MEDNET was recently featured in the Minneapolis Star Tribune Newspaper! Topics included NHIN, HIE Building, Interoperability of Clinical Data, and more in the article “Vision of Sharing Medical Data Beginning to Reach Fruition”. Click HERE for the full article!
Archive for July, 2009
MEDNET Featured in Minneapolis Star Tribune Newspaper
Wednesday, July 29th, 2009MEDNET Collaborates to bring HIE HPOC to Ohio
Tuesday, July 21st, 2009MEDNET recently announced an HIE collaboration in Ohio for an HIE HPOC offering. More information can be found in the MEDNET news section, here is a snapshot:
MEDNETWorld.com (MEDNET), a leader in Nationwide Health Information Network (NHIN) connectivity and clinical applications, in partnership with The Rubicon Group, eHealth Ohio, Bostech Corporation and TechColumbus Platform Lab have implemented The Ohio Health Point-of-Care (HPOC) Service enabling interoperable electronic exchange of clinical data for healthcare providers. This HIE partnership provides clinicians and physicians with unprecedented electronic access to detailed medical health records for each patient.
Future Security Needs, Issues, and Overall Impact for HIE’s – By Jesse Erdmann
Tuesday, July 14th, 2009In our continuing series on information security, Jesse Erdmann, CISSP, looks at what the future might bring. There are a few trends that will influence changes in the security model around granting access to data. Currently, developing standards around Health Information Exchanges (HIEs) and Nationwide Health Information Network (NHIN) are already establishing rules for granting access with regards to the context of the request as well as individual patient preference. Later, as data in general as well as in healthcare more and more becomes structured in graph form rather than the traditional document model, security models will have to be modified to account for this change.
Contextual roles, by our definition, are a combination of traditional Role Based Access Controls and information conveying a relationship between the user and the subject of a query. In current NHIN standards this means that the user must be clearly authenticated as a user and supplying enough information to establish the user is positively identifying a specific patient. From a patient perspective this means that access to medical information should only be presented to MY doctor, or billing information can only be supplied to MY CURRENT insurance provider. As systems develop and more standardized transactions are available they will be able to be combined to provide validation of the appropriate context for sharing information. For instance, as ANSI x12 278 notification messaging becomes more prevalent, perhaps an institution that just admitted a patient for hospitalization can provide a digitally signed 278 notification acknowledgement from the currently recognized insurance provider to a patient’s primary care physician as third party proof that the person is currently in the care of the requesting organization.
Patient preference will also increasingly become a factor in sharing information. Options for how to represent and enforce patient preference with regards to sharing their private information are proliferating at an alarming rate despite the fact that they are limited to a binary choice. Currently, there are options in Electronic Health Record (EHR) systems to specify that an individual patient record is confidential or belongs to a figure in the public eye. HIPAA specifies a national standard for accessing patient data. Minnesota is leading the nation in this area with a law defining a Record Locator Service that must provide an opt-out and it won’t be long before other states follow their lead with their own variations. Finally, NHIN is defining a XACML standard document to indicate whether a patient assents to sharing information between organizations. Eventually, one would hope, these options will more or less coalesce into one or two options that provide the patient a little more flexibility than yea or nay and there will be a standard way of communicating these choices between organizations.
Finally, there is a coming shift in the way data stored and that will require changes to security models. Currently, access is granted to documents or directories as a whole. What happens if the document is no longer the primary format for storing data? What happens when documents primarily intended for one audience includes information they should be proscribed from viewing? The Department of Defense has created a write up, read down policy to bridge the gap between security clearance levels. Using write up, read down people with a lower level clearance can write information to more highly cleared system, but not read from them while those with a higher level clearance can read from systems at a lower clearance level, but not write to them. Unfortunately, in health care there isn’t a clearly defined hierarchy of privacy restrictions. Nor does this system address all of its own requirements with regard to “need to know” or context to put it in terms used in this article. Something more sophisticated will be required.
The time of documents being the primary model for storing information is winding down. Semantic Web, Web 3.0, or whatever you choose to call it, is breaking into the mainstream of computing. Microsoft’s Bing, Google and Yahoo!’s Search Monkey are all bringing these technologies to the public. The Mayo Clinic, the Cleveland Clinic, Kaiser Permanente, the Pharmaceuticals industry and the National Institute of Health are all working with semantic technologies to varying degrees and in various aspects. Semantic Technology, briefly, is a way of describing data in a common format so that it is “machineable” or able to be processed by computers. Concepts are often defined using description logic so that an inference engine can be used to infer new information based on things like transitive properties, etc. One of the seminal examples is that if you define a relationship such that if a is a child of b, and be is a brother of c, then c is the uncle of a, and assert that Alfred is the child of Bart and Bart is the brother of Claude, an inference engine will provide the new information that Claude is the uncle of Alfred. There are ontologies and taxonomies providing these sorts of relational definitions for gene encoding, proteins, drugs and drug interactions, the list goes on and on. If interested, we suggest reading about BioRDF or the National Cancer Institute’s BioPortal as an entry point to the volume of information available. Most of the effort has been focused on medical research and sharing research results, but the Mayo Clinic and others are working on clinical data representations and bridging the gap between the research and the clinical worlds.
Many expect the technologies to be used simply to act as metadata describing documents as a smart index. However, it also seems likely that data from various providers would be lumped together in one large graph. So, as an organization pulls in documents from other organizations about patients they also see, rather than keeping the documents separately and manually review them every time, or more than likely not at all, why not pool the contained information into a single source and use tools to generate relevant documents as requested? Documents such as an ASTM CCR or an HL7 CCD could easily be generated from these graphs as needed. However, how do you know which bits of information are okay to share with a physician versus what is okay to share with an insurance company or a researcher or other authenticated users? Semantic technologies could provide an answer here as well.
Just as the structures modeling the data are described, these technologies can be used to define what is accessible by specific roles and any contextual information required before granting access. Using this information, a tailored document can be generated as appropriate for a particular user by selecting accessible information and formatting it as the requested document type. For example, an emergency responder might just need a list of prescriptions, a primary care physician might need to see test results from a recent specialist visit and an insurance company should only see the date a particular test was administered and not the results. This is a very early description of what a system might look like. A lot of research on how this might look and hurdles like how does the open world nature of semantic technologies versus the traditional closed world view of data impact its use in a security system remain to be addressed.
As always in information technology, things are moving quickly. Today’s cutting edge technology is tomorrow’s legacy app. What seems the most appropriate direction today becomes tomorrow’s abandoned movement. However, it is vitally important for health IT leaders to be aware of what might be coming down the road, and to be prepared to deal with them when they get here.
The Benefits and Impact of NHIN – By John Fraser
Tuesday, July 14th, 2009For years healthcare has hoped for a single communications system could securely convey all of our clinical, administrative and public health information between hospitals, clinics, labs, governments and insurance companies. After all, VISA provides a global infrastructure for credit cards, the Federal Reserve Banks provide a national system for banks to exchange financial information, so why can’t health care develop a similar, secure system?
Healthcare has been trying to develop a standard network for years. First we started with the concept of CHINs (Community Health Information Networks), which attempted to put all health care information in a region into centralized computing systems. This centralized concept scared many people away from the entire concept of connecting disparate health care clinical information.
Instead, efforts turned to standardizing healthcare billing that is exchanged between doctors and insurance companies. The biggest effort was the familiar passage (in 1995) of the HIPAA legislation. HIPAA standardized healthcare billing by requiring all doctors to use a single set of standardized electronic billing formats, defined by the American National Standards Institute (ANSI). HIPAA has done a good job in moving everyone to national standards for billing messages. But what about a similar system for exchanging medical and clinical information?
The development of NHIN is a modern effort to standardize and simplify the exchange of medical/clinical information between doctors, hospitals, public health and government entities. The effort started in April 2004 when President Bush signed an Executive Order mandating that most Americans should have electronic medical files, or electronic health records (EHRs) within ten years. This order created a new government office, called the National Coordinator for Health Information Technology – now referred to as the Office of the National Coordinator, or ONC. A very nice timeline of the NHIN effort can be found here: http://www.worldprivacyforum.org/NHIN_timeline.html
NHIN is not a physical network, like the telephone system. Neither is it a private network, such as used by Medicare. Instead it is an Internet-based system that is defining standardized ways to communicate securely (over the Internet) to solve specific business problems, or “Use Cases” in the vernacular of computer science. The NHIN standards include a very modern security system that ensures communications stay private and prove who is on the other end of the line (Think of it like caller-ID that can’t be spoofed). Using the Internet and standardized security and communication services helps ensure low costs and expandability.
NHIN was originally focused on the secure exchange of patient information between groups of clinics, hospitals, and the Federal Government. However, there are growing number of services being defined so that both medical information AND healthcare billing information can be exchanged across NHIN. For example Medicare/CMS has announced an effort early next year to pilot billing-related information using NHIN.
One problem many clinics and hospitals have is finding a patient’s medical information at another clinic or hospital. So one of the “core” services in NHIN is the ability to ask the question “Do you have any information on this patient (lets use John Fraser as an example) in your system?”. If the answer is yes, then the next question defined by NHIN is: “Can you give me a list of information available for patient John Fraser?” and so on. NHIN is focused on solving practical, day-to-day problems common in most clinics and hospitals across the United States.
Have you ever had to fill out a three page health questionnaire at a new doctors office? Have you ever been to an urgent care center or emergency room and wondered if they had all your medical records on hand? These are critically important business processes that have long ago been automated by the credit card and financial services industries. NHIN can solve these problems, along with many more, and NHIN’s collaborative approach to development and testing involving many different organizations is the right approach.
NHIN is winning due to a variety of reasons: NHIN is based on a modern Internet and standards-based system, the Federal Government is working with the community to solve the simplest problems first (that are common across health care), and, having personal experience with the NHIN infrastructure, I can attest to the high quality and level of sophistication of the NHIN security and communications architecture. Numerous Federal Agencies are in test mode or moving to production with the NHIN infrastructure each day. Given the federal commitment and Internet-based approach, any other system would be challenged to emerge any time soon to displace the quickly emerging NHIN network.
Imagine…
- a secure medical network that stretches from coast to coast using the infrastructure of the Internet.
-this network sending and receiving medical images and medical summaries between hospitals and clinics hundreds of miles apart for emergencies.
-ambulances looking up medical information even before they reach the accident scene or patient.
-hospitals reporting de-identified disease notifications in real-time to state and federal agencies to accurately track outbreaks like the H1N1 virus, and that these notifications are then sent to vaccine manufacturers in near-real time (so that critical vaccines can be positioned and shipped directly to the providers who need them most).
Imagine no more; these and similar projects are underway or in final stages of testing right now utilizing the NHIN infrastructure – the future is not far away!
The Convergence of Clinical and Administrative Data in Healthcare – By Chris Smith
Tuesday, July 14th, 2009As healthcare connectivity and overall interoperability become more and more standardized in the market, a convergence of both clinical and administrative data and transactions is becoming a reality.
In the past, healthcare entities viewed clinical and administrative workflows, and even departments within the organization, as different, separate data, workflows, and processess.
With the ability to finally utilize the existing technology and data, (coupled with standards for connectivity and interoperability)
workflows are now converging. These new, converged workflows are utilizing clinical data, clinical workflows, or medical data to fuel the other (administrative) transactions, workflow, and data.
An example is an improved admitting process in an emergency room situation, where a clinical data record locator (or patient lookup) is performed as the first, or key, transaction, allowing the patient to be ‘found’ along with his/her medical records. This patient and clinical data is then utilized to populate an eligibility transaction, credit transaction, and/or other administrative transactions, that are then performed within the same system, screen, or process. Duplicate logins, multiple computer windows, separate workflows, and overall redundant systems are all eliminated — the patient admitting process is streamlined based upon the patient medical/clinical data, creating an accurarte workflow transaction and instant ROI.
Another example is utilizing existing feeds from information systems, such as ADT feeds, to create and populate administrative transactions, such as the 278 hospitalization notification (or pre-authorization). By utilizing clinical data and existing data feeds, administrative and other
workflow processes are generated, simplified, and streamlined, and clinical data/feeds powers the overall data/workflow in the healthcare enterprise.
Utilizing existing data and systems to power and populate the overall workflow in the healthcare enterprise reduces redundant processes, workflows, and systems. Finding and utilizing core data (such as the clinical data), not only helps to improve care but also streamlines the entire process. The data and the workflows converge to one streamlined, simplified process.
The impact of automated 278 Hospitalization Notification to Payors
Tuesday, July 7th, 2009With the drive towards overall workflow simplification and automation, there has been a push by Payors for timely 278 notification of hospitalization. In fact, some Payors will penalize reimbursements if they are not notified within a timely period (24-48 hours). One solution MEDNET has found to be particularly effective is taking the ADT feed (from the Hospital Information System) and utilizing this feed to build/populate a 278 notification of hospitalization transaction. The completed 278 can then be automated for delivery to the Payor, or can be reviewed internally prior to submission (eliminating or limiting manual entry and review). By utilizing existing systems and infrastructure, and with the convergence of clinical and administrative data, healthcare workflow can be streamlined and simplified, including the 278 hospitalization notification.