Tuesday, May 18, 2010

NHIN: No 'One-Size-Fits-All'

Dr. David Blumenthal, National Coordinator for Health IT (ONC) has published an open letter on the Nationwide Health Information Network.
___________________________________

There Is No ‘One-Size-Fits-All’ in Building a Nationwide Health Information Network

Private and secure health information exchange enables information to follow the patient when and where it is needed for better care. The Federal government is working to enable a wide range of innovative and complementary approaches that will allow secure and meaningful exchange within and across states, but all of our efforts must be grounded in a common foundation of standards, technical specifications, and policies. Our efforts must also encourage trust among participants and provide assurance to consumers about the security and privacy of their information. This foundation is the essence of the Nationwide Health Information Network (NHIN).

The NHIN is not a network per se, but rather a set of standards, services, and policies that enable the Internet to be used for the secure exchange of health information to improve health and health care. Different providers and consumers may use the Internet in different ways and at different levels of sophistication. To make meaningful use possible, including the necessary exchange of information, we need to meet providers where they are, and offer approaches that are both feasible for them and support the meaningful use requirements of the Centers for Medicare & Medicaid Services (CMS) Electronic Health Record Incentives Programs. As with the Internet, it is likely that what is today considered “highly sophisticated” will become common usage. Moreover, users may engage in simpler exchange for some purposes and more complex exchange for others.

Current NHIN exchange capabilities are the result of a broad and sustained collaboration among Federal agencies, large provider organizations, and a variety of state and regional health information organizations that all recognized a need for a high level of interoperable health information exchange that avoided “one-off” approaches. Based on this pioneering work, a subset of these organizations is now actively exchanging information. This smaller group currently includes the Department of Defense, Social Security Administration, Veterans Health Administration, Kaiser Permanente, and MedVirginia. They initially came together to show, on a pilot scale, that this type of highly evolved exchange was possible. Having succeeded, they continue to expand the level of exchange among their group and with their own respective partners in a carefully phased way to demonstrate and learn from these widening patterns of exchange. The robust exchange occurring at this level has several key attributes, including the:
  1. Ability to find and access patient information among multiple providers;
  2. Support for the exchange of information using common standards; and
  3. Documented understanding of participants, enabling trust, such as the Data Use and Reciprocal Support Agreement (DURSA).
Not every organization and provider, however, needs or is ready for this kind of health information exchange today. Nor do the 2011 meaningful use requirements set forth by CMS in the recent proposed rule require it. Direct, securely routed information exchange may meet the current needs of some providers for their patients and their practices, such as receiving lab results or sending an electronic prescription.

To enable a wide variety of providers – from small practices to large hospitals – to become meaningful users of electronic health records in 2011, we need to ensure the availability of a reliable and secure “entry level” exchange option that aligns with the long-range information exchange vision we have for our nation. Such an option should balance the need for a consistent level of interoperability and security across the exchange spectrum with the reality that not all users are at the same point on the path to comprehensive interoperability. In an effort to provide the best customer service possible, the Office of the National Coordinator for Health IT (ONC) will consider what a complete toolkit would be for all providers who want to accomplish meaningful health information exchange.

Broadening the use of the NHIN to include a wider variety of providers and consumers who may have simpler needs for information exchange, or perhaps less technically sophisticated capabilities, is critical to bolstering health information exchange and meeting our initial meaningful use requirements. Building on the solid foundation established through the current exchange group mentioned above and the recommendations of the HIT Policy Committee (which originated with the Committee’s NHIN Workgroup), ONC is exploring this expansion of NHIN capabilities to find solutions that will work across different technologies and exchange models.

The newly launched NHIN Direct Project is designed to identify the standards and services needed to create a means for direct electronic communication between providers, in support of the 2011 meaningful use requirements. It is meant to enhance, not replace, the capabilities offered by other means of exchange. An example of this type of exchange would be a primary care physician sending a referral and patient care summary to a specialist electronically.

We are on an aggressive timeline to define these specifications and standards and to test them within real-world settings by the end of 2010. Timing is critical so that we may provide this resource to a broader array of participants in health information exchange as a wave of new, meaningful users prepare to qualify for incentives provided for in the HITECH Act and ultimately defined by CMS. This model for exchange will meet current provider needs within the broader health care community, complement existing NHIN exchange capabilities, and strengthen our efforts toward comprehensive interoperability across the nation.

A natural evolution in NHIN capabilities to support a variety of health information exchange needs is being reinforced by trends that are leading us toward widespread multi-point interoperability. The current movement toward consolidation in health care, coupled with health reform’s encouragement of bundled payments for coordinated care, will mean more providers need it. Quality improvement, public health, research, and a learning health care system all require it. Ultimately, simple exchange will be part of a package of broader functions that allows any provider, and ultimately consumers, to exchange information over the Internet, enabled by NHIN standards, services, and policies.

Your continued input will help guide us toward and maintain a direction that is in harmony with the rapid innovations in health IT today. The NHIN Direct Project will conduct an open, transparent, and collaborative process throughout its development by using a community wiki, blogs, and open source implementation already available on the project’s website (http://nhindirect.org). I encourage you to participate through the website, via public participation at the implementation group meetings, and by deploying and testing the resulting standards and specifications. For those of you who are participants in the current exchange group, I urge you to take every opportunity to share your experiences. Lessons learned from the NHIN Direct Project and the exchange group will inform the evolution of the NHIN as new uses and users come forward, and as continued innovation occurs to meet the growing needs of our community.

As we head into the next stage in the development of nationwide health information exchange, we should all take a moment to reflect on how far we have come and evaluate our plans for the future. ONC is committed to providing resources and guidance to stakeholders at all levels of exchange through HITECH programs, such as the Health IT Regional Extension Centers, the national Health IT Research Center, and the State Health Information Exchange Program. As you assess your own needs for exchange, please take advantage of the many Federal resources available to you on the ONC website and the online resources of the programs mentioned above, as well as through the “NHIN University” education program hosted by our public-private partner, the National eHealth Collaborative.

We have done a great deal of work in the short period of time since the passage of the HITECH Act. We at ONC appreciate your willingness to stay engaged and involved in every step of our journey, and we look forward to our continuing collaboration to improve the health and well-being of our nation.

Monday, May 10, 2010

NHIN Direct: Getting to the Health Internet, Finally!

I've been spending a lot of time involved in several Work Groups of the NHIN Direct Project, being run by ONC/HHS. The Project is aimed at developing secure, affordable, health data exchange over the Internet so more physicians can participate in Meaningful Use. This project has major significance to physicians in primary care, to all doctors in small and medium size medical practices, and for many small hospitals, as it is a potential "game changer" with implications for both the EHR technology industry and quality improvement movement. Here's some background and explanation about why and how.

Background on health data exchange -- why paper and fax no longer suffice
As a means of getting information from point A to point B, the fax machine works pretty well. But there are three big problems with faxing health data and information. One, it's expensive, mostly due to the staff time spent running the machine, changing paper and ink cartridges, and handling paper jams, busy signals, and wrong numbers. Two, faxes contain unstructured text that at best is stored as a document electronically, but usually turns out as paper. Paper is expensive to store compared with digital documents, but the real problem here is that fax data are "non-computable." Data in a fax is almost always unstructured and therefore unavailable for storage as discrete data elements, e.g. name, address, HbA1c level, etc, in a database. In a database, discrete data can be acted upon by software, but in paper format the data just sits there. And third, faxes are not really secure, as anyone walking by an unattended fax during receive mode can attest.
Not a huge issue, perhaps, until we consider that in 2009-10 Congress and agencies of the federal government have created regulations that require physicians and hospitals participating in the ARRA/HITECH incentives awarded for "meaningful use" of EHR technology to:
  • send data to each other for referral and care coordination purposes;
  • send their patients alerts and reminders for preventive care;
  • offer patients views of their clinical data, such as laboratory results;
  • make clinical summaries available to patients after each visit, and: send quality measurement data to CMS.
Given this new situation, which will dramatically increase the flow of data out of medical practices and hospitals, the really pertinent question is this: "If we can't use fax machines to deliver these messages, what can we use?"

As it turns out, transporting health data electronically isn't so easy. Even for doctors/hospitals who use comprehensive EHRs in their practices. The major problem is meeting basic HIPAA security and the maintenance of patient privacy requirements. E-mail with attachments is a hands-down, no-brainer win over faxes in terms of moving data electronically from Doctor-or-Hospital A to Doctor-Hospital-or-Patient B, especially if those attachments are structured data, like the CCR standard xml files. But the way our email clients (Outlook,Entourage, Apple Mail) and online mail accounts with Google or Yahoo are configured, they're not secure enough for health data transport.

(Why not? Well, for one thing Internet Service Providers (ISPs) and normal email clients don't authenticate, that is, assure the identity of, the sender or receiver. So identity can be spoofed. "On the Internet, no one can tell you're a dog," as the quite famous cartoon has put it. For another thing, most email data attachments aren't encrypted during transport. Email protocols, of course, can perform enable email clients to perform these functions, and we'll return to this potential later in this piece.)

The first iteration of the National Health Information Network, or NHIN, was top down, proprietary, and complex -

Roughly six years ago, the Office of the National Coordinator for HIT, ONC, under David Brailer, came up with the idea of the "National Health Information Network" or NHIN to solve the privacy and secure transport problem. As a solution to moving health data from point-to-point, the NHIN was exactly what you might expect would be proposed by the large enterprises, hospital systems, and their legacy vendors who were called upon by ONC for suggestions. Accordingly, the NHIN was to be a network composed of connected Regional Health Information Networks, RHIOs, now called Health Information Exchanges, or HIEs. These large HIEs would create "bridge technology" so that they could communicate with each other. Two of the biggest health systems in the country, who for years had fought interoperability and data exchange, but by 2005 were committed to the NHIN, are the VA Health System and the Department of Defense. Accordingly, in 2005, ONC/HHS let out grants for 18.5 million dollars for the design of the NHIN, to the likes of Accenture and Northrup Grumman, the latter a big defense contractor.

Now, if you were a doctor in 2005 practicing in a four doctor group in suburban Toledo, Ohio -- or one of her patients -- word of this design for the NHIN and the multi-million dollar contracts never reached you. And if it had, you'd probably wonder about its relevance to you or your colleagues. In part, that was because the feds weren't thinking about you at all. To the NHIN planners of 2005-08, your practice was on the very dark "edge" of the network they were designing, while hospitals and integrated health systems, were at its "core." Connecting the "cores" with each other was at the heart of the NHIN design and the work which continues under its newer name, NHIN Connect.

NHIN and NHIN Connect is a vision for a multi-stage, evolutionary approach to health data connectivity, tightly controlled by large enterprises and HIEs. First come the HIEs, then the HIEs connect to one another, and finally connectivity trickles down to the "edge" providers and practices who have EHRs, as these are required or incentivized to join the nearest HIE. I want to emphasize that there is nothing inherently wrong with this construct. But it does centralize decision-making and power in the hands of an elite few.
Think of the way the Cable TV industry developed in this country, and you're getting close to the old NHIN and NHIN Connect. Most Cable TV operators were given exclusive, monopoly contracts to do business in a community or region, based upon the claimed large start-up costs for laying copper and fiber cable. Which meant that customers who wanted cable TV had to sign up with a monopoly, or go without. Similarly, for the original NHIN, the RHIOs and HIEs are being given monopoly rights to establish private health data exchange networks, one per region, and doctors, hospitals, labs, pharmacies, and others will have to sign up with them in order to be able to send and receive data for various purposes, including those requirements to become a Meaningful User of certified EHR technology under the ARRA/HITECH incentive program -- for making electronic referrals, sending alerts and reminders, and clinical summaries to patients.

Another useful analogy with which to compare the NHIN-as-connected-large-enterprises-and-HIEs is the situation that existed just before the Internet, when private networks like AOL and Prodigy were able to charge customers a monthly fee for basic services such as sending emails and viewing the Web through their own browser. The NHIN as originally planned is essentially a framework for the establishment of multiple, Prodigy-like private Internets, which would use the open source but still very complex NHIN Connect Gateway software to move health data between private networks, in many cases for a fee.

Now, you don't need to be the least bit technically savvy to raise some good, solid questions about this arrangement. For example:

Why would we go through the expense and hassle to build and then limit our NHIN experience to monopolistic, Prodigy-like, private health data networks around the country for simple data transport, when the Internet itself is available? Banks, airlines, and e-commerce of all kinds run on secure Internet systems, so why can't health care? HIEs and RHIOs may offer some of their clients much value beyond simple, secure, health data transport, which is fine. But not all of us will need Mac trucks to drive to work. Or:

Isn't this version of the NHIN going to be really, really slow to develop? Physicians and medical practices need to connect their health data by 2011 in order to qualify for Meaningful Use, but the original NHIN design sounds as though it might well take another decade to pull off. Or:

What about the doctors, practices, and patients who don't have an HIE in their vicinity? How will they get connected? HIEs are primarily urban and suburban, and formed around large hospitals or consortia of hospital systems. What are the docs going to do in rural and underserved areas? Or, what about this:
How can health IT innovation occur rapidly when health data and their transport are controlled by a relatively few private networks, and a few very large IT vendors?

NHIN Direct explained and illustrated

It is in large part as a way of answering these questions that the NHIN Direct Project has been initiated by ONC and HHS. The aims of the NHIN Direct Project are "to expand the standards and service definitions that, within a policy framework, constitute the NHIN. Those standards and services will allow organizations to deliver simple, direct, secure and scalable transport of health information over the Internet between known participants in support of Stage 1 meaningful use." Implicit in this objective is the inclusion of small and rural medical practices located at the "edge" for full participation in health data exchange within the scope of the expanded NHIN.

Stated even more simply, NHIN Direct is a specification for the use of a set of existing Internet standards and protocols to allow any individual, organization, or organizational health IT system with an NHIN Direct Address to send health data to any other individual, organization, or organizational health IT system with an NHIN Direct Address, and to do so without having to be part of an HIE or other private network. In practice it is likely that most HIEs and private networks will adopt the NHIN Direct protocols, and thus enable their member individuals and organizations to have NHIN Direct Addresses, and therefore be capable of participation in the direct routing of health data. An NHIN Direct Address is very much like an email address or a web address, the difference being that NHIN Direct Addresses are verifiable, "unspoofable," and stored in a directory for updating.

It is important to recognize that NHIN Direct is NOT a means of sending health data "out into the Internet" to unknown individuals, or to anyone with an email address. To avoid "spoofing," NHIN Direct will require that the sender of health data "knows" the identity of the receiver, and that the exchange between Dr. Kibbe and Dr. Smith using NHIN Direct methods will occur ONLY when there is a trusted method of assuring the identity of each.

How is this trust established? NHIN Direct envisions a new kind of Internet Service Provider, or ISP, to be called a Health Internet Service Provider, or HISP. To be connected to the Internet as a citizen or individual requires the use of an ISP, which may be Time Warner Cable, the local telephone company, or one's place of business or employer. In each case, one's ISP is the "first connection" that allows all of the other Internet and Web features to be available, e.g. email, web browsers, e-commerce, online video, etc.

The duties of a HISP are like those of an ISP, but include specific additional services that will permit providers to simply and securely exchange data using NHIN Direct channels. These include:
Assignment and listing of organizational and individual NHIN Direct Addresses. HISPs will not need to create completely new email or URI addresses for individuals or organizations. Dr. Kibbe can still maintain his email address as Kibbe@FamilyMedicineUSA.org. What the HISP must do is verify that Dr. Kibbe is in fact a physician licensed in the state of North Carolina, and that this address is accurate and correct. The HISP would be responsible for publishing this address to other qualified HISPs looking to pass along health data addressed to Dr. Kibbe, and to maintain and update this address periodically.

Authentication of senders and receivers at the time of transport. There are a number of ways that client applications such as email or a web browser can create a trust relationship with a server to which data is being sent on the Internet, and similarly, several ways in which HISP servers passing on the data to one another can verify and trust one another. Often, digital signatures or certificates are exchanged at the same time that data are encrypted, and these methods both establish trust and disable "sniffing" of the data in transit by nefarious or criminal parties. Within the NHIN Direct specifications, it will be up to each HISP to set a minimal authentication protocol for client applications using the HISP, and each HISP will need to decide whether or not to trust other HISPs, based on their choices of minimal identity management protocols, which each HISP will be required to publish.

Content packaging of sender's message to assure that receiver can consume and interpret it. For handoffs of health data to be efficient, simple packaging standards need to be employed that both senders and receivers, or their EHR technologies, can understand. The messages that can be sent over NHIN Direct will be limited to a very familiar Internet messaging standard known as multipart-MIME, in which various kinds of attached data formats will be permitted, including the CCR standard, CDA CCD, HL7 flat file, and PDF for unstructured data.

In the drawing below, the physician on the left is identified as the "Source to HISP." He or she is sending a message to the physician at the bottom on the right, identified as "HISP to Destination." The individuals or organizations who are senders and receivers may use a number of "edge protocols," e.g. email clients, to send their messages to the HISP with whom they are associated. The HISPs then use a "backbone protocol" to communicate with each other, until the Destination physician or organization is located, at which point the HISP associated with the receiving physician or organization uses another (may be one of several) "edge protocols" to deliver the message.

This model is essentially the same model, and employs many of the same protocols for message transport, as the Internet itself. Only in the case of NHIN Direct there are additional layers of both technology and policy to establish and enforce a framework of trust and security, to assure privacy and confidentiality.

Final comments on the importance of NHIN Direct
The advantages to small and medium size medical practices of a national system that looks like NHIN Direct are substantial. Medical practices will be able to participate in health data exchange without the requirement to join a formal HIE or RHIO, although they will have the option to do so whenever one is established in their areas and if they provide additional value beyond simple, secure transport. Meaningful Use criteria for data exchange to support care coordination, patient engagement, and submission of quality data will be easier to meet, and at lower cost. In fact, the costs to be part of the NHIN Direct will be initially very minimal, and scale upward only as services beyond simple transport are added and subscribed to.

Beyond these tactical and practical issues, there is an essential tension between the older version of the NHIN and the NHIN Direct. If you believe that health care is fundamentally the business of large provider organizations and their large IT corporate vendors, then you're probably comfortable with the NHIN Connect's system of RHIOs and HIEs controlling health data and its flows. Large enterprises like the VA Health System may find they need the added complexity. But if you believe that medicine and most of health care is still primarily a set of service professions, where relationships between providers and patients count, and that individuals should be given the right to control most, if not all, of their health data, the NHIN Direct will seem preferable, or at least worth a try. A similar "decision" was made for the Internet and World Wide Web at large back in the 1990s, when private networks like AOL and Prodigy fell to the wayside in favor of the more open, simpler to use, and more democratic protocols which have created "net neutrality."

Over the next weeks and months we'll see the extent to which these two visions of health data for a National Health Information Network are successful. With any luck, they'll peacefully co-exist side by side.

Tuesday, May 4, 2010

Data Breaches and Medical Identity Theft On the Rise

A recent survey found that 40% of hospitals have ten or more data breaches annually.  This represents an increase of 120% over last year's study. And 85% of the hospitals self-reported as not in compliance with HITECH's security provisions which include "disclosure reporting, privacy monitoring, limited use of personal medical data for marketing, and patients’ electronic access to their health information." 


The review of other studies found that:
  • "Fraud resulting from exposure of health data has risen from 3% in 2008 to 7% in 2009, a 112% increase (Javelin Strategy and Research)
  • Nearly 1.5 million Americans have been victims of medical identity theft with an estimated total cost of $28.6 billion. (Ponemon Institute)
  • It takes more than twice the time to detect medical information fraud and the average cost is $12,100, more than twice the cost for other types of identity theft.  (Javelin Strategy and Research)
  • Victims of medical identity theft may receive the wrong medical treatment, find their health insurance exhausted, and could become uninsurable for both life and health insurance coverage. (World Privacy Forum) 
  • Data breaches not only put people at risk of becoming victims, they are costly to the organizations that suffer breaches. A 2009 study revealed that the average cost of a data breach – per record breached ‐‐ has risen to $202 from 2008’s $197. At that rate a breach of 5,000 records will cost over $1 million. (Ponemon Institute)
  • Despite requirements that data be encrypted, the U.S. Department of Health and Human Services has announced that between January 1 and March 9, 2010 at least 74,962 unencrypted health records had already been breached. (HHS)"