Thursday, November 22, 2012

Thankful and Hopeful for Healthcare progress

There is so many good things that happen when data is allowed to move. I have dedicated my career to enabling healthcare data to move when appropriate. I follow the guiding principles of Privacy (OECD, USA, EU, Safe Harbor, Privacy by Design) . These are expressed in multiple forms but generally all well align. The appropriate movement of healthcare data can enable so many wonderful things to happen, things well beyond our wildest dreams today. This is what drives me, this is my mission.

I am Thankful for some efforts that I was a part of this year. I can’t say that they all turned out exactly as I wished, but they did meet my overall mission, to get data moving when authorized.
  • Healthcare around the globe is aligning on standards based Document centric Transports with reasonable security models. In the USA this is being pushed by Meaningful Use. Document centric transport is not the ultimate goal, but it is an example of ‘good enough’. I think it is very much the sweet spot between many forces: Privacy, Clinical Accuracy, Provenance, and Medical Records. Advanced security and privacy are being worked on using realistic use-cases and mostly a realistic viewpoint on timeline. In the USA this is being pushed by the Data Segmentation for Privacy. It is unfortunate that much re-invention is happening, but sometimes one must allow others to do this.
  • Security/Privacy Audit logging is making progress and visibility but still not a forefront item, it likely never will as it isn’t sexy and can only show bad things have happened. But this year we saw enhancements in this space. We are nowhere near good-enough. A privacy office still must do so much work to pull together a simple accounting of disclosures. If it is hard to do this on-demand, I am sure there is not daily reviews of the audit logs.
  • Patient access and correction are starting to make progress. I am not one that says that there should be some patient centric database in the cloud. I am however one that indicates that we must enable patients to have access to their data. Access and manipulation of data, my mission, is not going to be the dominated by professionals as it has in the past. Once the patient gains access to their data they can do wonderful things with it as well. Along these lines I am excited about RESTful interfaces for healthcare. Not just willy-nilly RESTful interfaces, but reasoned interfaces that are purpose driven and harmonized with backend and more mature infrastructures. REST is not a magic thing, it is one of the appropriate tools to use. Fitting that tool in with the others is just as important as using it.
The Patient is being recognized as having Privacy rights. Privacy rights not only allow a patient to control their data, and to understand how their data is used; but it also enables them to access their data and get it corrected when it is wrong. These are fundamental Privacy Principles; it is quite exciting to see them all progressing. Getting the data to move is what is important, the creative ways to add value through access to the data is what will revolutionize healthcare.

I will continue to work on my mission. There is still technology that is needed, I just think that we have good technology today. What we don’t have is the political and organizational will to leverage it.

With the continued Obama Administration I am Hopeful for some key Political movements in Healthcare
  • User Identity needs to be fixed. This is not a technical problem, we have the technical standards. This is a political problem. We have hundreds of individual user accounts because all services historically had to do this, and none of them would trust anyone else. We need a system where by the user chooses when to have a different account, and when to leverage one they already have. In the USA NSTIC is working on user identity in the internet space. This will not address organizational users, specifically how one organization needs/should trust the users in another organization. Federation technology is clear and easy. We need movement, it is great to see Google, Facebook, Twitter, and others leveraging these technologies and making them available. The business of identity-providers will be a tough business to be in over the next 5 years. But we will all be better off.
  • Patients need an identity, not this mess which is cross referencing. Cross-referencing will work, but is the worst of all possibilities. Cross-Referencing will make mistakes, a mistake in healthcare at best is a privacy violation at worse a leads to a treatment error. Cross-Referencing exposes MORE of the patient identity to more organizations and thus more potential misuse. This problem is being addressed more outside the USA. I am excited at what is going on in Europe and beyond. The USA must reexamine the historic attitude on a patient identity, and examine the problem in context of today and the future.
  • Privacy enhancement through simplification and unification. This too is not a technical problem. We need in the USA to focus on having a unified privacy policy that is good-enough. The technology will continue to change, but it is very difficult to work on advances when the sands shift underfoot. We need simple patient choice to be put forward as good-enough. It is true that simple opt-in will not work for some, but they will work for most. Let’s get this system in place so that we can then focus attention on how to advance it. We don’t have a simple opt-in because we have multiple layers of conflicting privacy regulations. Privacy Principles give the patient choice, simple as that. I know some states want to use implicit consent, but it is time to reexamine this. There is plenty of proof that when patients are given choice, informed choice, that they choose to share.
  • Roll out of Exchange, and put to bed Direct. We need to get data available, not continue to do one-by-one interactions that somehow need to predict where the data needs to go. Direct is a great replacement of the FAX, it is not a good solution for anything else. I am glad that we have aligned on Documents, this was my goal when I conceded and helped create Direct. Document is the most important advancement. But we must encourage eHealth Exchange to make data universally available. This is far more important that being able to universally discover doctors. Movement of data is the key.
  • Please fix the Patent system. Patents are essential, but the use by trolls is clearly not what the Patent system was intended to enable. Our courts are spending far too much time determining if patents are valid or not. This is the job of the Patent Office, prior to issuing a stupid patent. The court system is a hugely expensive way to deal with this problem. Our courts should be doing what the courts were designed to do, things like prosecuting inappropriate violations and invasions of Privacy. 
Privacy does not get in the way of progress. When you ignore privacy, it will come back to hurt when consumers find out about the violation and invasion of their privacy. Design Privacy into your system from the start, and be transparent with consumers. Consumers will reward openness and transparency.

I have many articles on these topics