JULY 7, 2015
NB: This article first appeared as a 3-part series on Health Standards in July of 2015. Much of the insight and information is unchanged ‒ and it is as relevant today in 2020 ‒ as it was over 4 years ago.
(approximately 4,250 words ‒ or about 20 minutes)
The voices around healthcare interoperability are becoming louder, more frequent and more urgent ‒ which is a great thing. Recently the fires were stoked again by both Leonard Kish (here) and then even more urgently by Paul Levy with this provocative headline ‒ “We’ve been swindled.” The key quote by Paul ‒ at least for me ‒ is this one:
Our national interest does not coincide with those corporate strategic interests.
He’s right, of course, but it also made me think of another quote by Florida Governor Rick Scott.
How many businesses do you know that want to cut their revenue in half? That’s why the healthcare industry won’t reform the healthcare industry.
We can debate Rick’s personal credibility for this quote another time, but as the founder of Columbia Hospital Corporation (at age 34) which bought HCA (in 1994) to become (in 1997) the world’s largest commercial healthcare enterprise ‒ his business credibility for this exact quote is beyond debate.
For those who follow me on Forbes ‒ I’ve written about interoperability in healthcare a fair amount starting early last year with a 5‒part series on the topic. That series launched with coverage of a keynote by Malcolm Gladwell (here) at a daylong summit on interoperability sponsored by West Health. The importance of the topic and the intersect with other aspects of healthcare IT (patient safety and cybersecurity to name just two) have prompted me to continue adding coverage to this critically important healthcare topic.
Some of the latest demanding insistence around interoperability in healthcare misses many of the key historical overlaps which I think are worth reviewing. Two in particular.
The world of packet-switching technology had a similar dilemma during the early days of its evolution as the driving force behind the internet using a very young standard called internet protocol (or IP). As a group, the emerging router and switching vendors ‒ names like Cisco, 3Par, Juniper, Brocade, Ascend Communications, and Lucent ‒ even truncated the word so that it could become more manageable.
In that world, interoperability is referenced simply as “interop.” They still hold an annual event called simply Interop ‒ but the needs around basic packet switching have been largely resolved (or avoided) and so the needs have greatly diminished ‒ as has the size and scope of the annual event.
Before moving to Las Vegas in 1994, the show attracted about 65,000 attendees and then consumed the Las Vegas Convention Center, often in its entirety. Today it’s a much smaller event at the Mandalay Bay with about 10,000 attendees each spring and about 300 vendors. In fairness, Interop now has four distinct venues around the world ‒ so the show is more globally dispersed. For purposes of comparison ‒ HIMSS ‒ the annual healthcare IT extravaganza is well on its way to about 40,000 in attendance and over 1,000 vendors.
My point with that is simply to recognize the trajectory and intersect of an important technical discipline ‒ networking and data interop. Whether we realize it or not we’ve successfully navigated the unknowns of network interop for over 45 years. That world has had its battles and most of those have been successfully navigated or avoided outright. Today, the global internet largely works (and sometimes fails) because of those technical and business settlements.
That’s not to say all is perfect harmony or without big glaring challenges, however, and that’s the technical vulnerability of networks that interoperate easily (security and privacy). I’ve also written about the challenge of security and privacy because it intersects so directly with what’s becoming the richest single gathering of individual data at scale ‒ our health data.
Part 2:
In Part 1 of this three-part series we saw how the world of packet-switching technology truncated the word “interoperability” to just “interop” and how that world successfully navigated many of the early technical challenges inherent in building an infrastructure for the benefit of an entire vendor community and global industry.
The parallels are similar to healthcare except for a few key variables ‒ and one in particular. A lack of urgency by many in the healthcare IT community to act cooperatively for the benefit of both consumers and an entire industry. Given the life-and-death consequence associated with health data interop some consider this to be outright criminal negligence ‒ even if there’s no legal basis for prosecution. Those are serious ‒ some might say exaggerated ‒ charges. Legal matters are for the courts to decide, of course, but here are some useful definitions:
Negligence: Failure to act with the prudence that a reasonable person would exercise under the same circumstances.
Criminal negligence: Recklessly acting without reasonable caution and putting another person at risk of injury or death (or failing to do something with the same consequences).
In fairness, it’s not entirely the fault of vendors who design and sell software. As a software engineer myself, I know that all too often it’s the buyers who pay for design specs that protect their commercial interests as well ‒ so it’s really a shared culpability.
Today, most of the focus for healthcare interop revolves around the lack of Electronic Health Records (EHR) to easily share patient data, but that’s only part of the whole story. There’s also an urgent need for broader healthcare interop that includes medical devices, wearables and other sensors that are destined for our health future. Many of these devices are also hampered by lack of data interop ‒ and in some cases ‒ even direct patient access. In these battles, patients are caught squarely in the middle of competing commercial interests around systems that have been optimized for revenue and profits ‒ not safety and quality. Two patient cases highlight the challenge beyond just the EHR.
In November 2011, Hugo Campos took to the TEDx stage in Cambridge to share the story of his implantable cardiac defibrillator (ICD). While the device literally collects every beat of his heart, the manufacturer (Medtronic) considers the digital data “stream” to be their rightful and legal property. An entirely separate device (used to capture the data for clinical interpretation) is also proprietary to Medtronic as a part of the closed-loop ICD “system.” Hugo is the host for their device ‒ but not considered an active participant.
In the world of medical devices, the truly antiquated thinking has often been that patient access to this type of clinical data is simply inappropriate and should only be collected and interpreted by clinicians. Using this antiquated logic, why should the format be anything BUT proprietary?
As a Type-1 Diabetic, Anna McCollister‒Slipp described her frustration in trying to manage data from four different electronic devices (clinically prescribed) because each of the devices has its own proprietary data formats.
These are amazing machines – it’s incredible technology – and the care of diabetes has improved dramatically because of them and because of some of the newer insulins that we have on the market. However, one of the most important things for me and for others like me with Type 1 in terms of managing our disease is understanding [the] patterns and right now all of my medical devices use different data formats, different data standards [and] they don’t communicate. The View of Digital Health From an ‘Engaged Patient’ – Forbes
Dr. Bob Wachter described the history behind some of the more immediate challenges with EHR software (including a 39‒fold overdose of a common antibiotic) in his recent book ‒ The Digital Doctor. The book should be required reading (almost a textbook) for everyone in healthcare IT because understanding the history of “wiring healthcare” (his phrase) is critical to understanding many of the current business tensions. Not surprisingly, he also arrived at a conclusion that many of us have been arguing for years.
“Underlying many of the discussions regarding personal health records, health exchanges, and interoperability is the need for a universal patient identifier, and ultimately a universal patient record that would be accessible anywhere to you or others who need it. Congress passed and President Clinton signed a law banning the use of federal funding to create such a number. This means that any effort to share records between hospitals, or even to access your medical history if you arrive at the ER unconscious, has to begin by solving the high-stakes Sudoku game of figuring out who the hell you are.” [bold emphasis mine ‒ page 189 of The Digital Doctor]
This particular “Sudoku game” is fraught with errors. In a 2012 Recommendation to Congress HIMSS cited this sobering statistic.
Patient-data mismatches remain a significant and growing problem. According to industry estimates, between eight and 14 percent of medical records include erroneous information tied to an incorrect patient identity. The result is increased costs estimated at hundreds of millions of dollars per year to correct information. These errors can result in serious risks to patient safety. Mismatches, which already occur at a significant rate within individual institutions and systems will significantly increase when entities communicate among each other via HIE ‒ a Meaningful Use Stage 2 requirement ‒ that may be using different systems, different matching algorithms, and different data dictionaries.
Dr. Wachter found additional support from Michael Blum (CIO of UCSF Medical Center) who called the Congressional ban on establishing a universal patient identifier “the biggest single failure in the history of health IT legislation.” [page 189 of The Digital Doctor]
The natural fear ‒ and the one that has derailed all efforts to this point ‒ remains patient privacy. That’s not an unreasonable fear because in the course of less than 12 months, the U.S. healthcare system lost almost 96 million records (about 30% of the U.S. population) to cybertheft. This happened without a national patient identifier. That’s not to say the records would have been safe by simply adding a national patient identifier, but we need more technical security ‒ including an intelligent identifier ‒ not just a name, social security number and home address.
The technical reality is that without modern data standards in healthcare, our personal health information is at greater risk as long as we rely on antiquated methods of simple numbers and text fields (that are prone to easy data entry errors ‒ and then require complex games of Sudoku to figure out who the hell we are).
Healthcare is certainly not unique as an industry that has struggled with standards. Without going into the rich and colorful history of health IT standards ‒ competing commercial interests often create an endless loop. This loop isn’t unique to healthcare, of course, but the stakes in healthcare are quite literally measured in human lives.
There is, however, another industry that does parallel healthcare in some important ways relative to data interop and the comparison might be surprising ‒ auto manufacturing.
Auto manufacturing had a interesting data interop problem from about 1954 to 1981. During those years ‒ as auto manufacturing was growing rapidly ‒ each auto manufacturer developed their own vehicle identification numbering system. Chaos ensued in that it was virtually impossible to track vehicles quickly ‒ let alone nationally. Vehicle tracking is important across at least five important vectors.
- Theft
- Accidents
- Damage (floods, tornadoes etc…)
- Recalls
- “Lemons”
Like the healthcare industry, auto manufacturing also has many stakeholders with a wide range of needs to track vehicles nationally and quickly.
- Consumers
- Law enforcement
- Insurance companies
- Manufacturers
- Legislation around vehicle and consumer safety
Much like healthcare, transportation (including vehicle identification) is largely an issue of consumer safety.
So, in 1981, the National Highway Traffic Safety Administration (NHTSA) mandated the use of a 17 character VIN (based on International Standard Organization ‒ ISO 3779), and while it’s not perfect – it does make it much easier to track cars nationally with relative ease. It has become so successful that auto manufacturers now stamp the VIN on almost all of the major components of each new car. The success of CarFax today hinges not on being able to get the information quickly online ‒ but the underlying VIN standard for tracking cars nationally from assembly to salvage ‒ and every step in between. It’s a simple database query.
Part 3
In Part 2 of this series we saw how Vehicle Identification Numbers (VINs) were established by the National Highway Transportation and Safety Administration (NHTSA) and how they brought order to the chaos of vehicle tracking on a national scale.
In fact, there’s a much larger list of NHTSA standards beyond just vehicle identification. Under Title 49 of the United States Code, Chapter 301 ‒ Motor Vehicle Safety ‒ the NHTSA has a legislative mandate to issue Federal Motor Vehicle Safety Standards (FMVSS) and Regulations “to which manufacturers of motor vehicle and equipment items must conform and certify compliance.”
With some dating as far back as 1968, Part 571 of FMVSS lists a range of standards around just one safety category called Crash Avoidance. To understand the level of detail, here are the first four standards in that sub-category.
- Standard No. 101 ‒ Controls and Displays
- Standard No. 102 ‒ Transmission Shift Lever Sequence
- Standard No. 103 ‒ Windshield Defrosting and Defogging
- Standard No. 104 ‒ Windshield Wiping and Washing System
What we’ve collectively determined ‒ and need to consider for healthcare ‒ is the enormous safety benefit that national standards bring to a wide range of industries like motor vehicle manufacturing and air transportation. Relative to our health data, national standards can and should be leveraged for patient safety, security and privacy. First for electronic health records, of course, but also for devices, sensors and apps that collect and manage patient data.
Health data that’s interoperable and searchable is also a core requirement to larger objectives around transforming our healthcare system. Strategies like population health, personalized medicine, patient engagement and Accountable Care Organizations are largely dependent on accurate, near real‒time access to health data by everyone across the entire healthcare delivery ecosystem. Absent these basic capabilities, the U.S. is falling behind other countries that are able to forge ahead as true pioneers.
Finland is among the first countries to consolidate EHR data as a way to build a national patient archive. They see true population health as not only a strategic and competitive advantage for the whole country (population of about 5.5 million), but also as way to build patient trust around sensitive health information.
So far, people are really rather happy about these services, not just because the information is available at their fingertips but also because they think it is a good way to guarantee data security. When they check their information, they can also access a log that tells them exactly which organizations have been looking at their data – and this helps build trust in the system. Anne Kallio, Head of Development at the Ministry of Social Affairs and Health in Finland
The American system, on the other hand, has elected to optimize health data for revenue and profits ‒ not safety and quality. In our system, health data is used for billing, of course, but it’s also considered proprietary and siloed as a way to intentionally lock patients into networks of health plans and/or provider networks. Sometimes our health data is de-identified and sold to the highest bidder.
In other cases, providers charge patients a “copy fee” for accessing their own health data. Naturally, the higher the fee, the less likely we are as patients to switch providers. A recent study proves the captive effect of higher costs for patients to access their own health data.
In states that imposed caps on fees for medical records, patients changed their primary doctors 11% more frequently and their specialty doctors 13% more frequently. The Hidden Cost in Changing Doctors [Stanford Graduate School of Business ‒ June, 2015]
Revenue aside, we’ve also created a culture of fear around protecting data that is so irrational that it often trumps clinical safety outright. Paul Levy described a recent example with his article ‒ We’ve Been Swindled.
Upon arrival, he was whisked through the ED and was being prepped for surgery, but the doctors wanted to have a clearer sense of the location of the [kidney] stones. His kidneys were in no condition to have another CT with contrast, and so they wanted to look at the CT scan that had been taken just an hour earlier at the urgent care facility. There was no way to electronically deliver the image to the BWH team.
To solve this basic lack of simple transferability (unrelated to the more complex task of interoperability), the CT scan was burned onto a thumb drive and walked (0.3 miles) for hand delivery. This isn’t just absurd or comical in 2015 ‒ it’s morally repugnant and indefensible. In cases like this (and countless others), technology is an outright impediment to life‒saving clinical care. The charade here is that vendors, payers and providers are uniform in their insistence that this is necessary to “protect our privacy.”
Standards that do allow for communication in healthcare are largely the domain and primary function of several organizations, such as Health Level Seven International (HL7).
Founded in 1987, Health Level Seven International (HL7) is a not-for-profit, ANSI-accredited standards developing organization dedicated to providing a comprehensive framework and related standards for the exchange, integration, sharing, and retrieval of electronic health information that supports clinical practice and the management, delivery and evaluation of health services. HL7’s 2,300+ members include approximately 500 corporate members who represent more than 90% of the information systems vendors serving healthcare.
Without going into the history of the standards work HL7 International has done successfully for the last 28 years, there’s an exciting development with a new standard called Fast Health Interoperable Resources or FHIR (pronounced ‘fire’). Adding fuel to the excitement are quotes like this.
FHIR is the “HTML” of healthcare. It’s based on clinical modeling by experts but does not require implementers to understand those details. Historically healthcare standard were easy for designers and hard for implementors. FHIR has focused on ease of implementation. John Halamka ‒ CIO at Harvard and Beth Israel Deaconess Medical Center ‒ Setting Healthcare Interop on Fire ‒ Forbes
Today, FHIR is working its way to becoming an official standard in healthcare. Later this fall, it will move from DSTU1 (Draft Standard for Test Use version 1) to DSTU2 ‒ at which point it will be considered enough of a standard to be openly supported (if not officially endorsed) by the Office of the National Coordinator (ONC). Developers have already started building, testing and deploying actual solutions using its framework.
So is FHIR the long awaited answer for true interop in healthcare?
One of the principal architects and lead developers of FHIR is a software engineer named Grahame Grieve. The development of FHIR represents a significant engineering achievement (spanning years and thousands of hours). As the FHIR project lead, his engineering domain expertise on FHIR is literally second to none.
One of several remaining challenges ‒ unsolved by FHIR ‒ is a key field called Master Patient Index ‒ or MPI. FHIR is a “framework” that can easily support an MPI ‒ but it isn’t an MPI itself. An MPI ‒ any MPI ‒ must be developed outside of FHIR (for use with FHIR). Which begs the question ‒ if FHIR is the emerging standard for interop in healthcare ‒ do we even need an MPI? I posed this question to Grahame. His reply was steeped in the engineering tradition and discipline of efficient coding.
Yup. MPI is unavoidable.
FHIR may well be the HTML of healthcare, but we still need an MPI for any system to determine “who the hell we are.” Anyone can generate an MPI of course and every electronic health record solution includes an MPI, but each one is different. There is no standard (and none pending) for this critical field used throughout the entire healthcare delivery ecosystem.
We could have one ‒ we should have one (in much the same way that we have a VIN for vehicles) ‒ but Congress reversed their original intent for this even though it was baked into the 1996 legislation known as HIPAA (see Who Stole U.S. Healthcare Interop?) .
The original legislation called for the creation of a National Provider Identifier and a National Patient Identifier. The Provider Identifier was implemented, but the Patient Identifier was subsequently “de-funded.” In effect, HHS (and by extension ONC) is legally banned from any work toward a National Patient Identifier ‒ which is equally reprehensible and indefensible. This isn’t the fault of HHS/ONC, of course, but it is absolutely the fault of Congress.
“It’s time that Congress recognize the inability to accurately identify patients is fundamentally a patient safety issue. CHIME Interim Vice President of Public Policy Leslie Krigstein ‒ Patient ID Highlighted as Barrier to Interoperability during Senate HELP Hearing
A false positive match occurs when two truly non-matching records are declared to match, while a false negative match occurs when two truly matching records are declared to be a non-match. While a majority of CIOs believe their false negative and false positive error rates are at or below industry standard, a considerable percentage believe their health records have rates that far exceed 8 percent.“Of the nearly 65 percent of CIOs reporting use of unique identifiers, over half (58%) are using at least one other strategy – probabilistic, deterministic, biometric, etc. Yet, even with the use of such varied strategies, false negative and false positive error rates are still unacceptably high.” Summary of CHIME Suvery on Patient Data‒Matching ‒ May, 2012
Clearly many of the healthcare industries largest associations also agree with this assessment. I’ll close with this lengthy passage from one such coalition which wrote to Congress in May of 2011. (bold emphasis mine).
“An informed national-level patient identity solution would enhance, not compromise, the privacy and security of patient health information. An informed national-level patient identity solution does not mean a national identity number or card. Technological advances now allow for much more sophisticated solutions including patient onsent, voluntary patient identifiers, metadata identification tagging, controlled segmented access, access credentialing, sophisticated algorithms, and other echnologically advanced solutions.
“In the absence of an informed national-level patient identity solution, the states, health IT Regional Extension Centers (RECs), large health plans, various consortiums, and individual electronic health record vendors have had to develop their own patient identify solutions. As the nation moves forward with greater urgency toward the system-wide adoption of electronic health records, this essential core functionality to ensure the match of a patient with his or her information remains conspicuously absent. The multitude of different solutions and the lack of a national coordinated approach to patient-data matching pose major challenges for our health information infrastructure. Patient safety, privacy, and security depend on getting this core element right and soon.
“An informed identity solution provides unambiguous identification, is cost effective, and is tremendously effective in reducing false negatives in the patient matching process. As a result, an informed patient identity solution is an essential building block to achieving the nationwide exchange of health information, as well as improving patient safety and reducing healthcare costs, fraud, and abuse. As the nation works to achieve the “meaningful use of certified EHR technology” and widespread information exchange, an informed patient identity solution becomes an ever more critical factor for healthcare.”
Letter of Recommendation to Congress by The Coalition for an Informed Patient Identity Integrity Solution ‒ comprised of the American Health Information Management Association (AHIMA); American Medical Informatics Association (AMIA); Association of Medical Directors of Information Systems (AMDIS); College of Health Information Management Executives (CHIME); Healthcare Information and Management Systems Society (HIMSS); HIT Now Coalition; and the National Association of Healthcare Access Management (NAHAM).
We can debate the logic of comparing vehicle identification to patient identification, but that’s really just an academic distraction. It’s patently obvious that people are not cars, but as long as there are enormous commercial interests that intersect with millions of consumers daily ‒ like auto manufacturing or healthcare ‒ it’s the obligation of every government to tilt the market in favor of safety and quality ‒ not revenue and profits.
Nowhere is this more obvious or critical than healthcare. Driving and air travel are largely optional. Arriving on a gurney at an ER is not. Of all the fears that people may have as passengers on that gurney, the ability to share important, life-saving health data at the point of care shouldn’t be one them.
Until we solve the first riddle of who we are to the healthcare system, true data interop will remain the chew toy of competing commercial interests and the Kabuki dance of “information blocking” will continue unabated. Playing on the fears that we’re somehow safer without a national patient identifier is effective marketing, but it’s technically false. We’re actually less safe (and less private) using an antiquated, 9‒digit numbering system developed in the 1930s.
Mandating a unique ‒ and technically superior ‒ patient identifier may not be the biggest problem in healthcare IT, but it is absolutely the first. Absent this critical standard, we will continue to struggle with competing interests, technical workarounds, and hand‒delivered data. Contrary to the headline question for this series, interoperability isn’t a business or technical challenge at all. Specific to healthcare, it’s really a moral one of the highest priority.