I don't know of all the technical issues however by experience I know of certain things that can be done that reduces significantly the wait time. The most common issue is the information access in the back end, usually this is done by using a message broker (MB) to access databases that are not optimized for this kind or work. Targeted and highly optimized data marts circomvents this issue, the same technique used for BI, however adapted to WEB access. HIPAA conformity can be a nightmare for security management specially for large amount of data. What can be done is to split the data into simplified forms, where each component does not have to be HIPAA compliant, then when the data reaches the targeted destination it can be put back together.
Making a difference in how people find health information, today and into the future.