Archive for the ‘General Musings’ Category

Building an interoperable Health Information Exchange

Building an interoperable Health Information Exchange
The federal government declared in the American Recovery and Reinvestment Act (ARRA) of 2009 [1] its intent to fund significant investments necessary to built an interconnected health information exchange (HIE) in the U.S., with the goal of quality improvement and cost containment [7]. In recent years there have been many attempts to built regional HIE, often called RHIOs, but most of these RHIOs failed after they exhausted their initial government funding [2]. Reasons for RHIO failure were both economic, with unsound business plans and monetization models [6], and technical. Learning from the failures of the last decade, a successful approach must provide both a sound financial model for all participating parties, and incorporate proven components into a scalable, secure, extensible and standards oriented architecture. This essay describes at a high level some of the critical components required for building an interoperable HIE.
HIE exchanges allow health data exchanges between various organizations and thus different information systems. Given the sensitive nature of health care information, data privacy has to be maintained throughout such a federated information system in compliance with HIPAA , requires an auditable log of every passive or active data access. In order to fulfill both the regulatory and functional requirements, the following core elements are required:

– Communication adapters that allow data extraction from existing legacy applications such as Electronic Medical Record systems (Providers) or Claims Data Repositories (Payers), usually implemented in a service oriented architecture (SOA). This is achieved by tagging data elements in feeder systems against a common data standard. A template for a common data architecture is HL7 CDA2 [4]. ANSI developed with HITSP specific work flow profiles for common tasks in the provider environment [3]. Complexity of peer-to-peer communication and the requirement of interfaces would grow  , in which n represents the number of information systems connected to a HIE. In the approach to map against a common data template, the interface requirement is reduced to n, a significant reduction in complexity. If the HIE is implemented in multiple loci, interfaces can be re-used, further reducing complexity. Nevertheless, given that most current EMR implementations are proprietary and do not adhere to a standardized architecture, tagging data elements in proprietary architectures does represent a substantial technical and financial challenge in the creation of HIE.

– Master Data Management (MDM) systems that allow identification of unique person profiles across multiple information systems, even in the absence of a single, unique identifier. While some countries do have such identifiers, in the U.S. the use of the social security number is not permitted. However, identifying data belonging to the same person across multiple systems is absolutely crucial for both patient safety and cost containment purposes. Popular systems like Initiate or Quadramed are proprietary in nature and create vendor dependency. With Mural, there is a generic, open source technology available, which is however lacking healthcare specific adapters. However, since communication adapters are essential for the entire system, as discussed earlier, adapters could be used to extract person identifying information and utilize the interpolation capability of the Mural project.

– Record Locator Services track data sources for medical information. The combination of MDM and SOA allows extraction of data related to a specific person from their original record keeping system on demand, when required (ad hoc). In the proposed interoperable HIE the record locator service is implemented in a distributed fashion, thus eliminating single point of failure. Synchronization of the various, distributed record locator services would follow a propagation scheme analogous to Network Routers, which keep routing tables locally without a single point of failure.

– Repositories create data artifacts that are accessible outside of the original record keeping system. This approach is used to create a persistent subset of medical information with emergency information, such as allergies and medications. If the data is constantly updated by trusted sources, it can be used for medical purposes. If it is exclusively or substantially maintained by user input, it is only a consumer directed personal health record (PHR) without clinical application. An interoperable HIE should not contain a repository of all healthcare data, as such an approach would create significant, inherent scalability issues. Every data artifact would have to be constantly checked for accuracy, generating unnecessary information traffic. However, emergency subsets and medical images could and should be kept in a repository in order to achieve high service availability levels with fast response times, while more detailed data is exclusively kept in the original custodial system of record.

– Role management is used to define across the organizations connected in a HIE roles that are associated with data access rights, i.e. which types and to which extend data can be requested by authorized HIE users.  This is an important regulatory requirement, but also a helpful feature to streamline clinical workflow.

– Identity Management (IdM) is used in organizations to create auditable and traceable identities of system users that have certain rights to access or create/update information. It includes access management and single sign on, but also identity provisioning. While each organization within an HIE might have their own IdM solution, those individual solutions have to be federated in order to allow HIE wide access and provisioning. Federated systems create a circle of trust, in which access right and roles migrate with the access request across organizations. Besides the technical implementation of an IdM federation, it also requires audit logging and role definition across the participating organizations.

– Consent management as an extension to access management specific to healthcare privacy concerns. While normally access and role based access to information is sufficient, a specific consent management extension implements patient rights to restrict data access further, while propagating and tracking consented access. The new, extended privacy requirements of HIPAA expressed in ARRA2009 could make consent management mandatory.

– Clinical applications, such as Laboratory Data viewers, consolidated DICOM viewers, Medication records, and Clinical decision support systems. While all the aforementioned modules and systems are enablers of a HIE, the clinical applications are the return on investment. From a cost containment point of view, avoidance of redundant procedures is the direct measurable component. Provided that imaging procedures, for example, are a very rapidly growing cost factor in health care [5], access to recent imaging can both reduce cost and improve decision making. The same is true for laboratory test, albeit the per-procedure savings is smaller by an order of magnitude. Cost savings caused by redundancy avoidance is a major factor in Walker et al.’s value calculation [8]. Indirect cost savings are achieved by access to medication records, which can unveil medication compliance and avoid undesired drug-drug interactions. In recent implementations extending information to citizens also has become a desired feature, be it for prevention or disease management purposes.

It is important to note that working applications for all modules exist, eliminating the need for costly and risky development. However, significant integration effort is required to combine all functional elements to a seamlessly working, secure and scalable information system.

In conclusion, the experience of building RHIOs and HIE over the past decade has demonstrated the risks and challenges of a complex health data exchange, but it has also yielded components and experience that make it today substantially easier to architect working HIE. While the technical problem therefore seems manageable, the core issues of existing RHIOs remain financial viability and access to vast amounts of data that are not currently captured electronically. In recent years, payers have begun to address this gap by mining claims data for longitudinal medication and diagnoses information, which is further evidence that both commercial and public payers (such as Medicaid) should be critical stakeholders in any HIE project.
______________________________________________
1.    111th Congress of the United States of America. American Recovery and Reinvestment Act of 2009 (ARRA), 2009.
2.    Adler-Milstein, J. and Jha, A. Fledgling firms offer hope on health costs. Harvard Business Review, 86 (3). 26.
3.    American National Standards Institute (ANSI). HITSP – enabling healthcare interoperability. ANSI ed., 2009.
4.    Dolin, R., Alschuler, I., Boyer, S., Beebe, C., Behlen, F., Biron, P. and Shvo, A.S. HL7 clinical document architecture, release 2. Journal of the American Medical Informatics Association, 13 (1). 30.
5.    Levin, D.C. and Rao, V.M. Turf wars in radiology: the overutilization of imaging resulting from self-referral. Journal of the American College of Radiology, 1 (3). 169-172.
6.    Miller, R.H. and Miller, B.S. The Santa Barbara county care data exchange: Lessons learned iHealth reports, California Health Care Foundation, 2007.
7.    Walker, J., Pan, E., Johnston, D., Adler-Milstein, J., Bates, D.W. and Middleton, B. The value of health care information exchange and interoperability. Health Affairs.
8.    Walker, J., Pan, E., Johnston, D., Adler-Milstein, J. and et al. The Value Of Health Care Information Exchange And Interoperability. Health Affairs, 24. 10.

Hello world – Welcome to my new Blog on Information Security for Healthcare

Welcome to my new Blog on WordPress. This is a continuation of my previous Blog

I left Sun in order to focus entirely on Healthcare, specifically information security in healthcare. And this is the focus of this new Blog

Let me start this new Blog with the last entry of the old one, because it is a summary what I have been doing in the last four year.

On July 1st, we’ll celebrate the 4th anniversary of the Sun Healthcare Industry practice. About four years ago now, we started with the preparation for this group and defined in that process five focus areas. We envisioned Sun technologies combined with partner solutions to contribute significant value to the community, by reducing cost and complexity with open-source-based state-of-the art technology:

  1. Health Information Exchanges – HIE
  2. Secure Data Management for structured and unstructured medical data
  3. Caregiver Mobility
  4. Regulatory Compliance
  5. Consumer Centric Health management

Since then, we have come quite a ways in these four years, found many partners that shared our vision, and used our  resources to build architectures and solutions. These architected solutions represent lower risk over conventional component purchases, which often require expensive integration and risk mitigation. Thus, architected offers contribute to lower cost, higher quality delivery of health information systems.

Coming back from the CIO Summit last week, and while preparing for HIMSS’09 in three weeks, I thought it’d be a good time to review the current state of our healthcare activities and partnerships.

May this be a preparation for visiting us at booth #1210 in Chicago to get a first-hand impression, as a potential customer, solution or channel partner anywhere in the world. And please feel free to comment:

Focus Area Description, Status, Examples
1. HIE – Health Information Exchange HIE exchanges allow data exchanges between various organizations and thus different information systems. Core elements of a HIE are:

– Communication adapters that allow data extraction from existing legacy applications such as Electronic Medical Record systems (Providers) or Claims Data Repositories (Payers), usually implemented in a service oriented architecture (SOA). Sun addresses this with OpenESB.

– Master Data Management (MDM) systems that allow identification of unique person profiles across multiple information systems, even in the absence of a single, unique identifier. While some countries do have such identifiers, others (like the U.S. and many European countries), do not have it, or do not allow the use of it for medical purposes (i.e. in the U.S. the use of the social security number is not permitted). Sun addresses this with Mural.

– Record Locator Services track data sources for medical information. The combination of MDM and SOA allows to extract data related to a specific person from their original record keeping system on demand, when required (ad hoc).

– Repositories create data artifacts that are accessible outside of the original record keeping system. This approach is used to create a persistent subset of medical information with emergency information, such as allergies and medications. If the data is constantly updated by trusted sources, it can be used for medical purposes. If it is exclusively or substantially maintained by user input, it is only a consumer directed personal health record (PHR) without clinical application.

– Role management is used to define across the organizations conneted in a HIE roles that are associated with data access rights, i.e. which types and to which extend data can be requested by authorized HIE users. Sun addresses this with its role manager.

– Identity Management (IdM) is used in organizations to create auditable and traceable identities of system users that have certain rights to access ot create/update information. It includes access management and single sign on, but also identity provisioning. While each organization within an HIE might have their own IdM, those have to be federated in order to allow HIE wide access and provisioning. Sun addreses this with a wide array of Liberty Alliance compliant, open source IdM products.

– Consent management as an extension to access management specific to healthcare privacy concerns. While normally access and role based access to information is sufficient, we developed and deployed a specific consent management extension that implements patient rights to restrict data access further, while propagating and tracking consented access.

– Clinical applications, such as Laboratory Data viewers, consolidated DICOM viewers, Medication records, Clinical decision support systems and so on.

Organizations that provide cross organizational services are usually called HIE, and the either persistent or ad-hoc data that can be correlated and presented through an HIE specific to a person is commonly referred to as Electronic Health Record (EHR). Not to be confused with an Electronic Medical Record (EMR), which only records episodes of care for an individual by one provider. Compare this with the “Qualified EHR” definition in ARRA 2009.

Sun has contributed and led efforts to built HIE infrastructre, such as PLIS in Britsh Colunbia, the image enabled NHS Scotland togehter with Carestream and led by Atos Origin, and the English NHS backbone SPINE, led by British Telecom, along with several regional HIE efforts, such as the Colorado RHIO. Sun open source also builds the foundation for NHIN – read more on NHIN in Bill Vass’ blog.

Based on our multi-year experience in designing and delivering working HIE we are building a replicable HIE architecture that can be adapted with ease and confidence, because many modules are already tested and deployed.

At HIMSS’09 we will show at our booth samples from working HIEs, such as PLIS in the Canadian province B.C., Colorado RHIO and the NHIN prototype. We will also participate in the HIMSS’09 Interoperability Showcase.

2. Data Management Managing data in healthcare has some industry specific properties. Medical images, for example, have to be retained for unusual long times (from a minimum of seven years to periods of 80 or more years). In order to allow cost efficient, long term archiving we teamed with PACS providers like Carestream, Siemens or Agfa to deliver multi-tiered, enterprise wide data management infrastructure for short term, high performance to long term, cost- and energy optimized archiving.

Sun’s added value consists of a comprehensive line of SAN and NAS disk storage products, industry leading tape libraries, Open Storage servers with unprecendent price performance and ease of use, and the very reliable SAM-FS hierarchical data management software. SAM-FS in combination with our disk and tape products archives today medical image data in hundreds of hospitals and imaging centers around the world.

One of our newer solutions was developed together with our partner Bridghead – HEAT. The Healthcare Enterprise Archive technology (HEAT) builds on top of Sun Open Storage and provides a DICOM interface, allowing the consolidated archiving for multiple DICOM compliant modalities in a Dicom-to-Dicom data transfer mode. This approach allows organizations to become independent from a single PACS vendor and chart a truly open data management strategy for many years to come. Even better than this, HEAT also allows archiving of unstructured non-DICOM data, such a scanned documents, or any structured data output.

For those customers who do not believe in tiered archiving including tape, we also offer a disk only solution. Leveraging the unprecedented and unmatched price and performance of Sun Open Storage, greenbytes developed the Cypress storage appliance. With build in de-duplication and loss less compression, Cypress gets the most out of the hardware. Specifically interesting for medical image archives is a feature that allows to switch of disks with unused data. So when files are not accessed, disks do need to spin – this saves energy and extends the life time of the disk.

At HIMSS’09 we will demonstrate at our booth both HEAT, the tiered archive solution with DICOM interface together with Bridgehead Software, and Cypress, the storage appliance built on top of Sun open storage.

3. Caregiver Mobility Especially in tough budgetary situations and long-term high energy costs, many CIOs are looking  into ways to take cost out of the desktop environment, usually one of the big ticket items in every IT budget. Sun’s ultra thin client technology for virtualized desktop delivery, SunRay,  does not only do that, it also improves clinical workflow. Time/Work studies have demonstrated again and again, and many CIOs know and confirm these statistics, that care providers roaming within their facilities spend in a traditional CITRIX environment on average one minute after authentication to begin work. In itself that doesn’t sound shocking – but in a roaming environment, 40, 50 or more login session might be required, which amounts to an hour each work day spend waiting for the virtualized desktop to be delivered. This is not acceptable. Within a SunRay environment, a virtualized desktop can be delivered within seconds. Raoming is enabled with secure smart cards, providing a secure connection between the session in the data center and end points through a hospital campus, or even remote at home (SunRay software has VPN capability).

At HIMSS’09 we will demonstrate Caregiver Mobility with several partners. Promptu/ThinIdentity developed a clinical context management that allows Careproviders not only extremely fast access to their personal desktop, the desktop is also presented with information sensitive to the display location – so a screen in a patients room might already show the EMR of the particular patient. Promptu streamlined the SunRay server software and accomplished tight integration with Microsoft Windows. With VMWARE we will demonstrate VDI, which allows efficient virtualization of the application and efficient license management. And emtec will demonstrate the combination of SunRay and VDI for a mobile clinical workstation solution, often referred to as COW (computer-on-wheels).

If you are the lucky recipient of one of 500 invitations sent out by promptu and Sun, you will receive a smart card in the mail. With this smart card, you can show up at the Sun booth (#1210) and create your own session. Session mobility will allow you to roam with this session to any SunRay at the Sun booth, or at the CSC or AVNET booth. How cool is that? And if you did not get a smart card in the mail – just come to our booth and we’ll set you up. Just tell the friendly receptionist you read in my Blog that you can get a smartcard to experience session mobility.

4. Regulatory Compliance We highlighted in this blog numerous times the implications of regulatory compliance, such as HIPAA, on electronic medical records.

While it is in general always a good idea to manage a healthcare IT organization against ISO 27799, the HIPAA specific interpretation of ISO 17799, we went beyond recommending IdM, audit logging and so on.

Our partner FairWarning developed an audit appliance which can monitor in real time at application level if users abuse access rights to sniff out patients or even commit identity theft. The FairWarning appliance makes configuration and implementation of comprehensive application level monitoring easy – check out the regulatory compliance exhibit in our booth at HIMSS’09.

Another very interesting appliance based on Sun Solaris security extensions comes from our Swedish partner Appgate.   Many healthcare organization have turned their firewalls into the equivalent of swiss cheese (as in: many holes) in order to accomodate external users, such as referring physicians, home access for ICO personell on call duty, or even patients with access to their billing records. Appgate provides application level security that neither requires firewalls, nor VPN, and thus combines reliable and scalable network infrastructure with high security.

5. Consumer Centric Health After visiting Health 3.0 earlier this year, it was very clear to me that personalization of health data is coming. Many of the large payers already begun to mine their wealth of claims data and use it to populate personal health records (PHR). This approach is very different than the PHRs discussed in the Health 2.0 environment, which rely on user data input and very few providers who might build interfaces. PHR built from claims data can provide a longitudinal (long term) view about diagnoses and prescriptions. Payers can use those PHRs to engage with plan subscribers, show them ways to manage their health or disease and provide incentives for compliant behavior.

Our partner Centri Health has demonstrated with their IHR (Individual Health Record) appliance that they are not only able to build useful records from claims data, but they also show how this IHR can be used in the daily practice of physicians to improve care quality. Centri Health is part of our Consumer centric health solution portfolio and will demonstrate their IHR at HIMSS’09 in Chicago at our booth.

Two other solution partners in our consumer centric health portfolio are greenplum and OCIE. Greenplum has established itself very quickly as a data mining engine with very competitive price / performance. Data Mining is used in Payer and Provider organizations alike to analyze the true cost of procedures or the most efficient treatment for specific diseases. OCIE provides fixed content management solutions, which speed up claims processing or can be used to expose billing information to consumers – a proven and effective method to increase payments and enhance user experience (as compared to receiving various seemingly unrelated bills in the mail over an extended period of time).