What Is a Health Information Exchange (HIE)? — 2026 Guide
What Is a Health Information Exchange (HIE)? — 2026 Guide
A Health Information Exchange (HIE) is a regional or national network that lets hospitals, clinics, labs, pharmacies, and public health agencies share patient records securely and in real time, without moving raw data into a central database. HIEs run on shared interoperability standards (typically HL7 FHIR R4 and Direct messaging) and operate under data-use agreements that preserve each contributing institution’s governance over its own patient data. The largest HIEs in the United States carry billions of clinical messages per year and underpin federal health programs from the ONC TEFCA framework to N3C, AIM-AHEAD, and ARPA-H research initiatives.
This guide explains what HIEs are, how they work, who operates them, what TEFCA changes, and why HIE infrastructure is the foundation of every modern federal health-data program.
The short definition
An HIE is shared infrastructure for moving patient health information across organizations. When you visit an emergency room in another state and the ER clinicians can pull your medication list and recent labs from your home health system within seconds — that’s an HIE working. The technical layer is interoperability standards; the operational layer is a network of contributing organizations bound by data-use agreements, governance councils, and privacy-preserving identity matching.
The first major US HIE was the Indiana Network for Patient Care (INPC), launched in 1995 by Regenstrief Institute and now spanning Indiana University Health and the broader Indiana HIE network. INPC remains one of the largest operational HIEs in the country and is the architectural template most regional HIEs follow.
Three things an HIE actually does
1. Patient record query and retrieval
A clinician in one organization queries the HIE for a patient’s records held at another organization. The HIE resolves the patient identity (typically via privacy-preserving record linkage), checks consent, retrieves the data from the source institution, and returns the response. The data stays at the source — the HIE is the messaging and routing layer, not a copy of every record.
2. Direct secure messaging
HIE participants send clinical messages (discharge summaries, referrals, lab results, care transitions) to each other through standards-based secure messaging — typically the Direct Project protocol or FHIR R4 messaging. This replaces fax and unsecured email for clinical communication.
3. Public health and population reporting
HIEs aggregate de-identified or consented data for public health surveillance (immunizations, syndromic surveillance, communicable disease reporting), quality measure reporting to CMS, and population health analytics for research and program evaluation. The N3C national COVID cohort, for example, drew much of its data through HIE-mediated extracts.
How HIEs work technically
Modern HIEs operate as federations rather than central data warehouses. Three architectural patterns are common:
| Pattern | Description | Examples |
|---|---|---|
| Federated query | The HIE doesn’t store patient data centrally. When a query comes in, it routes to the institutions that hold the patient’s records, retrieves the response in real time, and returns to the requester. | Indiana HIE, Sequoia Project’s eHealth Exchange |
| Hybrid (federated + record locator) | A central index (Record Locator Service) tracks which institutions hold which patients’ records. Queries hit the index first, then retrieve from sources. | Many state-level HIEs |
| Centralized repository | The HIE maintains a central database of clinical data from contributing institutions. Less common today due to governance and consent constraints. | Some older and smaller HIEs |
The federation pattern is dominant because it preserves institutional control over data, simplifies consent management, and aligns with HIPAA’s minimum-necessary principle. It’s also the same architectural principle behind modern federated trusted research environments — data stays at the source, compute moves to the data.
Core standards layer
| Standard | Role | Maintained by |
|---|---|---|
| HL7 FHIR R4 | API standard for clinical resources (Patient, Encounter, Observation, MedicationStatement) | HL7 International |
| USCDI | US Core Data for Interoperability — the minimum required data set | ONC |
| Direct Project | Secure point-to-point clinical messaging protocol | DirectTrust |
| C-CDA | Consolidated Clinical Document Architecture — clinical summaries | HL7 |
| LOINC, SNOMED CT, RxNorm, UCUM | Vocabulary for labs, conditions, medications, units | LOINC.org, SNOMED International, NLM, UCUM working group |
| IHE profiles | Integration patterns for clinical exchange | IHE International |
Who runs HIEs
US HIEs operate at several scales:
- State-designated HIEs. Most US states have one or more state-designated HIEs (e.g., Indiana HIE, Manifest MedEx in California, Healthix in New York, CRISP in Maryland/DC). State HIEs are typically nonprofit and partially funded by state grants and participant fees.
- Multi-state and national networks. eHealth Exchange (operated by the Sequoia Project), Carequality, and CommonWell Health Alliance connect HIEs and large health systems across state lines. These are the “HIEs of HIEs” that allow cross-state record exchange.
- Federal QHINs under TEFCA. The Trusted Exchange Framework and Common Agreement (TEFCA), launched by ONC, designates Qualified Health Information Networks (QHINs) that interoperate under a single common framework. As of 2026, six QHINs are designated. TEFCA is consolidating fragmented HIE infrastructure into a coherent national exchange layer.
- Specialty HIEs. Some HIEs are organized around clinical specialty (oncology, behavioral health) or care setting (long-term care). These typically interoperate with the general HIEs through standards-based gateways.
What TEFCA changes
TEFCA — the Trusted Exchange Framework and Common Agreement — is the most significant change to US HIE infrastructure since the original HITECH Act funding. Three things to know:
- Single legal and technical framework. TEFCA replaces the patchwork of bilateral data-use agreements between HIEs with one Common Agreement that all participating networks (Qualified Health Information Networks, or QHINs) sign. This dramatically simplifies cross-network exchange.
- Six exchange purposes. TEFCA defines six allowed reasons for cross-QHIN exchange: treatment, payment, healthcare operations, public health, government benefits determination, and individual access services. Research is not (yet) a primary TEFCA exchange purpose.
- FHIR-first. TEFCA requires FHIR R4 as the API standard. Older standards (C-CDA, Direct) continue but FHIR is the strategic direction. The ONC’s Inferno test suite is the conformance gate.
For research programs (NIH, FDA, ARPA-H, CDC), TEFCA is not a primary research-data path yet — researchers continue to obtain data through study-specific data-use agreements with HIEs or directly with health systems. But the TEFCA framework is the consolidation track US HIE infrastructure is on.
HIEs and federal health research
Federal health research programs depend on HIE infrastructure for cohort identification, data acquisition, and longitudinal follow-up:
- N3C (National COVID Cohort Collaborative) assembled 22M+ patient records from 75+ institutions during the COVID-19 pandemic largely through HIE-mediated data extracts, with cross-institution identity resolution managed by Regenstrief’s Linkage Honest Broker — the same infrastructure Regenstrief operates across HIE networks.
- All of Us Research Program acquires EHR data from participating sites that are typically also HIE participants, and uses common data standards (FHIR + OMOP) to harmonize the data.
- FDA Sentinel uses HIE-like distributed data network architecture: analytic code travels to the data partners (typically health systems and insurers); only summary results return.
- AIM-AHEAD (Artificial Intelligence/Machine Learning Consortium to Advance Health Equity and Researcher Diversity) depends on HIE-style federated data infrastructure for cross-institutional health-equity research.
When the ARPA-H CIRCLE program awards the AP1 — Clinical Data & Analysis Platform — the awarded team will deliver an AP1 substrate that operates with the same federated principles as a modern HIE: institutions retain governance, data stays at source, harmonized analytics run across the network. The CHORDS consortium — led by Regenstrief Institute with Lifebit (federated TRE platform) and Datavant (privacy-preserving record linkage) — is built directly on this HIE-informed architecture.
HIE vs federated trusted research environment — what’s the difference?
| Dimension | HIE | Federated TRE |
|---|---|---|
| Primary purpose | Clinical operations: real-time record exchange for patient care | Research and analytics: cohort discovery, ML model training |
| Latency target | Sub-second to seconds (clinical workflow) | Minutes to hours (analytic workload) |
| Data freshness | Real-time clinical events | Periodically refreshed analytic snapshots |
| Standards focus | FHIR R4, Direct, USCDI, C-CDA | OMOP CDM v5.4 + FHIR R4 |
| Governance | Treatment / Payment / Operations under HIPAA | Study-specific IRB-approved data-use |
| Typical participants | Hospitals, clinics, labs, pharmacies, public health | Academic medical centers, research institutes, federal agencies |
| Compute model | Routing + record retrieval | In-place analytic execution (DataSHIELD, OHDSI HADES, custom Nextflow pipelines) |
HIEs and federated TREs are complementary infrastructure. In federal health research, the HIE typically provides the data acquisition layer, and the federated TRE provides the analytic substrate. The CHORDS proposal for ARPA-H CIRCLE AP1 illustrates this directly: Indiana HIE and Indiana University Health (operated by Regenstrief) supply the data; Lifebit’s federated TRE provides the analytics workbench and IV&V data engine; Datavant provides cross-source patient linkage.
Frequently asked questions
What is a Health Information Exchange?
A Health Information Exchange (HIE) is a network that lets hospitals, clinics, labs, pharmacies, and public health agencies share patient records securely across organizational boundaries. HIEs operate on interoperability standards (typically HL7 FHIR R4) and preserve each participating institution’s governance over its own data. The largest US HIEs include Indiana HIE, Manifest MedEx (California), Healthix (New York), and CRISP (Maryland/DC), plus national networks like eHealth Exchange and Carequality.
What does HIE stand for?
HIE stands for Health Information Exchange. It refers both to the act of exchanging health information across organizations and to the organization or network that operates the exchange.
Who runs HIEs in the United States?
Most US states have one or more state-designated HIEs (typically nonprofit organizations). National networks include eHealth Exchange (operated by the Sequoia Project), Carequality, and CommonWell Health Alliance. Under TEFCA, six Qualified Health Information Networks (QHINs) are designated to operate under a single common framework.
What is TEFCA?
TEFCA — the Trusted Exchange Framework and Common Agreement — is the ONC-led framework that establishes a single legal and technical infrastructure for cross-network health-information exchange in the United States. TEFCA designates QHINs (Qualified Health Information Networks) that interoperate under one Common Agreement, replacing the patchwork of bilateral data-use agreements between HIEs.
Is HIPAA compliance required for HIEs?
Yes. HIEs operate under HIPAA’s Privacy and Security Rules and typically also under state health-privacy laws (which are often stricter). Data sharing through HIEs occurs under HIPAA’s Treatment, Payment, and Operations exceptions, or with explicit patient consent for purposes outside those categories.
How do HIEs identify the same patient across institutions?
HIEs use probabilistic or privacy-preserving record linkage to match patient identities across contributing institutions. Probabilistic matching uses combinations of demographic fields (name, date of birth, address). Privacy-Preserving Record Linkage (PPRL), as implemented by providers like Datavant, allows cross-source linkage without exchanging raw identifiers — a technique used in N3C, PCORnet, and federal research programs.
Can HIE data be used for research?
Yes, with appropriate governance. Research use of HIE-mediated data typically requires IRB approval, a data-use agreement with the HIE and contributing institutions, and de-identification or limited-data-set status under HIPAA. Federal programs (NIH, FDA, ARPA-H) routinely acquire data through HIE channels for population-scale research.
What’s the difference between an HIE and an EHR?
An EHR (Electronic Health Record) is the system a healthcare organization uses to store and manage its own patients’ records — Epic, Oracle Cerner, Meditech, Allscripts, etc. An HIE is the network layer that lets EHRs from different organizations exchange records with each other. EHRs are organizational systems; HIEs are inter-organizational infrastructure.
How Lifebit fits into HIE-driven research programs
Lifebit’s federated trusted research environment is the analytics substrate that sits on top of HIE-acquired data in federal health programs. The platform provides ingestion connectors for HL7 FHIR R4 and HL7v2 (the native formats most HIEs emit), AI-assisted harmonization to OMOP CDM v5.4, cohort discovery via OHDSI ATLAS, federated execution APIs for cross-institutional analytics, and an integrated IV&V data-quality engine. NIST SP 800-53 r5 controls, NIST SP 800-188 de-identification alignment, and HIPAA Privacy Rule §164.514(b) Expert Determination are operational defaults.
The platform is deployed today at the NIH National Library of Medicine (under FedRAMP ATO), Genomics England, CanPath (Canada’s national TRE), the Danish National Genome Center, and Cambridge Biomedical Research Centre — across 275M+ patient records and 1,500+ research projects on three continents. In the ARPA-H CIRCLE AP1 proposal led by Regenstrief Institute, Lifebit supplies the federated TRE platform layer that consumes Indiana HIE and Indiana University Health data through Datavant-managed privacy-preserving linkage.
If you’re scoping HIE-integrated infrastructure for a federal health program — ARPA-H, NIH, FDA, CDC, CMS — book a 30-minute scoping call and we’ll walk through the architecture that fits your data partners and timeline.
Sources:
– Regenstrief Institute — Indiana Network for Patient Care
– ONC — Trusted Exchange Framework and Common Agreement (TEFCA)
– eHealth Exchange — Sequoia Project
– Carequality
– CommonWell Health Alliance
– HL7 FHIR R4 specification
– USCDI — US Core Data for Interoperability
– N3C — National COVID Cohort Collaborative
– FDA Sentinel System
– Inferno FHIR test suite
Last updated: May 9, 2026