This document is an overview of the technical philosophy and decisions behind Markle Connecting for Health’s Common Framework, and to the policy issues related to those technical requirements. It describes, in broad outline, a vision for a nationwide health information network (NHIN) that preserves patient privacy while allowing health information to be accessed by authorized persons; that leverages the existing investments in health care IT that have been made by existing institutions; and which preserves a high degree of both authority and autonomy for the institutions that currently provide care. It is not a technical guide; rather it is a general overview of the issues, accompanied by pointers to the relevant policy and implementation documents.

In particular, this document provides an outline of the technical issues and choices implicit in creating collaborative networks of health care providers. We call these collaborative networks sub-network organizations (SNOs) because they are components of the larger nationwide network. A SNO will adopt and contractually enforce local standards and policies among its members, and adopt standards and policies that will allow it to inter-operate with other SNOs. The NHIN is simply a network of these SNOs; there is no centrally managed database or set of services within the NHIN separate from those provided by the SNOs themselves.

This document is part of The Markle Connecting for Health Common Framework: Resources for Implementing Private and Secure Health Information Exchange, and is accompanied by several other companion technical and policy guides for health information exchange. These documents are intended for anyone in the health care or technology industries interested in health information exchange, but, taken as a sequence, represent various levels of increasing technical detail and complexity.

This document, “The Common Framework: Technical Issues and Requirements for Implementation,” provides the most basic level of technical overview. The “Health Information Exchange: Architecture Implementation Guide” covers a deeper level of detail, and the XML files and source code used in the technical prototype test, available through, provide a further level of technical detail. These latter files have been provided only to demonstrate the code that a technical developer created to implement specifications.

Implementation of the technologies described herein assumes that the health care entities engaging in health information exchange have already made significant strides using health information technology (HIT) locally. This requirement does not refer to the complexity or sophistication of the technology, but rather the basic capabilities presumed by the following:

  • The participating entities can receive and use digital clinical data, e.g., information brought in from remote sources such as laboratories.
  • The participating entities are already in compliance with HIPPA and state requirements governing data privacy and security, and are capable of implementing the requirements for providing only authorized access to identified individuals within their enterprise or organization.
  • The participating entities are comfortable disambiguating patient identities using probabilistic matching algorithms within their enterprise or organization. (Comfortable solving the "John Smith" problem in large databases, in other words.)
  • The participating entities have or are willing to acquire the hardware, software, and technical expertise necessary to support secure information exchange over the Internet, using Web Services standards and Secure Socket Layer (SSL) certificates.
  • The participating entities are willing to collaborate on the design and implementation of standards and policies for health information exchange among themselves, establish or identify an existing entity to host the Record Locator Service and put in place a governance model consistent with the policy principles.