Independent report lays out a robust path to interoperability. Will we follow it?
20 Tests Healthcare CIOs Must Juggle
(Click image for larger view and slideshow.)
The Agency for Healthcare Research and Quality (AHRQ) recently posted "A Robust Health Data Infrastructure," a report from JASON, an independent group of scientists that since 1960 has advised the US government on science and technology.
For those of us who are concerned about interoperability and worry that the Meaningful Use and EHR software certification bars may have been set too low, this report presents a potentially exciting glimpse of the future -- if the recommendations survive and actually get implemented. I'll come back to that point after reviewing some of the key recommendations.
I am pleased that this report is consistent with our intent to support nationwide interoperability in a way that supports care, health and is flexible enough to meet the challenges of the future. The ONC and the Centers for Medicare & Medicare Services (CMS) have already begun to work on many of the recommendations cited in the report -- this represents the beginning, not the end of our efforts. The JASON recommendations continue to challenge us to stay focused on the path ahead.
The ONC and CMS work together to set standards for electronic health record (EHR) technology and promote its use through the Meaningful Use program.
The report is nearly 70 pages long and very well written. I recommend you read it since I can provide only some high-level details here. In addition to recommending a future approach to interoperability, it provides an overview of some key health IT issues (such as the VA and DOD's EHR efforts and their failure to interoperate).
Here are, in my view, the key policy points:
Interoperability requires the development of a comprehensive open architecture that would be largely built using public APIs and open standards, interfaces, and protocols. Anyone reading my earlier articles in the Free the Data series knows I heartily agree.
CMS should use Stage 3 Meaningful Use as an opportunity to raise the bar and embark upon the creation of a truly interoperable health data infrastructure by mandating the proposed architecture.
EHR software vendors should be required to develop and publish a common set of APIs to provide simple access to medical records data for care coordination, population health, research, and other purposes.
Now some of the key technical points:
Health data would be viewed atomically (e.g., at the lowest logical level such as an individual lab test result) and would be tagged at that level with metadata indicating its source, history, and privacy constraints.
The concept of de-identified patient data is increasingly impossible to implement in an era of "omics" and would give way to "patient privacy bundles," a means of identifying those atomic data elements each patient is willing to share for various purposes.
The required APIs would include search and indexing, semantic harmonization and vocabulary translation, and support of the user interface applications layer (see the next bullet). Vendors would be required to demonstrate that data from their EHRs can be exchanged through the use of these APIs and can be used in a meaningful way by third-party software developers.
All stakeholders in the system (patients, providers, payers) would interact with the architecture through the user interface application layer (UI app layer). Essentially, for many purposes, legacy EHRs would become a database that users access through other means than the vendor's UI (essentially Bob Greenes's idea of a universal app platform, which I discussed in a previous post).
How might all of this work? The report provides an example of a patient query within the proposed architecture:
The patient wonders if Advil will interact adversely with any of his other medications. He asks this question via his smartphone application (UI app layer). The phone establishes a secure wireless connection to a health information exchange (HIE). The Authentication Server at the HIE verifies, by key exchange, the patient's identify (establishing trust). The Patient Privacy Bundle Manager checks that the patient is allowed to access the record the smartphone app has requested (managing privacy). The Key Manager generates a unique key for this transaction, and it is transmitted to the smartphone for use in the remainder of the transaction (providing security).
The smartphone then sends the key and the request to the Search Computer. The Search Index validates the key, locates the record, and sends a request to the computer storing the record. The record is accessed via the encrypt/decrypt layer. The encrypted information and key are returned to the UI app layer, which displays the answer.
The report suggests that with modern technology, all this could happen in less than a second. The report includes a diagram showing how all these elements relate to each other and to legacy EHRs.
Wouldn't you want to be able to do this so seamlessly, easily, and quickly? I know I would. So what's the problem?
The issues are, of course, economic and political. We all know that the EHR market divides roughly into two groups of vendors: those that market to health systems, and those that market to individual provider groups (usually smaller groups these days, as the larger ones get acquired by the health systems).
The health systems want to control their data. There are some good reasons for that, but there is also the reality that they want to do what the airlines have done with their frequent flyer programs: get all the business by making it easier for patients to use their providers and facilities than to go elsewhere. (Some even try to own virtually all the service area providers and facilities, leaving few, if any, local viable alternatives.)
The enterprise EHR vendors have a similar mentality -- to provide a "total solution" for their customers. Again, there are good reasons for this (seamless integration, for example), and there are not-so-good reasons (eliminating competition in their space).
The report acknowledges that implementing the architecture will be challenging, that it could take years and might have to be done incrementally. However, it also gives us a vision of how we might weld together the pieces of our now widely adopted but fragmented and non-interoperable HIT landscape into something approaching a seamless whole. To me, that's progress.
Download Healthcare IT in the Obamacare Era, the InformationWeek Healthcare digital issue on the impact of new laws and regulations. Modern technology created the opportunity to restructure the healthcare industry around accountable care organizations, but IT priorities are also being driven by the shift.
Mark Braunstein is a professor in the College of Computing at Georgia Institute of Technology, where he teaches a graduate seminar and the first MOOC devoted to health informatics. He is the author of Contemporary Health Informatics (AHIMA Press, 2014) as well as Health ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.