Wednesday, October 13, 2010

Healthcare Provider Directories -- Lets be Careful

The HIT Policy committee heard testimony a few weeks back on the topic of Healthcare Provider Directories. The committee has already put together an impressive discussion of Healthcare Provider Directories and have a set of questions that they are asking different subject matter experts.
Provider Directories will be a key enabler of nationwide health information exchange.  The IE WG has been asked to investigate and make recommendations to facilitate creation of provider directories that enable universal health information exchange across the country.  As part of its fact-gathering process, the IE WG will host a public hearing on September 30, 2010, in Washington DC, to hear testimony from a variety of prospective users and industry experts on: 1) obstacles to health information exchange; 2) the role that provider directories could play in addressing such obstacles; 3) the types of directories that exist in the market today; and 4) options for building a directory approach that meets the emerging health information exchange needs of health care providers.  More

I was asked to testify, but was out at corporate training. I highly recommended the two individuals that were the main driving force behind the IHE Healthcare Provider Directory Profile. There was so much good work done by this committee of IHE, and so much more that could be done. The committe decided to have Keith Boone fill my slot Provider Directories. He did an excellent job of filling this slot.

Generally this HIT Policy initiative needs to be coordinated with National initiatives such as the WhiteHouse “National Strategy for Identities in Cyberspace”. This initiative starts out seeming like it is just politics, but if you read the whole thing they do understand the need and are starting to peel the onion. There is also PKI initiatives like: the Federal PKI, Kantara, and others.

On the technology choices, I would be recommending we re-use technology that other industries use and not create special technology just for healthcare. So lets use LDAP technology which has strong support, tools, knowledge, flexibility, and power. It also has many interfaces besides the classic LDAP. I would recommend against the use of HL7 for this use, although this certainly is a useful schema and vocabulary; the technology is specific to healthcare and is not as widely supported or used.

The Use-cases are not clear, and need to be made more clear. It is clear to me why we are investigating Healthcare Directories, but we need to be very careful. Most of the use-cases that I see would be handled just fine without the need for any standards. There will be a functional directory offered that is web-based. I am not convinced that we need an Interoperability specification at the Nationwide level. We don’t have one for Internet e-mail or Phones today. They are all working just nicely on social mechanisms with backing from general web interfaces. Why would any provider want to publish their contact information to a directory that everyone in the world can discover. If it is no open for anonymous reads, then what is the authorization path?

Related to this is the issues of abuse. Once a directory exists it will be abused. The more available the information, the more abuse it will draw. (eg. SPAM). There are people that think we need to have “Universal Addressability” in the provider space. I don’t disagree with universal addressability, but there are efforts to define this as universal discoverability of your address and your credentials. Thus a malicious user can discover my email address and send me encrypted SPAM.

The negative risks that are created by the solution need to be considered in addition to the positive functionality of providing the solution.. Hence why there is no universal discoverability in internet email and phone numbers today…. And where phone numbers can be guessed, there is now a do-not-call list.


  1. "Why would any provider want to publish their contact information to a directory that everyone in the world can discover."

    I'm not sure I understand your use case as a problem scenario. All providers currently publish their business contact information on the web and phone directories. If not, NPI or cheap mailing lists already have this information.

    What the public does need, that current 3rd parties can't provide, is an accurate directory that carries official capacity.

  2. Faisal, I suspect the truth is somewhere between us. I can easily find the general contact information for my health provider organization. But I know that I can NOT find the contact information for my individual provider. The statement you quote is about the individual provider, not the organizational provider.

    I think this is clarification that I am asking for. The use-case for finding a healthcare providing organization with specialties sounds reasonable and scalable. The use-case for finding the individual healthcare provider is not as clear and fraught with danger. This is why I want the use-cases to be brought forward.

  3. Really? You can't get a phone number for your physician? I find that really astonishing. How do you find a family physician when you move to a new city? How do you know if your physician has a history of malpractice if you can't look them up?

    In Ontario, I can look up any physician in the province, by name, by specialty, by practice location, and get not only all of their contact info, but all their hospital priveliges, practice locations, post-graduate training, practice restrictions, past disciplinary actions, and malpractice findings. Listing in the registry is a requirement of practice.

    When I moved to Toronto, I used the registry at the College of Physicians and Surgeons to find a list of doctors that were accepting new patients, whose practice address was close to my home. I was also able to check that they had no malpractice or disciplinary record in order to chose who I wanted to be my physician. When I injured my knee and needed to see an orthopedic surgeon, I checked the registry again to check the record of the person I was being referred to. How do you do that without a registry?

  4. Laura,

    This is a benefit of government sponsored healthcare. In the USA healthcare practices need to compete for the best doctors, so they don't want to expose this kind of information about them. In the USA doctors are under lots of pressures that are NOT associated with providing care. I would love a solution, but that is a far more radical step than a Directory can accomplish.

    How do we do it? We have healthcare practice setting based statistics to work wiht today, and this is a huge advance. Most of what Meaningful Use is driving is this kind of reporting on the organization. In a way, this is baby steps.

    I presume there is a very mature vetting of this information at is posted, with a dispute resolution mechanism? So how do physicians in CA deal with crank calls, calls in the middle of the night, SPAM in their e-mail, etc?

    We look to our 51st state to teach us...

  5. The majority of the information comes from the yearly credentialling and license review process, so it's fairly thoroughly vetted, and yes, there's a dispute procedure, through the College. Can't say I've ever heard that crank calls or spam are a huge problem, at least not more so than for any other profession. Why would doctors be more at risk for crank calls than, say, lawyers? It's not any different than any other profession publishing their professional contact information.

  6. Ah, see credentialing is done at a healthcare providing organization level; and at that level they do sometimes publish their contact information. But these organizations would rather have you call them and have the operator route the call.

    But this is why I say 'be careful'... and why I did not say 'no way'.