T.P. Caruso & Associates

Envisioning a digital infrastructure for a Learning Health System

Regarding Metadata Standards to Support Nationwide Electronic Health Information Exchange

Comments Off

Comments provided on RIN 0991–AB78: http://ow.ly/6vj4w

Regarding Metadata Standards to Support Nationwide Electronic Health Information Exchange

In this response, we do not address the specific questions posed in the metadata ruling proposal, but rather we argue that these metadata standards solve nothing while creating major security risks for patients.  The PCAST Report argues for tagged data elements for many important reasons:

The best way to manage and store data for advanced data-analytical techniques is to break data down into the smallest individual pieces that make sense to exchange or aggregate. These individual pieces are called “tagged data elements” (TDEs), because each unit of data is accompanied by a mandatory “metadata tag” that describes the attributes, provenance, and required security protections of the data. Universal exchange languages for metadata-tagged data, called “extensible markup languages” are widely and successfully used.

One important feature of such a universal exchange language (UEL) is that they can securely hide associations among the data, since the TDEs can be disassociated from other TDEs making them impossible to be aggregated again without adequate authorization which provides the tools for rebuilding the linkages among the TDEs which adds an additional level of security above and beyond that provided by encryption alone.  Putting metadata tags at the document level simply makes the information easier to find, but it also makes it easier to identify who the information describes since once the document is located, decryption alone gives full access to a set of information about the individual.  If the metadata is the actual patient identifier information, how can this data be maintained as deidentified?

Filed under Comments, New Exchange Architecture, ONC
September 15, 2011

No PHI

Comments Off

A health information cloud (HICloud) doesn’t need Protected Health Information (PHI) to support health information exchange.  You can keep PHI private and locked away in your private, secure databases.  Then you can use a portion of that PHI (e.g. First Name, Last Name, Birth Date and Last Four Digits of Social Security Number), if you are authorized, or you can input your own PHI with a password, to get all the health information that is in the cloud.

Such a HICloud is highly secure from abuse by individuals who want to link health information to PHI, for insurance purposes or employment evaluation, etc., because the PHI is not there to be found linked to anything.  You have to provide the PHI to make the link, but more importantly, but even with the PHI (so you know Name, Birth Date and Last Four Digits of SSN) you still have to be authorized to be receiving information from any PHI you might enter.   You can’t find everyone with a particular symptom, nor can you find everyone who lives in a particular place of a certain age, and you can’t associate that information with health information because that identifying information is not in the HICloud.

A few challenges arise from such HICloud, but they are surmountable.  For instance, dates-related information is needed for proper aggregation of health information, but using relative information such as a stamp that indicates that a particular “chunk” of health information created today was created 20 days after the previous chunk of health information.  Age information can be hidden within categories like 0-4, 5-9, 10-14…older than 80.

The biggest challenge is the use case in which a care provider needs to get health information about an unconscious individual who needs emergency health intervention.   If the individual has the necessary PHI on their person, then there is no problem, but what if all that is known about the individual is where they live, how tall they are, the color of their hair, and the location of a birthmark.  A service could be provided, on a separate system, not directly connected to the HICloud, that allows emergency medical personnel to do searches for PHI.  When the PHI is thought to be found, special authorization could be provided to use that PHI to aggregate that individual’s health information from HICloud.

Secure and privately maintained PHRs, EHRs, and EMRs can contain the necessary PHI for accessing all the health information in the HICloud, but only those with official authorization from the individual who owns the PHI.  Even access to deidentified information about each individual requires a consent from that individual, in case that individual feels insecure sharing even deidentified information.

Such a capability makes sense and is possible.  Furthermore, it makes health information exchange much easier that through a network of health information exchanges, and it provides a means of paying for the costs of the health information storage and health information exchange since those with authorized access to the consented deidentified information can be paying for that access.  Furthermore, a portion of the funds received from organizations searching the consented deidentified information can flow back to the individual providing that information as a further incentive for sharing.   Entire business models can be built around payment for access, health information exchange, and individual consent.

What’s holding us back from building a HICloud that contains NO PHI?

Filed under Think Tanks
September 15, 2011

Let’s Think Different

Comments Off

I wonder whether the author of the Healthcare Technology News blog post called “Think Differently – the sequel” thinks that the ONC and their PCAST Workgroup is actually “Thinking Differently”?  Though it was a good summary of the PCAST HIT Report and the PCAST Workgroup Report released in mid-April, the blog suggested this was thinking differently.  Would Steve Jobs (Mr. Think Differently) say that they are thinking differently?  I think not.  Certainly PCAST thought differently when they published their treatise about health information exchange; however, the ONC and its delegates in the HIT Policy Committee are constrained by legacy thinking.  How do we best go from where we are now to there?  That’s legacy thinking and that’s what ONC is doing with the PCAST Health IT Report.

The Biomedical Informatics Think Tank™ thinks differently: that knowing where we are going does not require knowledge of where we are, but only what we want to be able to do with this new exchange architecture.  We are conceiving a technology that will create a Health Data Cloud (see my latest blogs: Why Build a Health Data Cloud and A Health Data Cloud is a Powerful Tool for Health Research), which will attain the objectives set out in the PCAST Health IT Report: Realizing the Full Potential of Health Information Technology to Improve Healthcare for Americans: The Path Forward:

  1. “Every American will have electronic health records and will have the ability to exercise privacy preferences for how those records are accessed, consistent with law and policy.
  2. Subject to privacy and security rules, a clinician will be able to view all patient data that is available and necessary for treatment. The data will be available across organizational boundaries.
  3. Subject to privacy and security rules, authorized researchers and public health officials will be able to leverage patient data in order to perform multi-patient, multi-entity analyses.”

The technology will be based in the latest thinking with a mathematical foundation for medical semantics, privacy and security in a cloud, social networks that empower individuals, and health ontology.  We start our thinking with what we want and think about the best way to meet those needs with technology that will serve us for a long time into the future.  That thinking is not constrained by current ideas about EHRs and time frames to get new technology standards implemented, a clear constraint of the Health IT Policy Committee’s PCAST Workgroup.  We will be part of a transformation health information exchange through our efforts, just as Apple has been part of the transformation of personal computing since the 70′s.  We think differently, and we invite you to think differently with us.

Here’s some different thinking: ONC should invest in a major effort, exceeding the scale of The Human Genome Project (HGP), to define a New Exchange Architecture with a Universal Exchange Language, and then they can actually build and manage the Health Data Cloud that will be required.  This is just as important as the HGP, and in fact, a continuation of the personalized medicine movement that is partially driven by the results of the HGP.  The HGP cost taxpayers $2.7 billion (HGP Frequently Asked Questions, Oct 2010) and much more was contributed by international government agencies from the UK and other countries, as well as by private and non-profit organizations towards this same goal.  HITECH put ten times this amount, $27 billion into motivating healthcare providers to move into the 21st century of health IT and electronic health record technology.  Only 10% of this funding could transform with a New Exchange Architecture.

Let’s think differently!

Filed under CER, New Exchange Architecture, ONC, PCORI, Think Tanks
June 30, 2011

Why Build a Health Data Cloud?

Comments Off

According to Sharon Begley in a July 2011 Scientific American article titled “The Best Medicine”, Kaiser Permanente can do research studies of data from 8.6 million patients and the VA can do studies on 6 million patients.  Other health care provider organizations are coming together to do research, such as the consortium that includes Cleveland Clinic, Mayo Clinic and four other provider organizations with 10 million records.  A Health Data Cloud in which all health information is stored in one place, the Internet, for easy access by all health researchers, not just those at these particularly large institutions or consortiums, would not only have data from 24.6 million patients from Kaiser Permanente, the VA, and the Cleveland Clinic-Mayo Clinic consortium, it would have records from 100′s of millions of others.  Only in this context could clinical decision support systems be designed to really ask the question: What is the best treatment for each individual, unique patient.

To give this patient the best advice, his doctor needs to be able to know how others like this patient have been advised and how they have fared as a result.  Maximizing the number of patients that doctor can find who are like this particular patient, with similar blood pressure, blood test results, medical history, compliance likelihood (based on various environmental factors like education, values, etc.) and other similar attributes that effect health requires maximizing the number of patients to whom the provider can compare his patient.

Filed under Biomedical IT, CER, New Exchange Architecture, PCORI
June 27, 2011

A Health Data Cloud is Powerful Tool for Health Research

Comments Off

The current effort to bring electronic health record use to healthcare providers, presently funded by the HITECH Act  at a level of $27 billion will create hundreds of thousands of silos, one for each provider organization.  Some similarities and substantial compatibility will be seen by those who share one of the hundreds of possible electronic health record systems.  Each of these silos will use their own standards, as long as they have the standard functionality to meet requirements set by the Office of the National Coordinator (ONC) of Health Information Technology in the Meaningful Use Stage 1 through Stage 3 specifications.  One of these requirements will be to provide interoperability with the Nationwide Health Information Network (NwHIN) specifically for providing “Transition of Care” functionality.  Efforts will also be made to create requirements that increase the ability to do research on the healthcare information across the silos.

This strategy is likely to enhance the sharing of information among providers, but not without large challenges.  Certainly research will also be enhanced once data sharing agreements can be established for use of the healthcare information in the network, and more importantly, once language standards are established so, for instance, an MI in one system is understood as a Myocardial Infarction in all systems.  Implementation of language standards has not even been discussed by the ONC’s Health Standards Committee except to say, with the urging of Chris Chute, a leading proponent of this standardization effort, that a language will be a component of the requirements of Meaningful Use.


The President’s Council of Advisers for Science and Technology (PCAST) in their Health IT Report titled “Realizing the Full Potential of Health Information Technology to Improve Healthcare for Americans: The Path Forward“ released in December 2010, recommended a novel approach to health information exchange which would require metadata tagging of atomic data elements that they called a Universal Exchange Language.  The Biomedical Informatics Think Tankâ„¢ (BITTâ„¢) interprets this approach as a Health Data Cloud where all healthcare providers and individuals can store their health information.  Key to this proposal is that only those individuals, providers and researchers authorized to see this information can aggregate it for their use.  The Health Data Cloud could enforce the use of standards since when information is put into the cloud, it the information could be checked to ensure that it meets standard requirements.  Such a New Exchange Architecture would make access to the health information less costly and more able to provide results that could allow an effective implementation of comparative effectiveness research and personalized medicine.  Furthermore critical public health information could be easily monitored for disease outbreaks.  This access could be provided while maintaining the privacy of individual health information.

The BITT™ has a demonstration of just such technology, which it plans to license as open source.  Some of the interesting characteristics of this technology include:

  1. Individual identifiers can not be downloaded from the system in association with any data (i.e. no identifiers are available external to the code of the system).
  2. Access is provided to proxies, providers or researchers through online authorization (consenting) mechanisms (and thus, individual identifiers are not necessary).
  3. Researchers can do research on any of the information as long as the results they see are only aggregates.
  4. Researchers can only see individual deidentified data (and never identified data) for research purposes only if the providing individual (or their proxy) has given consent for that purpose.
  5. Researchers can notify an individual’s care provider about a healthcare opportunity resulting from a research effort (such as an opportunity to participate in a clinical trial or to follow a particular regime or get a particular procedure done) only through an notification service that keeps the patient identification information unknown to the researcher.

Stay tuned for the latest updates about this proposal for a Health Data Cloud.  If you would like to have a copy of the code, please contact me and we will provide you with this as soon as we can make it available because we want your help in the development of this code as open source.

The Biomedical Informatics Think Tank™  is a division of Projectivity, Inc.  The Biomedical Informatics Think Tank™ and BITT™ are trademarks of Projectivity, Inc.

Filed under Biomedical IT, CER, New Exchange Architecture, ONC, Think Tanks
June 26, 2011

RSS T.P. Caruso Blog

TAGS

Academic Institutions Academics Agile AHRQ Allocating Resources Balanced Matrix BITT Blogging Books CDSS CER CIO-SP3 Clinical Research Consulting DHHS Figures Functional Organization Governance Government Contracting Government Health IT Health IT HIMSS Intelligence Lectures Links Matrix Organization NEA NIH ONC PMBOK PM Methodology PMO Relationships Requirements Social Media Software Development Standards Subcontracts Subject Matter Experts Teaming Teaming Agreements Think Tanks UEL Webinars Wikipedia