Free The Data: APIs Boost Health Information Exchange - InformationWeek
Healthcare // Electronic Health Records
09:06 AM
Mark Braunstein
Mark Braunstein
Connect Directly
Threat Intelligence Overload?
Aug 23, 2017
A wide range of threat intelligence feeds and services have cropped up keep IT organizations up to ...Read More>>

Free The Data: APIs Boost Health Information Exchange

New models promise to make sharing health information almost as simple as shopping on Amazon.

My last two articles had a common theme: freeing the data. We first looked at new approaches for patients and for providers. Of course, no matter how innovative the personal health records (PHRs) or electronic health records (EHRs) become, given the highly fragmented and specialized US healthcare system they still need to exchange data in a secure way that preserves privacy and trust. That is the goal of health information exchange (HIE).

HIE has been around for decades. Back in the mid-1970s, I tried (unsuccessfully) to create one in a rural county in South Carolina. From then until now, there have been nagging problems around the inherent lack of interoperability in commercial health IT systems; the lack of business incentives to share data; and the mismatch between the cost of HIT and its perceived (or real) financial benefits and to whom they accrue. We'll focus here on how interoperability might be achieved at an affordable cost.

The key HIE technical challenges are easily understood. Parts of a patient's clinical data will often be stored in many EHRs. For a patient with four, five, or more chronic diseases (these drive half of all Medicare costs) research shows that this will typically exceed 10 EHR implementations from multiple vendors! A conscientious provider seeing such a patient would want a comprehensive view of all of this care in order to save time collecting information that already exists, avoid duplicating tests and procedures that have already been done, and prevent mistakes from lack of information.

[Are patient record hacks inevitable? Read Healthcare Data Breaches To Surge In 2014.] 

These are worthy and important goals that, in practice, are very hard to achieve in the real world of healthcare, outside of an integrated delivery system such as Kaiser or the Veterans Administration. Outside of a closed healthcare network, how can a provider's EHR know where the various parts of a patient's record are located? Even if it does, how can it sufficiently identify the patient such that the partial records are combined into one complete and correct record? Since there is little consistency in the way EHR products represent clinical data, how can a "Tower of Babel" be avoided?

Historically, there have been two attempted solutions: 1) store everything centrally and, in essence, create a community record, or 2) keep the data at the source but build central indexes to patients and their medical documents and provide some kind of translation service to bridge differences in the way clinical data is represented across EHRs. This is the so-called hybrid exchange.

Both of these are commercially available technologies. There are good examples of both in operation, but they are expensive to build and operate. Combined with the problem of fragmented and difficult-to-realize benefits across the HIE stakeholders, per-member costs have often exceeded per-member benefits. Thus achieving financial sustainability, in the absence of government or philanthropic subsidy, has proven too challenging. Many community and regional HIE initiatives have been scaled back or abandoned.

Image: American EHR

As a result, starting a few years ago a third approach began to gain traction. It's called the Internet! Actually, the proper term is federated exchange. Leave each patient's data where it is and use lighter-weight technologies to support exchange. The Novo Grid was an early commercial effort that involved servers at each location running an "intelligent agent" that understood the data flows and formats of its associated data source. More recently, ONC has introduced and supported Direct (as opposed to centralized) HIE. Direct is based on exchanging reasonably standardized patient documents (usually in the HL7 CCDA format) as encrypted attachments to secure emails. The benefits are obvious: simplicity and very low cost. For now, I'll skip discussing the complexities, such as the role of the Health Information Service Provider (HISP) that controls a Direct network, and managing trust among multiple HISPs.

More recently there is Fast Healthcare Interoperability Resources (FHIR), which is essentially based on the idea that healthcare information can be exchanged the same way that other information is shared on the Internet. If you've used Amazon to look for goods to purchase, you might have noticed that, up there in the URL, text appears when you click the search button that specifies what you want. Although it might be a bit cryptic, even a non-technical person can usually figure out most of what it says.

What's really going on here? You're at your computer (which, of course, these days might be a mobile device such as a smartphone), and the information you want is securely stored in, for example, Amazon's cloud. You specify what you want, and your browser creates a query and sends it to the cloud, where it might be routed to any one of thousands of Amazon servers that will interpret it, query a database, and return the information you requested. This ability to route requests to any server in the cloud that is available is another key technical property that lowers costs and is exploited in FHIR.

As with Direct, there is more to the story than I've described (technically inclined readers should read the FHIR Summary, which is also available as a two-page PDF). But this should suffice to give you the basic idea of what is increasingly termed "API-based HIE."

Direct leverages email, and FHIR proposes to use web standards to make sharing health information almost as simple as using Amazon. Both are simple and virtually free. Could this be the future of HIE? It's too early to be sure, but I wouldn't bet against it!

Mark Braunstein is a professor in the College of Computing at Georgia Institute of Technology, where he teaches a graduate seminar and the first MOOC devoted to health informatics. Mark has been involved in health IT since the early 1970's when he developed one of the first ambulatory electronic medical record systems at a pioneering patient-centered clinic at the Medical University of SC. After many years in the commercial sector, he joined Georgia Tech in 2007. He is the author of Health Informatics in the Cloud, a brief non-technical guide to the field. His new text, An Introduction to Contemporary Health Informatics, will be published in early 2014.

Though the online exchange of medical records is central to the government's Meaningful Use program, the effort to make such transactions routine has just begun. Also in the Barriers to Health Information Exchange issue of InformationWeek Healthcare: why cloud startups favor Direct Protocol as a simpler alternative to centralized HIEs. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Mark Braunstein
Mark Braunstein,
User Rank: Moderator
2/12/2014 | 3:00:09 PM
This Just In 2 ...
Data just made available seems to show (if I'm reading the diagram correctly) that 40% of all current HIE transactions in the US are being done via Direct!

Looks like the simple approach is rapidly gaining traction.

Mark Braunstein
Mark Braunstein,
User Rank: Moderator
1/28/2014 | 12:44:01 PM
Just in ...
An article posted on the Health Data Management site ( says that "Black Book polled 1,550 providers and 794 payers using HIE, and the results are sobering. Ninety-five percent of payers, 83 percent of hospitals and 70 percent of physicians responded that publicly-funded HIEs are struggling with flawed business models and are not providing meaningful connectivity."  As a result "Seventy-two percent of respondents believe that by 2017, there could be as little as 10 of the currently functioning public HIEs supported by federal grants that are ending, unless they find better business models, improve their processes and create ways to encourage participation."

To me this doesn't suggest that the concept of public HIE is fundamently flawed but it does reinforce the argument that the technologic approach may be wrong.  API-based exchange, by using existing standards and the Internet, means the healthcare industry doesn't bear the cost of a "built-to-purpose" infrastructure (e.g. HIE, the noun, as we've known it).  This may well turn out to be a key strategy (but probably not the only one needed) that will make HIE (the verb) happen more broadly and sustainably.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll