Dan Munro

Writer

Is Interoperability A Technical Or Business Challenge In Healthcare?

By

JULY 7, 2015

NB: This article first appeared as a 3-part series on Health Standards in July of 2015. Much of the insight and information is unchanged and it is as relevant today in 2020 as it was over 4 years ago.

(approximately 4,250 words or about 20 minutes)

The voices around healthcare interoperability are becoming louder, more frequent and more urgent ‒ which is a great thing. Recently the fires were stoked again by both Leonard Kish (here) and then even more urgently by Paul Levy with this provocative headline ‒ “We’ve been swindled.” The key quote by Paul ‒ at least for me ‒ is this one:

Our national interest does not coincide with those corporate strategic interests.

He’s right, of course, but it also made me think of another quote by Florida Governor Rick Scott.

How many businesses do you know that want to cut their revenue in half? That’s why the healthcare industry won’t reform the healthcare industry.

We can debate Rick’s personal credibility for this quote another time, but as the founder of Columbia Hospital Corporation (at age 34) which bought HCA (in 1994) to become (in 1997) the world’s largest commercial healthcare enterprise ‒ his business credibility for this exact quote is beyond debate.

For those who follow me on Forbes ‒ I’ve written about interoperability in healthcare a fair amount starting early last year with a 5‒part series on the topic. That series launched with coverage of a keynote by Malcolm Gladwell (here) at a daylong summit on interoperability sponsored by West Health. The importance of the topic and the intersect with other aspects of healthcare IT (patient safety and cybersecurity to name just two) have prompted me to continue adding coverage to this critically important healthcare topic.

Some of the latest demanding insistence around interoperability in healthcare misses many of the key historical overlaps which I think are worth reviewing. Two in particular.

The world of packet-switching technology had a similar dilemma during the early days of its evolution as the driving force behind the internet using a very young standard called internet protocol (or IP). As a group, the emerging router and switching vendors ‒ names like Cisco, 3Par, Juniper, Brocade, Ascend Communications, and Lucent ‒ even truncated the word so that it could become more manageable.

In that world, interoperability is referenced simply as “interop.” They still hold an annual event called simply Interop ‒ but the needs around basic packet switching have been largely resolved (or avoided) and so the needs have greatly diminished ‒ as has the size and scope of the annual event.

Before moving to Las Vegas in 1994, the show attracted about 65,000 attendees and then consumed the Las Vegas Convention Center, often in its entirety. Today it’s a much smaller event at the Mandalay Bay with about 10,000 attendees each spring and about 300 vendors. In fairness, Interop now has four distinct venues around the world ‒ so the show is more globally dispersed. For purposes of comparison ‒ HIMSS ‒ the annual healthcare IT extravaganza is well on its way to about 40,000 in attendance and over 1,000 vendors.

My point with that is simply to recognize the trajectory and intersect of an important technical discipline ‒ networking and data interop. Whether we realize it or not we’ve successfully navigated the unknowns of network interop for over 45 years. That world has had its battles and most of those have been successfully navigated or avoided outright. Today, the global internet largely works (and sometimes fails) because of those technical and business settlements.

That’s not to say all is perfect harmony or without big glaring challenges, however, and that’s the technical vulnerability of networks that interoperate easily (security and privacy). I’ve also written about the challenge of security and privacy because it intersects so directly with what’s becoming the richest single gathering of individual data at scale ‒ our health data.

Part 2:

In Part 1 of this three-part series we saw how the world of packet-switching technology truncated the word “interoperability” to just “interop” and how that world successfully navigated many of the early technical challenges inherent in building an infrastructure for the benefit of an entire vendor community and global industry.

The parallels are similar to healthcare except for a few key variables ‒ and one in particular. A lack of urgency by many in the healthcare IT community to act cooperatively for the benefit of both consumers and an entire industry. Given the life-and-death consequence associated with health data interop some consider this to be outright criminal negligence ‒ even if there’s no legal basis for prosecution. Those are serious ‒ some might say exaggerated ‒ charges. Legal matters are for the courts to decide, of course, but here are some useful definitions:

Negligence: Failure to act with the prudence that a reasonable person would exercise under the same circumstances.

Criminal negligence: Recklessly acting without reasonable caution and putting another person at risk of injury or death (or failing to do something with the same consequences).

In fairness, it’s not entirely the fault of vendors who design and sell software. As a software engineer myself, I know that all too often it’s the buyers who pay for design specs that protect their commercial interests as well ‒ so it’s really a shared culpability.

Today, most of the focus for healthcare interop revolves around the lack of Electronic Health Records (EHR) to easily share patient data, but that’s only part of the whole story. There’s also an urgent need for broader healthcare interop that includes medical devices, wearables and other sensors that are destined for our health future. Many of these devices are also hampered by lack of data interop ‒ and in some cases ‒ even direct patient access. In these battles, patients are caught squarely in the middle of competing commercial interests around systems that have been optimized for revenue and profits ‒ not safety and quality. Two patient cases highlight the challenge beyond just the EHR.

In November 2011, Hugo Campos took to the TEDx stage in Cambridge to share the story of his implantable cardiac defibrillator (ICD). While the device literally collects every beat of his heart, the manufacturer (Medtronic) considers the digital data “stream” to be their rightful and legal property. An entirely separate device (used to capture the data for clinical interpretation) is also proprietary to Medtronic as a part of the closed-loop ICD “system.” Hugo is the host for their device ‒ but not considered an active participant.

In the world of medical devices, the truly antiquated thinking has often been that patient access to this type of clinical data is simply inappropriate and should only be collected and interpreted by clinicians. Using this antiquated logic, why should the format be anything BUT proprietary?

As a Type-1 Diabetic, Anna McCollister‒Slipp described her frustration in trying to manage data from four different electronic devices (clinically prescribed) because each of the devices has its own proprietary data formats.

These are amazing machines – it’s incredible technology – and the care of diabetes has improved dramatically because of them and because of some of the newer insulins that we have on the market. However, one of the most important things for me and for others like me with Type 1 in terms of managing our disease is understanding [the] patterns and right now all of my medical devices use different data formats, different data standards [and] they don’t communicate. The View of Digital Health From an ‘Engaged Patient’ – Forbes

Dr. Bob Wachter described the history behind some of the more immediate challenges with EHR software (including a 39‒fold overdose of a common antibiotic) in his recent book ‒ The Digital Doctor. The book should be required reading (almost a textbook) for everyone in healthcare IT because understanding the history of “wiring healthcare” (his phrase) is critical to understanding many of the current business tensions. Not surprisingly, he also arrived at a conclusion that many of us have been arguing for years.

“Underlying many of the discussions regarding personal health records, health exchanges, and interoperability is the need for a universal patient identifier, and ultimately a universal patient record that would be accessible anywhere to you or others who need it. Congress passed and President Clinton signed a law banning the use of federal funding to create such a number. This means that any effort to share records between hospitals, or even to access your medical history if you arrive at the ER unconscious, has to begin by solving the high-stakes Sudoku game of figuring out who the hell you are.” [bold emphasis mine ‒ page 189 of The Digital Doctor]

This particular “Sudoku game” is fraught with errors. In a 2012 Recommendation to Congress HIMSS cited this sobering statistic.

Patient-data mismatches remain a significant and growing problem. According to industry estimates, between eight and 14 percent of medical records include erroneous information tied to an incorrect patient identity. The result is increased costs estimated at hundreds of millions of dollars per year to correct information. These errors can result in serious risks to patient safety. Mismatches, which already occur at a significant rate within individual institutions and systems will significantly increase when entities communicate among each other via HIE ‒ a Meaningful Use Stage 2 requirement ‒ that may be using different systems, different matching algorithms, and different data dictionaries.

Dr. Wachter found additional support from Michael Blum (CIO of UCSF Medical Center) who called the Congressional ban on establishing a universal patient identifier “the biggest single failure in the history of health IT legislation.” [page 189 of The Digital Doctor]

The natural fear ‒ and the one that has derailed all efforts to this point ‒ remains patient privacy. That’s not an unreasonable fear because in the course of less than 12 months, the U.S. healthcare system lost almost 96 million records (about 30% of the U.S. population) to cybertheft. This happened without a national patient identifier. That’s not to say the records would have been safe by simply adding a national patient identifier, but we need more technical security ‒ including an intelligent identifier ‒ not just a name, social security number and home address.

The technical reality is that without modern data standards in healthcare, our personal health information is at greater risk as long as we rely on antiquated methods of simple numbers and text fields (that are prone to easy data entry errors ‒ and then require complex games of Sudoku to figure out who the hell we are).

Healthcare is certainly not unique as an industry that has struggled with standards. Without going into the rich and colorful history of health IT standards ‒ competing commercial interests often create an endless loop. This loop isn’t unique to healthcare, of course, but the stakes in healthcare are quite literally measured in human lives.

standards_comic
Courtesy of XKCD (http://xkcd.com/927/)

There is, however, another industry that does parallel healthcare in some important ways relative to data interop and the comparison might be surprising ‒ auto manufacturing.

Auto manufacturing had a interesting data interop problem from about 1954 to 1981. During those years ‒ as auto manufacturing was growing rapidly ‒ each auto manufacturer developed their own vehicle identification numbering system. Chaos ensued in that it was virtually impossible to track vehicles quickly ‒ let alone nationally. Vehicle tracking is important across at least five important vectors.

  1. Theft
  2. Accidents
  3. Damage (floods, tornadoes etc…)
  4. Recalls
  5. “Lemons”

Like the healthcare industry, auto manufacturing also has many stakeholders with a wide range of needs to track vehicles nationally and quickly.

  • Consumers
  • Law enforcement
  • Insurance companies
  • Manufacturers
  • Legislation around vehicle and consumer safety

Much like healthcare, transportation (including vehicle identification) is largely an issue of consumer safety.

So, in 1981, the National Highway Traffic Safety Administration (NHTSA) mandated the use of a 17 character VIN (based on International Standard Organization ‒ ISO 3779), and while it’s not perfect – it does make it much easier to track cars nationally with relative ease. It has become so successful that auto manufacturers now stamp the VIN on almost all of the major components of each new car. The success of CarFax today hinges not on being able to get the information quickly online ‒ but the underlying VIN standard for tracking cars nationally from assembly to salvage ‒ and every step in between. It’s a simple database query.

Part 3

In Part 2 of this series we saw how Vehicle Identification Numbers (VINs) were established by the National Highway Transportation and Safety Administration (NHTSA) and how they brought order to the chaos of vehicle tracking on a national scale.

In fact, there’s a much larger list of NHTSA standards beyond just vehicle identification. Under Title 49 of the United States Code, Chapter 301 ‒ Motor Vehicle Safety ‒ the NHTSA has a legislative mandate to issue Federal Motor Vehicle Safety Standards (FMVSS) and Regulations “to which manufacturers of motor vehicle and equipment items must conform and certify compliance.” 

With some dating as far back as 1968, Part 571 of FMVSS lists a range of standards around just one safety category called Crash Avoidance. To understand the level of detail, here are the first four standards in that sub-category.

  • Standard No. 101 ‒ Controls and Displays
  • Standard No. 102 ‒ Transmission Shift Lever Sequence
  • Standard No. 103 ‒ Windshield Defrosting and Defogging
  • Standard No. 104 ‒ Windshield Wiping and Washing System

What we’ve collectively determined ‒ and need to consider for healthcare ‒ is the enormous safety benefit that national standards  bring to a wide range of industries like motor vehicle manufacturing and air transportation. Relative to our health data, national standards can and should be leveraged for patient safety, security and privacy. First for electronic health records, of course, but also for devices, sensors and apps that collect and manage patient data.

Health data that’s interoperable and searchable is also a core requirement to larger objectives around transforming our healthcare system. Strategies like population health, personalized medicine, patient engagement and Accountable Care Organizations are largely dependent on accurate, near real‒time access to health data by everyone across the entire healthcare delivery ecosystem. Absent these basic capabilities, the U.S. is falling behind other countries that are able to forge ahead as true pioneers.

Finland is among the first countries to consolidate EHR data as a way to build a national patient archive. They see true population health as not only a strategic and competitive advantage for the whole country (population of about 5.5 million), but also as way to build patient trust around sensitive health information.

So far, people are really rather happy about these services, not just because the information is available at their fingertips but also because they think it is a good way to guarantee data security. When they check their information, they can also access a log that tells them exactly which organizations have been looking at their data – and this helps build trust in the system. Anne KallioHead of Development at the Ministry of Social Affairs and Health in Finland

The American system, on the other hand, has elected to optimize health data for revenue and profits ‒ not safety and quality. In our system, health data is used for billing, of course, but it’s also considered proprietary and siloed as a way to intentionally lock patients into networks of health plans and/or provider networks. Sometimes our health data is de-identified and sold to the highest bidder.

In other cases, providers charge patients a “copy fee” for accessing their own health data. Naturally, the higher the fee, the less likely we are as patients to switch providers. A recent study proves the captive effect of higher costs for patients to access their own health data.

In states that imposed caps on fees for medical records, patients changed their primary doctors 11% more frequently and their specialty doctors 13% more frequently. The Hidden Cost in Changing Doctors [Stanford Graduate School of Business ‒ June, 2015]

Revenue aside, we’ve also created a culture of fear around protecting data that is so irrational that it often trumps clinical safety outright. Paul Levy described a recent example with his article ‒ We’ve Been Swindled.

Upon arrival, he was whisked through the ED and was being prepped for surgery, but the doctors wanted to have a clearer sense of the location of the [kidney] stones.  His kidneys were in no condition to have another CT with contrast, and so they wanted to look at the CT scan that had been taken just an hour earlier at the urgent care facility. There was no way to electronically deliver the image to the BWH team.

To solve this basic lack of simple transferability (unrelated to the more complex task of interoperability), the CT scan was burned onto a thumb drive and walked (0.3 miles) for hand delivery. This isn’t just absurd or comical in 2015 ‒ it’s morally repugnant and indefensible. In cases like this (and countless others), technology is an outright impediment to life‒saving clinical care. The charade here is that vendors, payers and providers are uniform in their insistence that this is necessary to “protect our privacy.”

Standards that do allow for communication in healthcare are largely the domain and primary function of several organizations, such as Health Level Seven International (HL7).

Founded in 1987, Health Level Seven International (HL7) is a not-for-profit, ANSI-accredited standards developing organization dedicated to providing a comprehensive framework and related standards for the exchange, integration, sharing, and retrieval of electronic health information that supports clinical practice and the management, delivery and evaluation of health services. HL7’s 2,300+ members include approximately 500 corporate members who represent more than 90% of the information systems vendors serving healthcare.

Without going into the history of the standards work HL7 International has done successfully for the last 28 years, there’s an exciting development with a new standard called Fast Health Interoperable Resources or FHIR (pronounced ‘fire’). Adding fuel to the excitement are quotes like this.

FHIR is the “HTML” of healthcare. It’s based on clinical modeling by experts but does not require implementers to understand those details. Historically healthcare standard were easy for designers and hard for implementors. FHIR has focused on ease of implementation. John Halamka ‒ CIO at Harvard and Beth Israel Deaconess Medical Center ‒ Setting Healthcare Interop on Fire ‒ Forbes

Today, FHIR is working its way to becoming an official standard in healthcare. Later this fall, it will move from DSTU1 (Draft Standard for Test Use version 1) to DSTU2 ‒ at which point it will be considered enough of a standard to be openly supported (if not officially endorsed) by the Office of the National Coordinator (ONC). Developers have already started building, testing and deploying actual solutions using its framework.

So is FHIR the long awaited answer for true interop in healthcare?

One of the principal architects and lead developers of FHIR is a software engineer named Grahame Grieve. The development of FHIR represents a significant engineering achievement (spanning years and thousands of hours). As the FHIR project lead, his engineering domain expertise on FHIR is literally second to none.

One of several remaining challenges ‒ unsolved by FHIR ‒ is a key field called Master Patient Index ‒ or MPI. FHIR is a “framework” that can easily support an MPI ‒ but it isn’t an MPI itself. An MPI ‒ any MPI ‒ must be developed outside of FHIR (for use with FHIR). Which begs the question ‒ if FHIR is the emerging standard for interop in healthcare ‒ do we even need an MPI? I posed this question to Grahame. His reply was steeped in the engineering tradition and discipline of efficient coding.

Yup. MPI is unavoidable.

FHIR may well be the HTML of healthcare, but we still need an MPI for any system to determine “who the hell we are.” Anyone can generate an MPI of course and every electronic health record solution includes an MPI, but each one is different. There is no standard (and none pending) for this critical field used throughout the entire healthcare delivery ecosystem.

We could have one ‒ we should have one (in much the same way that we have a VIN for vehicles) ‒ but Congress reversed their original intent for this even though it was baked into the 1996 legislation known as HIPAA (see Who Stole U.S. Healthcare Interop?) .

The original legislation called for the creation of a National Provider Identifier and a National Patient Identifier. The Provider Identifier was implemented, but the Patient Identifier was subsequently “de-funded.” In effect, HHS (and by extension ONC) is legally banned from any work toward a National Patient Identifier ‒ which is equally reprehensible and indefensible. This isn’t the fault of HHS/ONC, of course, but it is absolutely the fault of Congress.

“It’s time that Congress recognize the inability to accurately identify patients is fundamentally a patient safety issue. CHIME Interim Vice President of Public Policy Leslie Krigstein ‒ Patient ID Highlighted as Barrier to Interoperability during Senate HELP Hearing
A false positive match occurs when two truly non-matching records are declared to match, while a false negative match occurs when two truly matching records are declared to be a non-match. While a majority of CIOs believe their false negative and false positive error rates are at or below industry standard, a considerable percentage believe their health records have rates that far exceed 8 percent.

“Of the nearly 65 percent of CIOs reporting use of unique identifiers, over half (58%) are using at least one other strategy – probabilistic, deterministic, biometric, etc. Yet, even with the use of such varied strategies, false negative and false positive error rates are still unacceptably high.” Summary of CHIME Suvery on Patient Data‒Matching ‒ May, 2012

Clearly many of the healthcare industries largest associations also agree with this assessment. I’ll close with this lengthy passage from one such coalition which wrote to Congress in May of 2011. (bold emphasis mine).

“An informed national-level patient identity solution would enhance, not compromise, the privacy and security of patient health information. An informed national-level patient identity solution does not mean a national identity number or card. Technological advances now allow for much more sophisticated solutions including patient onsent, voluntary patient identifiers, metadata identification tagging, controlled segmented access, access credentialing, sophisticated algorithms, and other echnologically advanced solutions.

“In the absence of an informed national-level patient identity solution, the states, health IT Regional Extension Centers (RECs), large health plans, various consortiums, and individual electronic health record vendors have had to develop their own patient identify solutions. As the nation moves forward with greater urgency toward the system-wide adoption of electronic health records, this essential core functionality to ensure the match of a patient with his or her information remains conspicuously absent. The multitude of different solutions and the lack of a national coordinated approach to patient-data matching pose major challenges for our health information infrastructure. Patient safety, privacy, and security depend on getting this core element right and soon.

“An informed identity solution provides unambiguous identification, is cost effective, and is tremendously effective in reducing false negatives in the patient matching process. As a result, an informed patient identity solution is an essential building block to achieving the nationwide exchange of health information, as well as improving patient safety and reducing healthcare costs, fraud, and abuse. As the nation works to achieve the “meaningful use of certified EHR technology” and widespread information exchange, an informed patient identity solution becomes an ever more critical factor for healthcare.”

Letter of Recommendation to Congress by The Coalition for an Informed Patient Identity Integrity Solution ‒ comprised of the American Health Information Management Association (AHIMA); American Medical Informatics Association (AMIA); Association of Medical Directors of Information Systems (AMDIS); College of Health Information Management Executives (CHIME); Healthcare Information and Management Systems Society (HIMSS); HIT Now Coalition; and the National Association of Healthcare Access Management (NAHAM).

We can debate the logic of comparing vehicle identification to patient identification, but that’s really just an academic distraction. It’s patently obvious that people are not cars, but as long as there are enormous commercial interests that intersect with millions of consumers daily ‒ like auto manufacturing or healthcare ‒ it’s the obligation of every government to tilt the market in favor of safety and quality ‒ not revenue and profits.

Nowhere is this more obvious or critical than healthcare. Driving and air travel are largely optional. Arriving on a gurney at an ER is not. Of all the fears that people may have as passengers on that gurney, the ability to share important, life-saving health data at the point of care shouldn’t be one them.

Until we solve the first riddle of who we are to the healthcare system, true data interop will remain the chew toy of competing commercial interests and the Kabuki dance of “information blocking” will continue unabated. Playing on the fears that we’re somehow safer without a national patient identifier is effective marketing, but it’s technically false. We’re actually less safe (and less private) using an antiquated, 9‒digit numbering system developed in the 1930s.

Mandating a unique ‒ and technically superior ‒ patient identifier may not be the biggest problem in healthcare IT, but it is absolutely the first. Absent this critical standard, we will continue to struggle with competing interests, technical workarounds, and hand‒delivered data. Contrary to the headline question for this series, interoperability isn’t a business or technical challenge at all. Specific to healthcare, it’s really a moral one of the highest priority.

Why Ireland has a National Patient Identifier (and we don’t)

By

On the one-hand, I’m excited by the CHIME-sponsored National Patient ID Challenge. According to the latest release there are “nearly 370 innovators from 40 countries” that have registered for the Final Innovation Round. The challenge itself is crystal clear: “Ensure 100% accuracy of every patient’s health info to reduce preventable medical errors and eliminate unnecessary hospital costs/resources.”

The reward is a cool $1 million and the winner will be announced sometime next year. I’m definitely interested to see the winning entry.

On the other hand, I’m not at all hopeful that the U.S. will benefit from this effort because of the legal blockade imposed by Congress on even studying this issue. In that sense, federal support of a national identifier for anything – even something as critical as healthcare – seems to be further away today than ever before and Congress has a near bulletproof argument against a national patient identifier (NPI) wrapped neatly inside a single word – privacy.

Industry versions of an NPI just won’t get to scale because of competing commercial interests. No real surprise here because car manufacturers were stuck with proprietary Vehicle Identification Numbers (VIN’s) until the National Highway Traffic SAFETY Administration came along and mandated one in 1981.

But NPI’s exist in other parts of the world just fine. The most recent example is Ireland – which announced their NPI as “live” earlier this month. Key milestones on their path included:

  • December, 2013: eHealth Strategy for Ireland
  • July, 2014 – Health Identifiers Act
  • August, 2016 – Individual Health Identifier (IHI) in production

Wow – roughly 32 months from start to implementation. Of course Ireland is small compared to the United States. The population of Ireland (about 4.6 million) is roughly equivalent to the population of Louisiana, but it’s still a major undertaking for technical, legal and societal reasons.

This is probably the single largest patient safety initiative that the Irish healthcare system has deployed to date. I think clinicians are way more bought into this than in the NHS [with the NHS number] 15 years ago. It’s been pushed as a patient safety initiative. This is very much about patient safety and using information to stop mixing people up. Richard Corbridge, CIO of Health Service Executive

Key takeaway – it’s a SAFETY issue. We know that from other statistics (here and here) that we’ve seen through the years from key healthcare organizations like CHIME, HIMSS, and AHIMA.

  • 8-12% of hospitals’ medical records are duplicates
  • On average: 64,000 – 96,000 medical records in an EMR (system) refer to a patient with another existing medical record
  • The average cost associated with repeated medical care – $1,009
  • Kaiser Permanente of Southern California has over 10,000 records of people named Maria Gonzales
  • HIMSS: 8-14% of medical records include erroneous information tied to an incorrect patient identity

Ireland’s accomplishment also tracks to broader objectives. An NPI is both critical and foundational to objectives around patient engagement, population health and safety – including how this will ultimately play into any national electronic health record system. I could reference the critical importance of an NPI for “interoperability” here in the U.S. – but I’ll just bite my tongue.

The Health Identifiers Act (HIA) – which Ireland passed in July, 2014 – also had an interesting intersect with U.S. legislation. The HIA had this language:

PART 2

INDIVIDUAL HEALTH IDENTIFIERS

5. Assignment of individual health identifier

6. Establishment and maintenance of National Register of Individual Health Identifiers

PART 3

HEALTH SERVICES PROVIDER IDENTIFIERS

13. Assignment of health services provider identifier

14. Establishment and maintenance of National Register of Health Services Provider Identifiers

If that sounds remotely familiar – here’s the U.S. version – as incorporated into HIPAA (passed in 1996):

UNIQUE HEALTH IDENTIFIERS.— “(1) IN GENERAL,—The Secretary shall adopt standards providing for a standard unique health identifier for each individual, employer, health plan, and health care provider for use in the health care system.”

The needs are identical – whether you’re a country the size of 320 million – or one the size of Ireland.

Of course, here in the U.S., theoretical concerns around privacy caused such enormous heartburn that Congress simply de-funded the original intent (which is similar to the way they de-funded the “risk corridors” last year) – but I digress. The point here is that unfounded and unrealistic concerns around privacy derailed our effort to implement a national standard recognized as critical (and part of healthcare legislation) more than 20 years ago. Was it truly for privacy issues – or was it intentional for other reasons? We’ll get there.

I say the reasons around privacy were unfounded and unrealistic because what we have today in the way of algorithmic patient matching isn’t just less safe – it’s also less secure. The safety issue is well documented – and that’s the primary basis for the CHIME Challenge.

In an environmental scan in 2014, the Office of the National Coordinator for Health Information Technology found that the best error rate is around 7%.  Worse still, the error rate is usually closer to 10 to 20 percent within a healthcare entity and it rises to 50 to 60 percent when entities exchange with each other.

Wow. That’s painful – how could it possibly get worse? It’s worse because that’s just the safety component. The security component actually compounds the safety risk because any identification number used for patient matching – say a proprietary master patient identifier or Social Security number – is, by definition, less secure because it has less legal protection.

Security and privacy could actually be strengthened with a unique patient identifier. A unique patient identifier, once developed, would immediately become protected health information (PHI) under federal and (applicable) state law. RANDIdentity Crisis? (2008)

The American Health Information Management Association (AHIMA) was the latest U.S. healthcare organization to join our long running battle for an NPI. Unfortunately, the AHIMA petition (launched in March) needed 100,000 signatures and secured less than 9,000. This wasn’t for an actual NPI, mind you, this was simply to remove the federal budget ban to think about a patient safety identifier.

But here’s the thing. I know why we won’t make progress here – today, tomorrow, or even this decade. It’s intentional. In my opinion, it’s also criminal. How do I know this? Because there’s another big regulatory challenge with a very similar profile just one aisle over – and it often gushes blood into our emergency rooms. It’s the gun aisle. How is it remotely similar? Here’s the opening story in a recent article – and the money quote:

Say there’s a murder. Blood everywhere, a dead guy on the floor. The cops come in with their yellow tape, chalk line, the little booties, cameras, swabs, the fingerprint dust. One of them finds a gun on the floor. The gun! He lifts it with his pinkie, examines it, takes note of the serial number. Back at the station, they run a trace on the gun. A name pops up. It’s the wife! Or: It’s the business partner! It’s somebody’s gun, and this is so exciting because now they know who did it.

Except—no. You are watching too much TV. It doesn’t work like that.

“Think,” says Charlie Houser, a federal agent with the ATF.

The cops run a trace on a gun? What does that even mean? A name pops up? From where? There’s some master list somewhere? Like, for all the guns all over the world, there’s a master list that started with the No. 1 (when? World War I? Civil War? Russian Revolution? when?), and in the year 2016 we are now up to No. 14 gazillion whatever, and every single one of those serial numbers has a gun owner’s name attached to it on some giant list somewhere (where?), which, thank God, a big computer is keeping track of?

“People don’t think,” Charlie tells me. “I get e-mails even from police saying, ‘Can you type in the serial number and tell me who the gun is registered to?’ Every week. They think it’s like a VIN number on a car. Even police. Police from everywhere. ‘Hey, can you guys hurry up and type that number in?’ ”

“It’s a shoestring budget. It’s a bunch of friggin’ boxes. All half-ass records.”

So here’s a news flash, from Charlie: “We ain’t got a registration system. Ain’t nobody registering no damn guns.”

Here’s the quote from that same article:

There is no national database of guns. We have no centralized record of who owns all the firearms we so vigorously debate, no hard data regarding how many people own them, how many of them are bought or sold, or how many even exist.

Sound familiar – right? It’s a great article with a great headline: Inside the Federal Bureau of Way Too Many Guns

And that’s why Ireland has a National Patient Identifier and we don’t. We have the technical and economic prowess to trump anything Ireland – or literally any other industrialized country can do. We could implement an NPI – if we wanted to – if there was no artificially induced congressional budget ban. The rationale against one sounds legit – privacy – but it’s a smokescreen.

The reason we don’t have a national gun database and an NPI are the same. I wouldn’t go as far as to say that vested interests are preventing an NPI (although that’s clearly the case with the NRA and a gun database), but let’s just say it’s just not anyone’s legislative priority. There’s no money for it and Congress ain’t gonna ante up voluntarily. That’s not criminal intent – but it does qualify as criminal negligence. There are lots of legal definitions for that phrase, of course, but a good general one is “the indifference or disregard for human life or for the safety of people.”

And make no mistake, that’s exactly what a NPI delivers – better safety and security than the status quo. Maybe CHIME can nudge Congress into action. Clearly the petition path doesn’t work.

[May 2018 Update]

Like many, I was clearly hopeful, but as of November 2017, CHIME has officially suspended the National Patient ID Challenge.

Though we’ve made great progress and moved the industry forward in many ways through the challenge, we ultimately did not achieve the results we sought to this complex problem. We decided the best course of addressing this patient safety hazard is to redirect our attention and resources to another strategy. Russell Branzell – CHIME CEO

Digital Health Lessons From BART

By

Then President Nixon (with wife Pat) at BART Station in 1972

If you don’t know history, then you don’t know anything. You are a leaf that doesn’t know it is part of a tree. Michael Crichton

In most of Europe, mass transit is so affordable and ubiquitous it’s largely assumed. Clearly the economics play an important role because gas is comparatively expensive. Most of Europe is over $5 a gallon today – and Italy and the Netherlands are both over $6. As of April 11, Norway is $6.78 and Hong Kong is $6.85.

The economics to public transportation here in the U.S. tilts heavily toward an entire economy (social and financial) built around vehicle ownership. Comparatively low fuel prices help, but the furor over the lack of European style affordable (and cohesive) mass transit usually starts when gas prices spike over an arbitrary but noticeable index. $5 could well be that index.

It’s easy to understand the original logic of American suburbia because oceans of land were cheaper outside of the city, less congested, and more amenable to raising families, back-yard activities, parks, and shopping malls. As concentric circles, suburbia grew further and further away from city centers, requiring longer distances and commutes using personal transportation.

The historic result of this is that many metropolitan cities in the U.S. continue to struggle with affordable mass transit at scale. Just this year both Washington, D.C. and San Francisco hit major roadblocks with key elements of their metro transit systems.

All of which brings us to one system in particular known as (San Francisco) Bay Area Rapid Transit – or just BART. Like the headline quote by author Michael Crichton, the history to BART has lessons that go well beyond mass transit – and run headlong into a new generation of designers and engineers – including those in software and healthcare IT.

But first a little of that history.

The “Pacific Railroad Acts” were a series of Congressional acts that actively promoted the construction of a transcontinental railroad (the “Pacific Railroad”) in the United States. This was largely accomplished through the issuance of government bonds and large land grants to the big railroad companies of that time.

The first “act” was the Pacific Railroad Act of 1862 – which had an incredibly long name:

An Act to aid in the Construction of a Railroad and Telegraph Line from the Missouri River to the Pacific Ocean, and to secure to the Government the Use of the same for Postal, Military and Other Purposes.

Buried in the actual legislation – from an era when there was a fully functional government – is this gold nugget.

The track upon the entire line of railroad and branches shall be of uniform width, to be determined by the President of the United States, so that, when completed, cars can be run from the Missouri River to the Pacific Coast. 37th Congress – 2nd Session – Section 12 – 2nd Sentence (page 495)

Even then, it didn’t take engineering arguments to understand the value and benefit of a standard – and mandated – track gauge. With some minor exceptions (like rapid transit systems and streetcars) the majority of railroad gauges in the U.S. (and North America) remain at 4 feet, 8.5 inches wide to this day.

Wikipedia summarized both the obvious and extended benefits of this reasonably well.

As well as the usual reasons for having one gauge (i.e. being able to operate through trains without transfer arrangements), the North American continent-wide system of freight car interchange with rolling stock having the same standard gauge, couplings, and air brakes meant that individual companies could minimize their rolling stock requirements by borrowing from other companies.

It’s not just passenger convenience – it’s the sizable economics of freight transit by rail.

But San Francisco has always been a tad different – and that included the heady engineering climate during which BART was originally designed and built. Leading the race to the moon, NASA was the engineering envy of the world and large new projects – like BART – were specifically intended to be both “space-aged” and “state-of-the-art.” Like a line out of the movie Jurassic Park (novel and screenplay by Michael Crichton) they “spared no expense” when it came to design thinking.

Back when BART was created, (the designers) were absolutely determined to establish a new product, and they intended to export it around the world. They may have gotten a little ahead of themselves using new technology. Although it worked, it was extremely complex for the time period, and they never did export the equipment because it was so difficult for other countries to install and maintain. Rod Diridon, Emeritus Executive Director of the Mineta Transportation Institute in San Jose (as quoted in the San Jose Mercury News – March 25, 2016).

Almost everything about BART was new – and different – starting with a critical and foundational component; a unique track gauge of 5 feet 6 inches. Since BART was designed to be standalone (not connected to other rail systems), the unique track gauge was considered a bold and compelling design feature at the time, but like all things engineering, that fateful decision led to a cascading string of other requirements – including custom-made wheel sets, brake assemblies and track repair vehicles – all to match the unique track gauge.

Yet another design “innovation” was a flat-edge rail that requires more maintenance and is actually noisier. Custom aluminum wheels (to reduce weight) with stainless steel “tires” (to reduce noise) were added with no real thought as to long-term maintenance, repair, or replacement.

The 1,000-volt traction power system was also cutting-edge – and unique. Even some of the small electrical components (which are breaking now with some frequency) are expensive and can “usually take 22 weeks to order.” Earlier this year (after a significant service interruption) BART announced the need to buy 100 “thyristors” at a cost of $1,000 each.

Thyristors are the small group of white rings just above and to the right-of-center in this picture

At the very heart of this modern marvel was a computer system that was “state-of-the-art” when it first opened to public travel – in 1972. Today, even relatively minor updates to the software can cause system wide crashes for entirely unknown reasons. Some of BART’s maintenance software still runs on Windows 3.1 (presumably on a secure network). When a system wide software crash does happen, it is literally back to manual switching along the 104-mile system.

Without computers controlling the system’s 400 track switches on the main line, operators had to get out and physically change those switches to ensure that their trains remained on the proper tracks, with each change taking from five to 10 minutes. At some of the more complicated switch points, special crews were sent out to work them. It was all hands on deck. If you were trained and authorized to crank a switch, you were out there. Alicia Trost – BART Spokeswoman (SFGate 11/2013)

At the time of its launch, BART was engineered to accommodate what was considered (at the time) to be a large number of passengers – 100,000 each week. Today it handles over 400,000 – per day – and is the fifth-busiest rapid transit system in the U.S. The enormous stress on the system through the years has caused some to suggest that BART is effectively past “end-of-life” (in the mechanical engineering sense) and on “life support.”

Whether BART is truly on “life support” or not is almost immaterial because there’s a November ballot initiative to raise about $4 billion – just to keep BART running mechanically. It will remain a constant engineering battle – and enormous cost – for as long as the track is stuck at its proprietary 5-foot 6-inch width.

What does any of this have to do with healthcare? When you consider that industry standards around digital data are the modern equivalent to railroad track gauges – it has everything to do with software engineering for healthcare.

Considered enterprise software, large EHR systems in hospitals tend to drive the market and fortunately, over 90% of the inpatient EHR market is divided among 10 sizable vendors.


But unlike the lone BART, there are about 5,600 hospitals in the U.S. In the analog paper world – each hospital was logically an island. All of which is an enormous financial benefit to the software vendors because all the proprietary and unique software requires constant patching, maintenance, and updating.Unfortunately, this gang of 10 is in the business of selling heavily customized software – to accommodate the “unique” and “proprietary” needs of each and every hospital they sell to. Everything from initial design to implementation, training, and maintenance is effectively custom built to each hospital installation. Each hospital installation is effectively a BART, and like BART – standalone. The lack of a data standard for communicating between hospitals is exactly like having a unique track gauge – for each and every hospital.

In hindsight, it’s hard to understand this engineering hubris – for both BART and non-standard EHR software – except that they share roots in the same commercial logic of revenue and profits. Remember, BART was going to build and sell mass-transit systems to other municipalities and countries.

This profit-centric logic has spawned an entire healthcare IT industry that continues to enjoy a healthy and lucrative future – and one that we’re all paying for in a myriad of ways that are both economic and safety related. What we don’t have (lacking a functioning government) are the data standards for patient safety and quality. In effect, our entire healthcare system (including healthcare IT) has been optimized for revenue and profits.

Just this week, ECRI issued their list of Top Ten Patient Safety Concerns for Healthcare Organizations.

Since 2009, when ECRI Institute PSO began collecting patient safety events, we and our partner PSOs have received more than 1.2 million event reports. That means that the 10 patient safety concerns on this list are very real. They are causing harm—often serious harm—to real people.

My only real surprise is that on their top 10 list, patient identification didn’t make #1 – it came in at #2.

During routine reviews of reported events, ECRI Institute analysts discovered that patient identification issues were frequent. And serious consequences were evident.

Is there a solution? Sure, in much the same way that as a country, we determined that if you want to ride a train from Missouri to the Pacific Coast, everyone benefits by having a standard track gauge. Competing commercial interests have no incentive to voluntarily create – let alone agree to one for data in healthcare – and especially one that puts their revenue at risk. Put bluntly, the gang of 10 all risk losing big chunks of revenue if health data is standardized like a track gauge.

Absent a mandated data standard everything done today is just like keeping BART afloat – at huge expense. It will always be the most expensive kind of engineering work because it’s all made-to-order, custom-built and supported – and switching costs are astronomical. BART officially opened in 1972, but the foundational thinking – how to maximize revenue and profits – is very much alive and well in healthcare IT to this day.

History often repeats itself – at sparing no expense.

This article first appeared in Health Standards (April 2016)

Back to Highlights