology (IT) team to determine how you will integrate this information into your EHR as part of your workflow. You can do this by developing an SOP document. Simply put, an SOP document is a list of written instructions for completing processes. For example, if a client brings in a hard copy of their HIV test results to your health center, will data entry personnel be required to place this information in the notes, or will there be a checkbox or other location in the patient’s history where the results need to be recorded? Once you have a scanned copy of a patient’s hard copy results, will you destroy the original? Will you require your team to alert providers that the client was tested elsewhere or will that be documented in the history? These are just a few questions to think about as you develop your SOP. As you work through your processes, it’s important to frequently update your SOP if you find any breakdown in your operations or find strategies for reducing steps to getting tasks completed. 

Health Information Exchange | HealthIT.gov. (2019). Healthit.gov. https://www.healthit.gov/topic/health-it-and-health-information-exchange-basics/health-information-exchange
HHS/CDC/NCHHSTP. (2011). National Center for HIV/AIDS, Viral Hepatitis, STD, and TB Prevention Data Security and Confidentiality Guidelines for HIV, Viral Hepatitis, Sexually Transmitted Disease, and Tuberculosis Programs: Standards to Facilitate Sharing and Use of Surveillance D. https://www.cdc.gov/nchhstp/programintegration/docs/PCSIDataSecurityGuidelines.pdf
Home» DirectTrust. (n.d.). DirectTrust. https://directtrust.org/
Pennar, A. L., Dark, T., Simpson, K. N., Gurung, S., Cain, D., Fan, C., Parsons, J. T., & Naar, S. (2019). Cascade Monitoring in Multidisciplinary Adolescent HIV Care Settings: Protocol for Utilizing Electronic Health Records. JMIR Research Protocols, 8(5). https://doi.org/10.2196/11185
Rights (OCR), O. for C. (2015, September 10). HIPAA for Professionals. HHS.gov. https://www.hhs.gov/hipaa/for-professionals/index.html?language=es
State Medical Records Laws - FindLaw. (2017). Findlaw. https://statelaws.findlaw.com/health-care-laws/medical-records.html

Search HITEQ Resources

One of the key strategies for Ending the HIV Epidemic includes diagnosing people with HIV as early as possible. HITEQ has curated a few strategies to help you leverage your EHR to identify clients in need of HIV screening to get your health center one step closer to ending the HIV epidemic in your communities.