The Health Care Blog

Comments

Spot on, David.
I don't know if we need to do anything to hasten the demise of NHINs... they seem to be having plenty of problems just getting started. There is a lot of new government money going into NHINs and this will be wasted, however.
Hopefully the strengths of the Health Internet PHIN model will prevail. We should do everything we can to make this a success.

All the best,
.Mark

Posted by: MarkS | Nov 16, 2009 6:23:53 AM

What about the French system? They've been using the Carte Vitle for over a decade now. Why is it that articles like this never discuss how EHRs are managed there?

Posted by: Karen Mitchell | Nov 16, 2009 6:27:43 AM

Dear Mark and Karen: Thanks for your comments. Karen, please write another comment and tell us about the French Carte Vitale, how it's used, etc. Mark, I think there's still time for some of the HIE activity to shift gears and utilize the Health Internet. I know of a couple of these efforts that are planning to focus on a Continuity of Care Record exchange among providers, using either Google Health or HealthVault, or both, as the patients' PHR component. This could turn out to be more manageable from a cost perspective, and make the HIE easier to evolve over time.
Regards, DCK

Posted by: David C. Kibbe, MD MBA | Nov 16, 2009 8:58:37 AM

I agree that RHIOs and NHIN networks are old, outdated and very expensive.
I also agree that the Internet is the preferred system to carry health data.
I don't agree with the need for everybody to have a PHR somewhere, and be responsible for aggregating all their data in said PHR. I have great concerns regarding the use of the aggregate data thus collected. I also don't think most people have an interest in actively pursuing such aggregation. The third concern is how will providers view data that is controlled and presented by the patient (oops, consumer).

What I want to see is similar to something the financial industry is doing. Like many people I have all sorts of accounts with various institutions. I can log into my Fidelity account and connect all my other accounts by providing proper credentials for each. Fidelity then will display all the disparate information in one dashboard. Fidelity is not aggregating my financial data. The integration occurs "on the glass" (on the screen only) or Just In Time (JIT) for me to see and peruse.

What I want is for my primary care doctor (remember, we want to strengthen primary care) to create this sort of portal for me. I will control the list of providers that I want to aggregate on the fly and I will control who I want to have access to this tool, other than my PCP.
I don't want a "free" PHR from MegaSearchEngines R Us. I fully expect my PCP to charge an honest fee for the service. I don't want to have to view Viagra ads just because I'm a 60 year old male in good health and I don't want to receive 20% off coupons for the neighborhood mortuary as soon as I am diagnosed with a brain tumor.

I want my trusted (yes, trusted) primary care doc, my family and myself to have a place to go for good up to date information on my health status. We'll share it if we so desire.

From a technology perspective, it is not at all difficult to accomplish. A bunch of published web services with proper addressing and credentialing infrastructure is all it would take and we have the technology to do all that today.

Posted by: Margalit Gur-Arie | Nov 16, 2009 11:13:34 AM

Margalit: Thanks for your, as always, thoughtful comment.
Let me ask a practical question. Suppose I'm your physician, and as part of my health IT system, I offer you a PHR at Google Health, or HealthVault, or Keas.

Suppose that means that the ePrescribing, lab viewer, population registry, and other components of my EHR system are all integrated with your Google Health account, such that the data from my workflow activities involved in your health and wellness will move to Google Health, provided of course you give permission for this to happen.

Does this work for you? Or do you think that I need to pay for my own PHR application that I offer you? Would that make it necessarily better than Google Health or HealthVault?

What if the American Academy of Family Physicians were to contract with Google Health, or Salesforce.com, or some entity to provide you, my patient, with these services, free of charge to both doctor/me, and patient/you?

Does that increase your trust or make the value higher to you?

Honestly seeking answers and opinions, not trying to get specific answers...

Kind regards, DCK

Posted by: David C. Kibbe, MD MBA | Nov 16, 2009 11:29:40 AM

Karen, please write another comment and tell us about the French Carte Vitale, how it's used, etc. - David

Umm...that's really my point: how can you write about evolving medical record systems without even mentioning the way other countries have approached the issue?

The French have a longstanding tradition that the medical record belongs to the patient -- not the provider or the payors. Paper portfolios were replaced over 10 years ago with a card that contains a chip to hold the patient's medical history. Providers can read the encrypted information with special readers and add new notes. It's also a payment card so billing information is automatically forwarded to the patients appropriate national fund and his chosen supplementary insurer.

Germany, which has long had a health payment card to automatically bill the patient's insurance company, recently added prescription details and has been working on a combined medical record/payment card too.

As with alternate health care financing, experts in the US seem curiously resistent to examining what is actually working elsewhere.

Posted by: Karen Mitchell | Nov 16, 2009 1:50:02 PM

David,

Here are my three immediate concerns with that approach:

1) Data integrity - I prefer that data is not aggregated in one place, but kept in all the various provider systems that have originally generated it, since both accuracy and reliability would be better if the aggregation is done in real time. This could probably be mediated by better technology.

2) Privacy and Security - Large repositories of complete medical records are not conducive to either privacy or security. The drive to aggregate data in huge repositories, or big databases in the sky, has multiple reasons. Some legitimate, some less so.
I would like to remove the temptation to monetize such treasure in ways that are detrimental to the consumer. Providers are bound by HIPAA. I am not certain what those third party PHRs are bound by and reading the various privacy policies does not put my concerns to rest.

3) Advertisement - I also have a problem with targeted ads. If you as my doctor want to contract with a third party PHR, then I trust that you would pick one that is not used as a tool to increase health care costs by peddling the latest and greatest brand name prescription drugs.
To go back to my banking examples, there are no ads on any of my financial websites. When I log into my bank account, I am a respected customer, not a generalized consumer persona that is presented all sorts of third party consuming opportunities. I want the same respect from my doctor.

Finally a general comment. There doesn't seem to be a mad rush for PHRs. If we are really serious about data availability, I believe the drivers should be placed somewhere else. The primary care setting seems to be the most reasonable, but it will have to be reimbursed.

I need to think about these things some more......

Posted by: Margalit Gur-Arie | Nov 16, 2009 2:25:57 PM

Thanks, David, for essentially saying it: the emperor isn't wearing clothes!

Whether HHS and the ONC care to acknowledge it or not, the concept of an NHIN is and always has been unsound both technologically and fiscally. As recently as last year, I recall reading that Dr. Kolodny, then the National Coordinator, asked the hundreds of attendees at a major healthcare conference in Washington if they thought the NHIN would be built -- and virtually no one raised his/her hand!

The tragedy, though, is that we continue to spend lavishly (the HITECH Act provides $1.2 Billion) to build HIEs within individual states with the idea that these state-based HIEs eventually will be linked to form the NHIN. Assuming we live long enough and can borrow enough from China and others to build and maintain such a monster, what will we have wrought? I submit, a white elephant that no one needs, wants or uses!

While I agree wholeheartedly with your conclusions about the NHIN, I'm afraid I can't agree with your solution. That emperor is naked, too. In my opinion, your "Health Internet" would be a disaster that would happen over and over again!

In a perfect world where everyone is honest and noble, it would make wonderful sense to store patient health records on Internet-accessible servers. They would be safe, private, and used only in the patient's best interests.

Unfortunately, we do not live in such a world and most consumers, while overwhelmingly wanting to have access to their records themselves and for their care providers to have access to their records, don't want them accessible over the Internet.

Study results dealing with this issue vary but the conclusion is unmistakable. A Markle study found that 80 percent “. . . are concerned about identity theft and fraud” and are concerned that their records might be used for marketing purposes and/or research without their knowledge.

A Lake Research Partners’ study found that “Americans’ top concern about electronic personal health records is potential misuse of their personal data. They found that 92 percent are concerned about identity theft and fraud, and that 89 percent are “very concerned about information getting into the hands of marketers.”

Lest someone think these fears are nothing more than paranoia, think again. More than 216 million records have been stolen or lost globally in recent years (see datalossdb.org) and 85% of US corporations have suffered one or more data breaches! And these examples don't even address the breaches our supposedly most secure institutions like the White House and the DOD have suffered.

The head of data security for an international media company told me recently that nothing is absolutely secure on the Internet. If a hacker wants to hack into files on the Internet, they'll succeed. And they will try either to show "they can," or because they can sell the information they steal.

Given these facts, I think the public has it right. They understand the problem and risks of storing data on Internet-accessible servers and want no part of it. Count me among these masses.

What puzzles me is why intelligent people in healthcare are blind to these risks. To me, neither Microsoft, Google nor any other well-intentioned organization can guarantee that records accessible over the Internet are secure, private and exclusively under my control.

And does it make sense to disregard the strongly held sentiments of 70% to 90%+ of the public? Wouldn't it be smarter to come up with a solution that the public will embrace? That's where I would put my money (and have).

Posted by: Merle Bushkin | Nov 16, 2009 4:07:13 PM

David,

I share your enthusiasm for the "health internet" but I think you have misrepresented a few things.

First, as far as I know, the FHA's NHIN would use the regular Internet for connectivity between HIEs. That's not the problem. The problem is that the NHIN (and State or regional HIEs) are based on the premise that the provider (physician) is the one who should make the decision where the consumer's data is aggregated for sharing. The provider would presumably pick a "local" HIE, regardless of whether or not the patient/consumer wants his/her data to be hosted via that state's HIE. In my opinion, this is wrong.

Under the Health Internet model, on the other hand, the CONSUMER would get to select where his or her data will be collected and tracked. That selection could be a "health bank" or a PHR, and might not be in the same region as the provider who generated the data, but would (of course) be no more than a URL away, via the Health Internet. And of course, the consumer would have control over access to his or her health data in the chosen location.

The other mistake that is frequently made is to assume that all health data flows are to be treated equally. This is not so. For example, some data flows from the provider's EMR are regulated by existing laws, and will have to flow to the legally-mandated target. Other flows will go elsewhere. Not all data flows have to go through an HIE, though many locally-governed flows probably would use an HIE.

For example, the provider must supply certain reportable data to local departments of health. The provider's eRx data flows to one of the national eRx networks. The provider's "quality measures" may flow to a state-based agency, or to a regional agency, or perhaps to a third-party service provided by his EMR vendor. And of course, the data necessary under HIPAA for "treatment, payment, and healthcare operations" would flow to the proper payer.

But regardless of these legally mandated data flows, the consumer, not the provider, should be able to decide where the "sharing" data goes.

The beauty of the Health Internet model is that every patient can take control of their own data. The data will be available to them regardless of where they live or travel. The data will be exposed to services selected by the consumer via standards-based, simple, Internet-friendly (RESTful) protocols, and not via some overly complex service-oriented architecture that presupposes all of the use-cases.

Posted by: David McCallie | Nov 16, 2009 10:59:09 PM

Thanks give me some information and this information is really helpful for me.
erectile dysfunction

Posted by: MONIKA | Nov 17, 2009 12:18:12 AM

Dear David: Thanks for your comment. You and K2 are completely on the same wavelength here, and advocating for the patient/consumer to make the selection about where his/her data are collected, tracked, and transported.

Your points about the legal constructs that will determine some data flows, e.g. to public health or to CMS for quality reporting, is an important element to give consideration as the Health Internet rolls out. Where the local and national public health institutions fit into all of this has been a somewhat forgotten topic, and for longer than I can remember we've paid too little attention to public health and its IT infrastructure. I'm hoping that, as per Google Flu Trends, there will be new opportunities from the movement of data over the Health Internet to help the public health folks do their jobs well.

Your last paragraph is well worth repeating here:
"The beauty of the Health Internet model is that every patient can take control of their own data. The data will be available to them regardless of where they live or travel. The data will be exposed to services selected by the consumer via standards-based, simple, Internet-friendly (RESTful) protocols, and not via some overly complex service-oriented architecture that presupposes all of the use-cases."

Kind regards, DCK

Posted by: David C. Kibbe, MD MBA | Nov 17, 2009 5:12:08 AM

David,

Connected Health with the "patient at the center" is the future. The phrase "patient at the center" implies that the patient has access to and control of his or her health data.

Most industries have long since figured out how to securely transmit sensitive data over the internet. The Healthcare industry's Health Internet would simply be another manifestation (albeit a high level one) of existing net based technologies.

The Health Internet opens the door for widespread innovation in assisting patients with their own disease management- a facet that will prove essential as the shortage of qualified healthcare professionals becomes reality.

Without quality patient engagement in managing their own healthcare thru innovation, any system is destined to struggle to maintain costs and provide quality outcomes. Putting patients at the center with regards to their own clinical data is a key enabler of this innovation.

Great post David!

Posted by: Thomas Schwieterman MD | Nov 17, 2009 5:49:29 AM

Dear Tom: Thanks for your comment. It made me remember my visit to a local banker in NC in 1997. I had an online account with a larger bank, but when I asked this gentleman about his bank's online check pay and other account features, I got a 20 minutes lecture about how "people will never allow their financial data to be up on the Internet" because it's just too risky. The point being that it takes time to change attitudes, and we're going to find, just as we did with online banking, that the Health Internet will bring out people who can't conceive of online personal data, or whose interests are challenged by it.

On the other hand, your comments are evidence that many physicians have already turned the corner on this set of issues, and can visualize the benefits to their patients/consumers of the Health Internet. Much medicine is still very local, and I think it's important for physicians all across the country to move this agenda forward in the interest of improving quality of care and continuity of care.

Kind regards, DCK

Posted by: David C. Kibbe, MD MBA | Nov 17, 2009 6:22:36 AM

I commend the intent of this posting - to get health information moving. The comments it has elicited are also valuable because they illustrate the problem with equating Google and Microsoft, tethered or un-tethered PHR with an Internet approach.

The Health Internet need not imply or require centralization as implied by dominant "consumer aggregators" such as RHIOs, Google or Microsoft. The Health Internet does not require a PHR.

The Health Internet does require a way for patients to identify themselves electronically to the provider that has their data in order to control the flow of that data. The provider needs to trust the source of that ID, be it a driver's license or a French federal ID card, and the law must require them to release all legally mandated information when presented with an electronic request and an acceptable digital ID.

The Internet takes over from there.

Posted by: Adrian Gropper MD | Nov 17, 2009 7:07:06 AM

David,

You asked Karen for more information about France then ignored her follow up. The key point in the way records are in France is that they belong to the patient. There is no need to construct a vault or portal to providers because the patient always has his record. Providers at all levels get the information from the patient -- which is the exact opposite of what you want to talk about.

Posted by: Mark Kimball | Nov 17, 2009 7:29:26 AM

Hi David,
Good post overall but just have a few points of clarification:

First, the NHIN and the CONNECT platform that the feds built (based on open source) does not use some form of proprietary network, it uses the Internet and with the on-ramping ala CONNECT, just about any coder, representing a RHIO/HIE/hospital etc., can connect into it.

Secondly, the NHIN, as Adrian points out, does not require some uber-database in the sky but works on a federated model. Ye, CONNECT does have a MySQL database associated with it but this is not a requirement for to use the NHIN. Data can be in any number of places and using simple publish/subscribe ala Atlas or something similar, given accounts (say a consumer's) can be updated as new data is added to their file, be it at a hospital, a clinic or PCP.

Third, I draw the distinction between RHIOs and HIEs wherein RHIOs are established by some public entity for promoting public health and HIEs are private networks, established within IDNs for business reasons (most often referrals to the mothership). HIEs have been by and large successful as they have a clear business case for existence, RHIOs, well that's another story.

As for the Health Internet, I do not see it as a radical departure from the NHIN but more as a subtle change in branding by HHS and the desire to re-architect the bloated NHIN CONNECT to something that is more lightweight and readily usable by a broader range of participants, as you rightly point out, Microsoft, Google, Keas and just about any other consumer-facing app/service. This is a very important point as it may finally provide the consumer with an understanding and value proposition that they can get behind for to date, far too much focus at HHS has been on the provider.

If we truly are moving to a consumer/patient-centric care model, it is time to re-architect things like the NHIN in support of such, which it appears at first blush what HHS is now trying to do. Hat's off to them, its about time.

As an FYI, did write a post on the Health Internet with an illustration that other readers may find of value: http://chilmarkresearch.com/2009/10/01/nhin-the-new-health-internet/

Posted by: John@Chilmark | Nov 17, 2009 9:31:49 AM

Dear Mark: I think you're being unkind to say that I ignored Karen's good comment, helping to explain the French Carte Vitale, and something about it's history and use. Her comment was appreciated, and I learned a little more than I knew before. I wasn't aware that I needed to respond further, but I am glad to do so to avoid any hurt feelings. The whole idea of blogging is to encourage sharing of information and opinion, and I really do appreciate your comments.

The card with a chip on it is a good idea. I am eager to know how the data are loaded onto the chip in the first place, and how these data elements are updated over time. Do the French maintain a master patient index nationally, something like a SS# for health identity? Does my doctor update my card at every visit? Can I transfer the data from the card to my computer, or to a web-based account online if I want to do that?

Kind regards, dCK

Posted by: David C. Kibbe, MD MBA | Nov 17, 2009 11:08:17 AM

Dear Adrian: You make a couple of criticisms, and then a very important point. Let me deal with the criticisms first. You and I both know that I would not equate Google Health, or Microsoft HealthVault, or any particular PHR platform, including your own, with the Health Internet.

Our point was simply to give a real world example of how health data are already moving over the Internet today (without what John Moore in his comment describes as a "bloated NHIN CONNECT," which was initially designed not to work on the Internet at all, but to connect RHIOs, that is, private networks, and very large provider organizations.)

While Google Health isn't a requirement for the Health Internet to exist, I want to give credit to both Google and Microsoft, as well as a host of others, like your own company MedCommons, Keas, Dossia, and many, many others, for actually starting to give patients the control over their health data and information, its place of storage, and its reason for transfer. This is what really matters.

Nothing Brian and I said or implied should be taken as an opinion that "centralization" of health data is a necessary component of the Health Internet. "Dominant" consumer aggregators may come into being like the "dominant" banks or "dominant" eCommerce companies have come into being, primarily as a result of consumer demand for a trusted brand to help them collect, organize, and transfer their data. But they should not be obligatory. I have a friend who keeps most of her considerable fortune in $100 bills buried under a building somewhere. No one is forcing her to put her money into a bank, or a brokerage account, and both Brian and I would defend the right of any citizen to refuse to allow his or her health data to be placed in any PHR entity.

So, you're right, the Health Internet doesn't require a PHR. But we never said it did.

Then, you hit the zinger. You said, "The Health Internet does require a way for patients to identify themselves electronically to the provider that has their data in order to control the flow of that data. The provider needs to trust the source of that ID, be it a driver's license or a French federal ID card, and the law must require them to release all legally mandated information when presented with an electronic request and an acceptable digital ID."

This is where the work of the Health Internet really needs to occur, as I know you and I agree. All Brian and I are really saying, is that regional repositories and provider-controlled networks are not necessary for this work to occur. The Internet is a highway that can accomodate patient-controlled health data exchange, provided the rules of the road and a legal system are put in place to help govern the traffic.

Very kind regards, DCK

Posted by: David C. Kibbe, MD MBA | Nov 17, 2009 11:30:32 AM

Dear John Moore: Thanks for your clarifications, but I'm not certain I find them very helpful. First, the fact that CONNECT is open source is important, but let's not equate open source with simple or useful. Just because a piece of code is FOSS doesn't necessarily mean that it works well or is suitable for use. (I'm aware that point of view is heresy, may lightning strike me now, immediately!)

I am, like you, really happy that the folks at ONC, HHS, and the HITSC are re-evaluating CONNECT, and with an eye to making it "lightweight" and useful as a means of moving data across the Internet from providers, to PHRs, etc. etc. It would be great to have this work out well.

But I'm not convinced that CONNECT is even necessary for the Health Internet to function at a high level of security and data integrity. As we've discussed in the past, OpenID/OAuth may be satisfactory for identity management without further layers, at least for basic summary health transfers. Keep it simple, build on what works, rather than impose a system that tries to contemplate all the possible use cases and every type of data that could be transferable.

I'm also not convinced that splitting hairs about RHIOs, HIEs, WHIOs (see Extormity.com news update about the latter), is all that useful an exercise. These efforts certainly may have their benefits, and I hope they are successful in many places around the country. The point is that local or regional repositories of health data are not required for the Health Internet to work, provided patients/consumers have access to the data stored about them in various places like pharmacies, labs, hospitals, and doctors offices.

I'm afraid that many millions of $$ will be spent on these RHIOs and HIEs in the assumption that they are necessary for health data exchange to occur, and that they are foundational building blocks upon which a "NHIN" will be constructed. I think this idea needs to be challenged, and the money better spent.

Kind regards, dCK

Posted by: David C. Kibbe, MD MBA | Nov 17, 2009 11:51:54 AM

OK, since everybody seems to be on this thread, I will ask a few questions.

What exactly is a Health Internet? I don't understand the purpose for having some sort of platform, as open source as it may be. As far as I can tell Internet is Internet and it is already being used for millions of health care transactions. Every lab order and result to/from Quest goes over the regular Internet via web services. Surescripts is accessible via web services and so are eligibility checks with payers. I'm really not sure what these folks are trying to do, complicate things that are already working?

Regarding PHRs and their equivalence to banks, do I have to keep all my money in one bank? Do I really have to transfer the funds from each bank to one chosen bank just to see the balances? What if I want to see all the individual transactions for the last 5 years? That's not really transferable.
Would it be acceptable if I used several banks (i.e. PCP, Hospital, Cardiologist, etc.) and refrained from physical aggregation of records? After all, if I am the consumer and I get to control my medical records, I should have the choice to keep my records from being aggregated, be it by HIEs or RHIOs or commercial PHRs.
This way I don't have to manage anything. I'll access the various banks only if, and when, I need a comprehensive picture of my finances and at that point I can see everything, not just transferable summaries. Other than that, let everything stay where it is.

Posted by: Margalit Gur-Arie | Nov 17, 2009 9:05:36 PM

The statement that the NHIN was "created so that large systems like the VA and the DOD, Kaiser and Geisinger, can exchange data without having to reach the Internet" is blatantly untrue and contrary to everything that the ONC ever published about the NHIN. The NHIN was in fact built to run on the Internet.

Recently five small HIEs (RHIOs) working under the auspices of the California eHealth Collaborative created the ability to share patient data among them over the Internet in a matter of weeks using the NHIN protocols and the open-source code that was created as part of the last NHIN project. The small HIEs which have substantial support for physicians in small practices co-demonstrated with Kaiser. Far from the NHIN being designed to let the big providers ice out small providers it was designed to enable their interaction. In many ways this was a David v. Goliath use of open source software and the NHIN protocols as this the CAeHC is striving to position itself as an alternative to CalRHIO.

There is plenty of room to simplify the NHIN work so far. But we should not conflate the need for healthcare organizations to interact with the very important need for PHRs.

I address this in my recent blog posting "Health 2.0: Take a Lesson From the Web" (http://blogs.gartner.com/wes_rishel/2009/11/18/health-2-0-take-a-lesson-from-the-web/).

Posted by: Wes Rishel | Nov 17, 2009 11:03:23 PM

Dear Wes: Thanks for your comments, and I stand corrected. In the future I'll defer to your excellent blog post for a description of NHIN and CONNECT. I also think that the eHealth Collaborative patient data sharing project you refer to is real and substantial progress, and I'm glad that we agree on the point about simplifying NHIN and the protocols involved, so that health care organizations of all sizes can interact with one another and with PHRs.

However, the example of five RHIOs taking "weeks" to "create the ability" to share data, amongst themselves, is exactly the kind of enterprise and provider/organization control of data that Brian and I along with many others consider to be an insufficient solution, one that well describes the old idea of NHIN, but does not describe the new model Health Internet.

Perhaps we agree on this, too. That would be great.

But I want to emphasize that in my opinion patient-centered health data exchange should not require a RHIO or HIE or a formal NHIN. These constructs may be very useful in some ways in some communities, but they are not the same thing as what David McAllie described above, namely a means of exchange over the Internet by which "(T)he data will be available to them (patients/consumers) regardless of where they live or travel. The data will be exposed to services selected by the consumer via standards-based, simple, Internet-friendly (RESTful) protocols, and not via some overly complex service-oriented architecture that presupposes all of the use-cases."

With kind regards, DCK

Posted by: David C. Kibbe, MD MBA | Nov 18, 2009 12:47:52 AM

Dear Margolit: I think there is "violent agreement" among most commenters and Brian and myself regarding one important thing: individuals (patients/consumers/citizens/people) ought to be able t control their own health data.

If we start with this basic premise, which is clearly stated on the Health Data Rights website http://www.healthdatarights.org/'
then the technology of personal health data storage and transfer can become much simpler to design, build, and implement.

I think the Health Internet is really nothing more complicated than the instantiation of this principle.

Kind regards, DCK

Posted by: David C. Kibbe, MD MBA | Nov 18, 2009 12:54:56 AM

chronic pain narcotic opioids are effective but very dangerous, should be taken with moderation and prescribed by a doctor, medicines like hydrocodone, lortab, vicodin, norco, percocet, oxycontin, are even more commercial and very helpful to people with diseases such as fibromyalgia, chronic pain, Parkinson's, arthritis, should be restricted and controlled as in findrxonline said that the FDA does not permit free marketing for them.

Posted by: Dr. House | Nov 18, 2009 10:46:39 AM

Note that there's a similar discussion at LinkedIn, which I present at this link

Posted by: Steve Beller, PhD | Nov 19, 2009 12:40:01 PM

China is also asking these questions and I have been soliciting interest among backers of an Internet approach to come to 3 meetings next year where this will be discussed. The top university in China is doing a conference which will include HIT for the first time. Also, the upcoming first HIMSS China meeting in May is kind of a watershed to see which way the winds are blowing for a massive government influx.

Google and Microsoft are huge in China, and HealthVault just got a huge national contract. But Perot Systems also just got a contract to do an entire region RHIO. This in a system where there is no money for patient care! I am thinking the Internet way is the only way.

If anybody here is interested in getting involved in the China question let me know.

Bill Boyles, Publisher, Interpro Publications, Washington

Also Director, Global Business Forum on Health helping produce conferences in Chna and Europe

Posted by: William Boyles | Nov 19, 2009 1:16:30 PM

Dr. Kibbe,

I think you are right that " individuals (patients/consumers/citizens/people) ought to be able to control their own health data." So, the health internet really comes down to who can access what information where and when, and who controls the authorizations.

Yes, they ought to be able to control, but must they have to decide who has access and who can control authorizations?

Is it realistic for all patients to actively manage their health information or determine the rules, particularly as we move to into true online collaboration in medicine and patient data is needed by countless different roles?

I read today via Vince Kuratis that 67 clinicians will touch a record in an average 3-day stay. To keep it simple, we'll need some reasonable defaults.

Early indications of folks managing their data have not been all that impressive. PHRs have not seemed to have been met with wild success, mostly because they aren't used by physicians and an overall lack of interest by people who aren't sick or don't have others to care for. Perhaps this will change. But I think maybe the basic crux is that people see a lot of risk in sharing this info online, but few benefits. As all things do, this will all ultimately come down to economics, trust and reward ahead of technology. As you point out, people (physicians, hospitals and patients) will share when they have the incentives to do so.

Anyway, the point is that yes, it'a as simple as authority, but authority and control, but these things can get very, very complex, as has already been indicated by discussions in the Clinical Groupware Collaborative Group.

How do we take a step beyond "let the patient decide?" A worthy goal, and it sound good, but what will it look like?

(BTW- This could all be a paper tiger, not that it should be. We could give authorizations TOS-style, which nobody will ever read and everyone will agree to. If it comes to providing them care, they'll likely give their precious medical info to just about anyone. No denial for pre-existing conditions will solve a big piece of that problem, then we'll just have snoopy employers and neighbors to worry about.)

What will an end solution look like? Great speculative post (http://www.shirky.com/weblog/2009/11/a-speculative-post-on-the-idea-of-algorithmic-authority/) today on what we may be driving toward by Clay Shirkey. Points to the larger issues at hand when we move toward sharing information and trusting information across a unified, coordinated data store. Ultimately, we trust what we know, and our trust is always imperfect. Our brains have pretty complex trust algorithms, and our systems will probably need them, too, to maximize value.

Let's not forget that medicine is by it's very nature a collaborative endeavor, whereas our banking system is not. Health care requires literally hundreds of different people often to review a person's info. Also, there are very clear reasons to share information in the banking system, and very clear benefits. While my bank info may be between me and my bank, and other systems may be entrusted to carry out specific functions with specific data sets, really only me and my bank have full access.

What is it about this blog that gets people to write so profusely? I tried not to, but here we are. Thanks for hearing me out if you go this far. If you want more tangentially related to this topic, see my post from yesterday on the social sphere and the impact on health care:http://www.leonardkish.com/will-the-social-web-save-health-care-and-the

Posted by: Leonard Kish | Nov 19, 2009 1:49:56 PM

Leonard makes good sense. Controlling information access, and authorizations constraining that access, are primary concerns in a collaborative environment such as healthcare where privacy and security are paramount.

With good objective guidance, I contend, patients CAN actively manage their health information and determine the rules by which privacy is maintained. Simple defaults, which patients can override, are part of it. Warnings when patients prevent certain people from viewing/sharing information that’s critical to their care is another. Enabling them to have a granular level of privacy control is another. Using the cloud with caution and taking advantage of local encrypted data stores is another. Addressing all these issues technologically is feasible and need not be overly complex. But it will likely take disruptive innovation that minimizes cost and complexity. I believe this is less of a concern in countries where privacy issues are less important (e.g., China?).

Posted by: Steve Beller, PhD | Nov 19, 2009 2:48:17 PM

Dave,
Thanks for starting this great cascade of comments. I fundamentally agree that a person-oriented approach to health information exchange is likely to be the best way to get information flowing and manage the flow in a way that benefits health. I've led a group for the last 18 months who are planning such a system. The URL above is a link to the wiki for the project. I would like contribute a few points :

- An approach that lets patients control the exchange process allows each individual to manage the process to his/her liking - and to change it as needs change. This avoids the traditional problem of having exchange throttled by third-party disclosure laws and takes advantage of laws/regulations that compel the production (most recently in HITECH - the transmission) of ePHI at patient request. This allows privacy conservatives (akin to the example of the person who hid their money in cash under a building) to have their way without making the vast majority (privacy rationals) have our information flow constrained more than we wish by a lowest common denominator type of regulatory regime.

- A Health Internet approach offers an opportunity to embellish the doctor-patient relationship. For example, a typical person's sharing rule (as applied by a software agent) might be "Here is my doctor. He is technically allowed to send PHI to anyone he wishes and these parties may respond to him." If, at a later time, the patient wishes to change this rule, he/she can. But, while in effect this makes exchange easy for providers and keeps the patient in the loop. This also offers protections against medical identify theft. Requests from non-permitted entities would be denied and even for those who are permitted, the watchful eye of even a small percentage of patients on the exchange activity provides more audit power than e would otherwise be affordable.
-For my taste, the question of whether most patients would use a health internet has been answered by the high use of the PHR system build by Kaiser-Permanente over the last 3-4 years. They now have about 50% penetration (routine users) in every demographic of their patient population - well except for teenagers. Apparently, they are immortal ;-)

- Lastly, recall that the highest objective of our work is to improve health. Improving health care (with HIE or anything else) is intended primarily to improve health. Engaging patients in care has been shown in a variety of settings to improve health; AHRQ posts a number of such studies. While using HIE to improve acute care is a worthy goal, so few of the determinants of health are routinely influenced by acute care, that we will leave a great deal of opportunity on the table if we only focus health internet efforts on improving acute care. The health internet opens the door to supports for improving health beyond acute care while integrated with acute care and should be valued for this reason. For my taste, RWJ’s Project HealthDesign as a great place to see this point in the flesh.

Posted by: Dave Kirby | Nov 19, 2009 3:14:40 PM

With all due respect, ignoring consumer concerns about the security and privacy of Internet-accessible medical records doesn't make the concerns go away or the records more secure. Neither does claiming they are secure when they are not.

If your employer learns you have serious health or psychiatric issues, the probability is you'll lose your job and your insurance -- and have a helluva time getting another job or insurance. These are the kinds of real fears people have and, in my opinion, none of us concerned with improving healthcare IT should ignore or dismiss them as irrelevant. Our challenge is to recognize them and come up with a better solution.

Neither should we take comfort from the oft-repeated but grossly inappropriate comparison of medical records to financial records. That's not even comparing apples versus oranges. It's sense versus nonsense!

What financial record system accessible over the Internet (or otherwise) brings up the records of all your accounts at the one or more banks you deal with? Where can the banker considering your loan or mortgage application access all your bank accounts, brokerage accounts, credit card accounts, 401Ks, pension plans, asset appraisals, safe deposit boxes, etc. to analyze your financial resources and earnings stream? They can't even if you authorize them to do so because no such system exists -- for good reason. The public wouldn't tolerate it!

And what system can the Treasury Department, Federal Reserve System, IRS and other Federal and state agencies go to access these same records of yours and aggregate them with similar records from the rest of the population -- so they can forecast government revenues, identify weaknesses developing in the economy, determine the appropriate interest rates needed to curb inflation or stimulate the economy? They can't. Again, such a system doesn't exist; the public wouldn't tolerate it.

Yet, isn't that what you want to do in healthcare? Under the guise of improving the health of individuals and the public at large, you want to create a system by which care providers can access and aggregate individual patient records! Care to predict how the public will respond?

I submit there is a simpler, cheaper, better way. Instead of storing a patient's medical records on Internet-accessible servers or making it possible to aggregate them via the Internet, give patients physical control of their aggregated medical records. They'll decide how they want them used. They'll give them to their care providers when the providers need them -- and they'll get the improvements in care and reductions in costs they and we want but without the risks and costs associated with Internet-accessible records.

Posted by: Merle Bushkin | Nov 19, 2009 3:41:24 PM

Dear Colleagues: Thanks for your thoughtful comments. This is a topic that gets people excited, and wanting to express their ideas, because I think we sense that health care can be less a commercial venture and more a cooperative endeavor.

The Internet user in rural Montana has greater access to information and knowledge on the human body and mind, health and wellness, and how to treat conditions and illnesses, than anybody living in the 1960's ever did. And more than most doctors today.

What Internet users don't have, generally, is acces to their OWN personal health data. This is because the health care institutions have changed very little, at least in terms of information management, since the 1960's.

It is really very difficult for anyone still to argue that keeping patients/consumers in the dark about their health data and information is good for them or good for society. We are seeing how the status quo is linked to speical interests and our inability to improve care or lower costs.

We all sense that the change is coming, and that it will be a better world when it does.

Kind regards, DCK

Posted by: David C. Kibbe, MD MBA | Nov 20, 2009 5:31:49 AM

I think everybody can agree that patients have a right to see all their medical data and a right to decide who can see what portions of it and be notified of all disclosures of their medical records. I also think that HIPAA already mandates this. The implementation is of course spotty at best.

My pain point with these new proposals is very simple. It is way too complicated. We are trying to replace a paper system, which today accomplishes all this data sharing by fax or copier and from a patient and doctor perspective it's a very simple process.
I know that many patients have difficulty obtaining copies of their medical records, but that has very little to do with the record being paper or electronic.

Internet banking was adopted because it simplified the tasks. Instead of using calculators and writing checks and licking envelopes and stamps, you just click on a couple of check boxes. And it's optional. I don't have to do online banking if I don't want to. The system is computerized with or without my participation.

Unless, we make Internet healthcare equally simple for both doctors and patients, it will not gain adoption. As simple as that. There has to be a hard. measurable advantage to going electronic, or we will never get enough adoption to make it worthwhile.

One of the main reasons doctors are not jumping on the EHR bandwagon is the inherent complexity and the lack of proven hard ROI to the doctor. I submit that the same will happen with consumers and PHRs.
Some folks will be (are) intrigued, others prodded by the insurer and sign on initially. Most will not and many will drop out.
A small minority will use it and love it. These are the same people that are running into access problems today. The PHR is offering a solution for them, but how many folks like that are there? Enough to satisfy Google's business model? I seriously doubt that.

The PHRs that are discussed here and elsewhere require patients to take control of the data. That means setting up the PHR, coming up with provider lists and entering them in the software with proper authorizations for various levels of access. Keeping these authorization lists current. Managing one's credentials and also family members credentials. Making sure that all is up to date. Changing authorizations to various providers and care givers based on changes in health status and on and on....
This sounds like a lot more work than most people need to do, or are doing, now.
I'm certain that having PHRs is better for patients, just like I am certain that having EHRs is better for doctors. I am equally certain that products that complicate a working system by creating more work for people will not be successful, no matter how cool they are, or how hard they are pushed by well meaning interested parties.

Posted by: Margalit Gur-Arie | Nov 20, 2009 7:19:24 AM

Dear David,

I'm all for Internet users in rural Montana, or Vermont where I live, having access "to information and knowledge on the human body and mind, health and wellness, and how to treat conditions and illnesses." Indeed, the Internet is a wonderful source of information and knowledge. But it's not a panacea.

In my opinion, using the Internet to share individuals' medical records is the wrong solution to what we all agree is an urgent problem. The risks are too great. Fortunately, there is no need to take them. We can accomplish the same ends more easily and cheaply with simpler, safer means!

Accordingly, I'm not prepared to make the leap you and others insist upon making, namely, that because the Internet is there we should embrace it as the preferred medium to give individuals access to their medical records, or care providers access to their patients' medical records.

I'm all for a patient-centered medical record system. But we can give patients both access to, and control of, their records without exposing the them to the security and privacy risks inherent in Internet-accessible aggregated personal health records.

If you haven't seen it, I urge you to read Thursday's (11/19/09) NY Times article about efforts to "Fend off Identity Fraud." It starts with a statement from a research study that "9.9 million Americans were victims of identity theft in 2008, up from 8.1 million in 2007." It ends with a statement from the CEO of a company trying to prevent such fraud: "Thieves can't steal what isn't there."

A key premise underlying the MedKaz™ personal health record system we are building is just that. If we don't store masses of patient medical records on Internet-accessible servers, they can't be stolen -- so we don't! We give them to the individual to own and control.

Regards, Merle

Posted by: Merle Bushkin | Nov 20, 2009 7:21:41 AM

This is a demo of the first e-health service (see http://www.senscare.com ) that really measures your physiological signals. It uses your webcam and transform it into a health sensor. Based on optical propagation in biological tissues, it captures skin reflected light to extract hemoglobin variations and thus cardiovascular activity.

Posted by: me | Nov 20, 2009 12:00:35 PM

Margalit,

Are you saying that is isn’t possible for simple data privacy mechanisms to be created that give consumers control over their personal health information?

It seems to me that with a little creativity and adequate field testing, PHRs can accomplish all that’s required. Although I can’t imagine how to deal with the complexity you noted using a purely centralized, monolithic cyber-infrastructure, I can envision how to do it via simple P2P pub/sub node networks.

Let’s take the medical home model, for example. Every PCP (GP) establishes a community of referral, i.e., specialists to whom s/he refers patients as needed. The PCP and specialists would establish connections between their decentralized pub/sub nodes, which would enable them to exchange patient data with a few button clicks. The node-based software they use would automatically populate lists of these network connections; by using the e-mail based system I’ve been presenting, the lists would need little more than each specialist’s name, e-mail address, area clinical licensure, and other possible metadata.

Prior to making a referral, the PCP would discuss with the patient why the referral is being made and explain why a particular specialist is being selected, just like things are currently done. Although no authorization by the patient is needed at this point, the patient may request a different specialist for whatever reason. The PCP would then click a button and the referral e-mail is sent.

Once the PCP receives the specialist’s referral acceptance e-mail, the data for a CCR or CCD (or some similar data set) would be sent in an encrypted data file via e-mail to the specialists. But prior to sending it, the PCP’s node software would determine which data appropriate for that specialist must be excluded from the data file based on the patient’s privacy wishes. These data sharing authorizations would have previously come from the patient’s PHR by having the patient’s node send that information to the PCP’s node at an earlier date. The patient would establish the authorizations by, for example, (a) viewing lists showing the types of data that are appropriate for particular types of specialists (and why they are needed) and (b) enabling the patient to modify the list at any time (with appropriate warnings when data elements are deselected). The lists could be organized hierarchically to ease the viewing and selection process. It would even be possible (although I don’t know if necessary) to have the data set descriptions e-mailed to the patient for approval prior to routing the data file to the specialist.

Posted by: Steve Beller, PhD | Nov 20, 2009 12:51:13 PM

Dr. Beller,
I am not at all saying that it's impossible to create secure and complete access to medical records.
[I don't really know what is meant by "control". My experience in this industry has been that every time someone wants to give you "control" or "empower" you in some way, the net results are that you pay more and/or work more, usually for someone else's benefit.]

I am only suggesting that whatever other considerations may come into play, simplicity and ease of access have to be at the top of the list. That goes for both patients and doctors.

Posted by: Margalit Gur-Arie | Nov 20, 2009 9:26:39 PM

Agreed!

Posted by: Steve Beller, PhD | Nov 21, 2009 4:18:03 AM

Record keeping is purposefully placed out of reach of consumers and as a measure to restrict consumers from gaining information. Copies of records come at 35 cents a Page. Who's records are they?
While Hospitals and Doctors are going to electronic Data and HIPPA has Set Barriers that some call protections. The Consumer hasn't been given access to their own Data.Private Electronic accounts should be afforded to individuals to check and verify the Information is Correct. This would in most cases prevent medical Error and by providing the option to refute inaccuracies would provide greater control to the Patient.
After all the information is shared with Law enforcement, Home Land Security, Insurance and third party organizations. I know for a fact transcription is done in India. The industry outsources nearly everything but it appears that they fear accountability and transparency. Deadly and Deceptive practices lay in the pages of Medical Records.

Posted by: Gary Lampman | Nov 27, 2009 5:49:07 PM

I have provided a graphical view of the NHIN vs Health Internet, here:
http://gershater.wordpress.com/2009/12/02/health-internet-vs-nhin-in-pictures/

Posted by: Jonathan | Dec 2, 2009 12:10:27 AM

I think this discussion of the NHIN RHIO model vs. a "Health Network" ( Centralized vs. Federated model) points to a very important principle in IT and Interoperable, that is, "policy should precede technology".

Posted by: John McLamb, MSIA | Dec 8, 2009 6:44:32 AM

I also would to clarify something by the first post for this article. I think the first post that mention “PHIN” may be confusing in that the PHIN is a “public network” and refers to a technology method or using the Internet as the health network instead of a privately run network.

There is actually a define architecture called “PHIN” or the national Public Health Information Network as in population health and the 10 core services that public health –nation, state, local, tribal government entities provide to the general population. i.e., Early Event Detection, Health Alerting, Countermeasures/Response (vaccinations), surveillance for potential threats (bioterrorism, pandemics, etc.) etc.…

The PHIN was developed by the Center for Disease Control (CDC) and other national partners at the state, local, professional levels back around 2005. I think the genesis was actually the Health Alert Network (HAN) which CDC funded states to develop even earlier in the late 1990's. After 9-11, Congress funded CDC to design and develop a national public health network and infrastructure to support five areas of public or population health disaster management; Early Event Detection (EED), Counter Measures and Response Administration (CRA), Connecting Lab Systems (CLS), Outbreak Management Systems (OMS) and Partner Communication and Alerting (PCA)-PCA covers HAN. PHIN 1.0 was very specific to the above functional domains and activities for supporting those areas in public health at the national, state, local levels.

After the NHIN was initiated by the Bush Administration and charged HHS to deliver, CDC (an agency within HHS) needed to reorganize and align PHIN 1.0 with the NHIN strategy. Thus PHIN 2.0 was born in 2007 and CDC began working with States to comply with the architecture strategy. PHIN 2.0 is a technical architecture that covers all public or population health activities and is much less focused on specific functional requirements but instead focuses on data/vocabulary, messaging and privacy and security standards appropriate to the general healthcare domain defined by NHIN and the Federal Health Architecture (FHA) (HITSP, HL7, NIST, etc.).

I hope this helps clarify what PHIN is and helps to correct/prevent the sometimes confusion in semantics that PHIN refers to a public network and the Internet with PHIN Architecture used by CDC and state, local, tribal public / population health entities.

Posted by: John McLamb, MSIA | Dec 8, 2009 7:48:37 AM

what about the role of the payor organizations . How should they be brought along

Posted by: kevin | Dec 30, 2009 10:07:57 AM

Hello I was looking at your blog and I find very interesting and entertaining, especially if the information is detailed and accurate, I hope you continue posting more items for report and comment.
Greetings.

Posted by: Lucila | Jan 5, 2010 10:09:12 AM

Post a comment

Name:

Email Address:

URL:

Remember personal info?

Comments: