Thursday, September 27, 2012


The ONC’s Direct Project gives healthcare organizations the opportunity to exchange structured and free-form content.

“I’d like to make a bumper sticker,” says Brian Ahier, president of Gorge Health Connect, Inc. “It would say, ‘Kill the fax.’”

Fax machines have been a staple in the health information exchange (HIE) process for years, but Ahier and others are questioning their continued usefulness as vehicles to transmit sensitive data. In the modern era, where Olympics coverage can be streamed on our smartphones and tweets can lead to revolution, isn’t there a better way to share health data?

Ahier is among those who think there is. “The fax machine is not a secure way of exchanging information. There’s no way to audit that you read and received the information,” he says.

That’s one reason he was eager to work on the Direct Project, a program sponsored by the Office of the National Coordinator for Health Information Technology (ONC) that brought the healthcare community together to figure out a way to exchange information more securely, easily, and efficiently. “[The ONC] developed an open and collaborative approach to developing standards and services that enable direct, secure messaging over the Internet for health information,” Ahier explains.

Doug Fridsma, MD, PhD, chief science officer and director of the Office of Science and Technology at Health and Human Services, says the Direct Project grew out of the passage of the HITECH Act. “We charged the HIT Standards Committee with looking at the nationwide health information network and the specifications that we had in there and the way in which the nationwide health information network was organized to see how we could leverage that to meet some of the things we needed to accomplish for meaningful use.”

see For The Record magazine for complete article...

Friday, September 21, 2012

National Strategy for Trusted Identities in Cyberspace (NSTIC) Pilots

The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a White House initiative to work collaboratively with the private sector, advocacy groups and public-sector agencies overseen by U.S. Department of Commerce’s National Institute of Standards and Technology (NIST). Five companies working to develop trusted electronic identity technologies to combat identity theft, protect online transactions and secure information sharing were given more than 9 million dollars in grants by NIST for NSTIC pilots. The pilot programs, said NTSIC, span multiple sectors, including health care, online media, retail, banking, higher education, and state and local government and will test and demonstrate new solutions, models or frameworks that don't exist in the marketplace today.

NSTIC envisions an “identity ecosystem” in which technologies, policies and standards support greater trust and security when individuals, businesses and other organizations conduct sensitive transactions online. The private-sector-led Identity Ecosystem Steering Group provides an open process for organizations to participate in development of the ecosystem. The group’s goal is to craft a framework for identity solutions that can replace passwords, allow individuals to prove online that they are who they claim to be, and enhance privacy. These pilot projects are going to bring the theoretical work into the real world developing solutions that will help in many industries, but especially healthcare. There is a lack of confidence and assurance that people and organizations are who they say they are online, and the de-facto requirement in the current online environment is for individuals to maintain dozens of different usernames and passwords.

Resilient Network Systems (Resilient) has been awarded one of the NSTIC grants as the prime contractor building a new system that guarantees trusted identities in the areas of healthcare and education. Our health information exchange organization Gorge Health Connect (GHC) is one of the subawardees on the healthcare project working with the San Diego Beacon eHealth Community. The pilot, called Patient-Centric Coordination of Care, will enable convenient multi-factor, on-demand identity proofing and authentication of patients, physicians, and staff on a national scale. This will facilitate coordination of care among a select group of primary care physicians and cardiologists. Resilient is also partnering with the American Medical Association, Aetna, the American College of Cardiology, ActiveHealth Management, Medicity, LexisNexis, NaviNet, the Kantara Initiative, Krysora, and the National eHealth Collaborative.

The project is designed to successfully deploy a working pilot system that will provide tangible benefits to patients, physicians and online service providers within twelve months. This pilot will demonstrate:

  • A collaborative identity ecosystem that interoperates across disparate identity providers and relying parties
  • Ability to create real-time Trust Graphs linking identities and relationships of doctors, staff and patients
  • Use of multiple, discrete identity providers (both public and private) to “syndicate” identities
  • Codifying and enforcement of appropriate governance policies (e.g. identity, access, use, privacy, etc.)
  • Cloud-based services that rely on the network for identity and policy, thus retaining minimal transaction data
  • Expanded system capabilities to share protected data, documents and application services across boundaries
Using four new types of Internet infrastructure – the Access Server, Trust Broker, Identity Broker and Zero-Knowledge Services – the pilots will coordinate secure interactions among existing systems to allow organizations and people, that don’t necessarily know each other or have trust relationships, to collaborate and share sensitive information and resources without having to disclose personal identifying information (PII) to other parties.

The pilots will utilize a Trust Network which will create a decentralized, pervasive identity system, with supporting directory, discovery, matching and verification of identities for people, organizations, and information. It is an open network with a technology and vendor neutral architecture, allowing disparate standards and systems, including federated systems, to be linked together and leveraged without requiring users to understand the underlying infrastructure. The Trust Network will enable new type of “identity syndicate”, which is a collective of virtually combined, independent identity and attribute databases that can be used for matching, verifying and searching identities. It works even if the participating systems do not agree on how to identify people, and even if they are unwilling to disclose the identity attributes they have to each other.

I am very happy to work with Resilient Networks, the San Diego Beacon Community, and our other partners on this project. I will post updates as we make progress, and look forward to learning a lot from what works, and what doesn't.

Wednesday, September 12, 2012

Consumer Health IT Summit - Government as Catalyst

Kicking off National Health IT Week the U.S. Department of Health and Human Services (HHS) in conjunction with the Office of the National Coordinator for Health Information Technology (ONC) hosted the second Consumer Health IT Summit on Monday, September 10, 2012. The Summit was geared towards individuals who are trying to advance consumer access to health information and brought together government leaders with leaders in the private and non-profit sectors. It was a great event and certainly brought into focus the critical importance of patients being involved in their care and having access and control of their own health data.

Dr. Farzad Mostashari, National Coordinator for Health IT, ONC, and Lygeia Ricciardi, Acting Director, Office of Consumer eHealth, Office of the National Coordinator for Health Information Technology, HHS, discussed some their strategies for engaging customers. Lygeia highlighted three primary elements of this strategy:
  • Access: getting information into the hands of patients and caregivers;
  • Action: engaging consumers to actually use the information in an effort to improve health
  • Attitudes: how access and action can shift attitudes about the traditional roles of patients and providers
Farzad gave a rousing call to action to let the developer help. He encouraged programmers and developers, entrepreneurs and innovators to join in the effort to empower patients to be more engaged partners in care. They also announced the winner of the "What's In Your Health Record" video challenge which went to Mark's Story, which talked about the importance of having access to health records when travelling.

[UPDATE] Lygeia also mentioned the establishment of Consumer/Patient Engagement Workgroups for both the HITPC and HITSC to focus on policy and standards issues related to strengthening the ability of consumers, patients, and lay caregivers to manage health and healthcare for themselves or others.  ONC is pushing forward in this area on multiple fronts, and they will be seeking input from the advisory committees. They'll be putting out an announcement in a few weeks, and inviting people who would like to be on one of the workgroups to submit their information online.

Peter Levin, Chief Technology Officer, Department of Veterans Affairs and Farzad discussed the Blue Button project - progress so far and what lies ahead. Then Todd Park, U.S. Chief Technology Officer announced announced the first class of “Presidential Innovation Fellows” and the selection of the Fellows who will be working on Blue Button for America. He also quotes my friend Leonard Kish who said that "Patient Engagement is the Blockbuster Drug of the Century."

Friday, September 7, 2012

Now Is Not the Time for Regulations on NwHIN Governance

In the hyper partisan atmosphere of a national election there is a great debate on the proper role of government and the utilization of regulations versus free market approaches. I have always believed the meme promulgated by Tim O'Reilly and others that government functions best as a platform for innovation in the role of convener and collaborator. This is one of the bedrock principles of government 2.0. I'd encourage you to read "Open Government"  if this is a topic you are interested in. There is a great deal of overlap between open government and health information technology, especially as we look to digitize health records and provide interoperability while engaging patients in their care.

I have long thought that one of the best agencies within the federal government exemplifying government 2.0 and open government principles is the Office of the National Coordinator (ONC) for Health IT (see my post here for previous examples). Dr. Farzad Mostashari, the current National Coordinator, has continued and improved on this tradition. An example of that is the flexible and thoughtful approach taken to governance and health information exchange.

When the ONC asked for comments on their proposed governance for the nationwide health information network there was a chorus of responses that resoundingly asked to put the brakes on and take a more measured approach. One of the primary issues the governance attempted was to help create a framework for a strong trust fabric, which is necessary for health data exchange to scale. The rules were meant to provide the policies necessary to create and maintain this network of networks that would result in robust nationwide exchange. The HITECH has specific language which requires the ONC to establish a governance mechanism for the nationwide health information network.

NwHIN RFI had 66 questions regarding areas of proposed governance focusing on 5 areas:
  • The establishment of a set of conditions for trusted exchange (CTEs)
  • Validation process for entities to demonstrate conformance to the CTEs (and subsequently become an Network Validated Entity (NVE))
  • Processes to update and retire CTEs
  • Establishment of a process to classify the readiness of technical standards and implementation specifications to support interoperability related CTEs
  • Approaches for monitoring and transparent oversight
There was very strong push back from the exchange community and many industry stakeholders were concerned that the process was moving much too quickly and a lighter approach should be considered. I joined with many groups in the process of responding to the RFI and shared many of these concerns. The NwHIN Power Team of the HIT Standards Committee also had some similar concerns. Across the board the comments indicated that the community thought that regulation at this time would actually slow the development of trusted exchange if it is implemented prematurely. And with the emerging governance activities of Healtheway for the eHealth Exchange (formerly NwHIN Exchange) and the work being done by to develop a strong trust fabric for the Direct community, a regulatory framework could actually stifle the process.

Well, the ONC was listening and have responded with a new approach. Dr. Mostashari and Jodi G. Daniel, JD, MPH who serves as Director of the Office of Policy and Planning at ONC gave an update to the HIT Policy Committee  on September 6, 2012 to outline their new approach to governance. Dr. Mostashari also posted a blog on the topic. It is important to note that the statutory requirement is to establish a governance mechanism, and that may not necessarily require rulemaking, but could leverage existing mechanisms. In any event there is no current legislative timeline requirement, so I appreciate that ONC is taking their time and being careful and flexible in their approach. I would encourage everyone to watch the webinar below: