Seonho Kim, MEDNET Health Grid Architect, will be attending the upcoming NHIN Connect conference in Washington DC!
Make sure you look for Seonho and say ‘hello’ at the conference, and ask away with any technical or architecture questions about MEDNET, NHIN, or NHIN applications…you are in good hands with Seonho! Hope to see you there!
Tags: MEDNET, MEDNETWorld, NHIN, NHIN Conference, NHIN Connect, Seonho Kim
Posted in Uncategorized | Comments Off
- By Chris Smith
NHIN – The Nationwide Health Information Network, is the Federally backed, secure & interoperable health information infrastructure that connects all of healthcare.
The goal of NHIN is secure data exchange nationwide in a ‘network of networks’ model.
For many years, healthcare has been striving to have an interconnected infrastructure — the ability to securely exchange clinical and administrative data freely between trading partners without boundaries or limitations.
Other industries, such as banking and the financial markets, have focused on interoperability and connectivity amongst trading partners. After putting forth a plan, and implementation of said plan, these industries were able to link trading partners together and allow the secure flow of data and transactions. Case in point, you can wire transfer funds to almost anyone, anywhere in the world today.
Healthcare, while a different market with different data, security, and privacy concerns, has similar connectivity issues. NHIN, as a standards based connectivity platform backed by, but not run by, the Federal Government, offers the ability to finally interconnect all of healthcare. Federal backing insures standards and compliance, as well as oversight to NHIN.
The impact of NHIN and one interconnected healthcare model offers a tremendous ROI, while improving the quality and timeliness of care. With NHIN, HIE’s can connect with other HIE’s, while enjoying inter-HIE communication and secure data exchange capability. 2009 has been the year NHIN goes-live, into production, and the impact to healthcare will be enormous.
If you would like to learn more about the impact of NHIN, HIE’s and HIE building, and privacy and security in a healthcare environment, please contact us or register for our FREE Webinar below!
Tags: HIE, NHIN, ROI
Posted in newsletter | Comments Off
-By Jesse Erdmann
In May, we introduced basic concepts of information security. This month Jesse Erdmann, CISSP, will discuss how these concepts apply specifically in the case of Health Information Exchanges (HIEs). Like any other environment where sensitive information is shared, authentication, authorization and audit are key, but sharing sensitive information between distinct entities complicates matters a bit.
Authentication is the basis for all security models. If the identify of the user can’t be verified, they should not have access to sensitive data. The May eHealth Newsletter discussed the basics of authentication. It is assumed that the appropriate level of authentication for an HIE is to use PKI digital certificates to positively identify users and systems. How this is used can vary from HIE to HIE depending on the member organizations.
In the case where member organizations currently do not use digital certificate based authentication, it makes sense to select a credential provider and issue new certificates to all users of HIE systems. This allows for authentication to occur at a level that crosses the entire HIE. Once authenticated against a central system, all applications for the HIE can easily rely on the same credentials.
Alternatively, when some member organizations already provide certificates to users, it may make sense to use a federated identity system. In a federated system, users authenticate against their home organizations authentication service then access services at other locations. The application will then accept signed assertions from the user’s home organization as proof of their identity. These assertions depend upon agreements being in place to trust assertions between organizations. It is important to note that organizations can be participants in an HIE or can be HIEs themselves. Federated identity can allow for one HIE to trust authentication provided by another HIE as is done on the Nationwide Health Information Network (NHIN).
Of course, a user from another organization will not be authorized for the same access as users from within an organization. Regardless of whether the authentication is done at an HIE level or in a federated model, the credentials provided by the user will indicate which organization they are from. Role based access can be used to determine what access privileges each user has and their home organization can be used as a factor in assigning these roles. For instance, physicians in my organization might have full read/write access to my medical records, but a physician from another organization might only have read access to a subset of records, or only certain parts of records depending on my security policy.
Finally, audit works exactly the same inter-organizationally as it does intra-organizationally. In fact, if deemed necessary, audit can be increased for users from outside the organization. As you can see, the tools are there to allow health organizations to safely and securely exchange information either within an HIE community or even between communities.
Tags: HIE, NHIN, PKI, security
Posted in newsletter | Comments Off
- By John Fraser
Last month we introduced the concept of Health Information Exchanges (HIEs), discussed HIE drivers and designs, how HIEs work, and how they connect. In this article, we’ll explore the common sense benefits of an HIE. It has become clear that HIEs need to deliver real value–otherwise if a Health Information Exchange is costly, and doesn’t provide value, why would anyone build one in the first place?
Before HIEs:
Anyone who has been referred to a new doctor and had to fill out forms, (again!) including pages of detailed health information, understands the value of sharing information between doctor’s offices. The ability to refer a patient from one provider to another (while sending along medical information) is a critical part of an HIE. The new provider needs to have enough information to provide a continuous high quality of care, based on existing medical information (called “continuity of care”).
Specifically, the inability to share even basic medical information can be tragic in emergency situations. Without a Health Information Exchange to share information quickly, response to accidents can be very low-tech. After a car accident, for example, a 911 call usually results in an ambulance sent to the scene of the accident. Once the ambulance arrives, the crew is poorly equipped to treat the victims, since they usually don’t have specific individual information (and are missing information such as allergies, medical devices, drugs, emergency contacts, etc). The emergency staff of a large hospital recently stated that they ‘can only provide minimal drugs or other treatments for fear of triggering an allergy or other bad outcome’. This is today’s state of healthcare!
Let’s now consider how accident response could be vastly improved utilizing an HIE and technology. Consider the emergency response if an accident happens in northern Minnesota, within the fully interconnected HIE of that region. Once a 911 call is made, the 911 operator begin a workflow using electronic tools provided by the HIE. Instead of just dispatching the ambulance, the 911 operator is now empowered to ask some additional questions of the person reporting the accident, leading to more individualized and specialized care.
The HIE infrastructure and data is accessed easily, through a common web browser, but requires a digital certificate for military-grade security. This extra security layer is necessary, due to that fact that access to a patient’s medical information is too sensitive to protect with just simple usernames and passwords. Instead, HIEs (such as the northern Minnesota HIE) are opting to use federal standards (public key infrastructure, or PKI–see the this article for more on security and PKI) to ensure a much higher level of security and encryption.
Once logged into the HIE’s systems, including The Patient Lookup Service (PLS), emergency personnel can look up where medical records exist for the victim. Within seconds of a query, important patient information can be forwarded to the on-board computer in an ambulance, even as it is on route to the victim. Medical information doesn’t come from some centralized system, but instead comes directly from participating hospitals and clinics (no central database required). Armed with the victim’s current medical information, the emergency crew can prepare and check for existing conditions. The PLS system can also retrieve a victim’s current medications, allergies, and similar information to provide dramatically faster and more individualized care to this victim.
Once on-site emergency treatment is complete, and the patient is loaded for transport, the crew can again use their on-board computer to enter their observations and treatments notes, and send this information immediately to the specific emergency room to which they are now heading.
At the emergency room, staff have the current medical information, emergency medical treatment, and other helpful information like emergency contacts and living-will information. Emergency contacts are contacted, and can be at the emergency department within minutes of the patient’s arrival. This is “patient friendly” care, and demonstrates the value an HIE brings to this day-to-day workflow in healthcare.
Can this really work?
Ten years ago building an HIE was hard. Lack of standards for electronic medical documents, proprietary security systems, and expensive software caused many early HIEs to fail. Much has changed recently. Perhaps the biggest advance is the adoption of standardized medical formats for electronic documents, allowing hospitals and clinics to send and receive documents using standardized software. Another advance has been the development of the Nationwide Health Information Network, or NHIN. NHIN allows for the safe and secure exchange of medical information nationally, and has been deployed in selected projects (including the example northern Minnesota HIE).
Effects of Stimulus Monies
Connecting health care and the building of HIEs was already underway when the new stimulus bill passed this February. The stimulus bill created a reward system for clinics and hospitals if they ‘wire up’ internally with electronic health record systems (EHR) AND connect to Health Information Exchanges. With a 30 billion dollar prize being awarded to those who ‘wire up’, expect the pace of EHR and HIE implementations to accelerate quickly.
Conclusion
There is little doubt that new stimulus dollars, combined with NHIN, will help move the US toward a valuable goal; that of an interconnected, secure health care network, including HIEs, to facilitate faster, more accurate, and more efficient patient care.
Tags: health infrastructure, HIE, newsletter, NHIN
Posted in newsletter | 1 Comment »
Look for MEDNET at the upcoming HFMA ANI Conference in Seattle! This year, Chris Smith, Director of Business Development, will be representing MEDNET at ANI, so if you are attending the show and want to connect with MEDNET, email Chris at chris.smith@mednetworld.com ! Hope to see you at the show, it looks to be a great one!
Tags: ANI, Chris Smith, HFMA, MEDNET
Posted in Uncategorized | Comments Off
MEDNETWorld.com Blog is proudly powered by
WordPress
Entries (RSS)
and Comments (RSS).