Wednesday, August 22, 2018

Basics of Healthcare Data access rights in USA

You should (federally required) have access to View, Download, and Transfer your medical data.

View

View just means you should be able to login to some web portal and see the data.

Not very useful, but everyone should be able to do this. It is most helpful when you want to see the data that the doctor just talked to you about, but when the doctor was talking to you the information overload was too much. So you want to look at it later, at home, where you can spend a bit more time with it. The idea is also that you then get a chance to think of questions for the next time you talk to the doctor. These "Views" of the data are often not the best quality, or easy to understand.

Download

Download means that from that same web portal you can download a copy of the data.

This 'should' be a higher quality, and should be in a 'standard' format. This is where my work comes in. Most things are available in a summary report. This might be referred to as "Blue Button", a marketing term that doesn't mean anything, but was something to rally the healthcare community around. This summary report might be a simple and rather useless text file, or PDF file.  Hopefully it is a more complete CDA standard format (often called CCD, C32, CCDA, C-CDA, etc). For images, like MRI, the DICOM standard is used.

The idea of downloading these CDA or DICOM standard formats is that you can take them to some other doctor, second-opinion, or be background helping with future problem. Also you can find applications on the internet that can help you yourself investigate these, and you can find services on the internet that can analyze it for a computer driven second-opinion (dangerous in my view). You can send this data to clinical research projects that would like to use your data to better future care of the issues you have had. 

The point is that your data is YOUR data. You can do anything you want with it. You can even be stupid and leave it somewhere it should not be.

Transfer

Transfer means that the data can be sent elsewhere. This is MORE what I get to define in my job...

1) Exchange: You are in California, where there is a strong health exchange. That health exchange is connected to other states via nationwide exchange. You can enable your data to flow through this network, more likely you can tell them you do NOT want the data to flow. The advantage of these kind of health exchanges is that the data is often there where it needs to be without you as a patient getting involved. For example during an emergency when you are away from home. Or during a natural disaster when you are pushed away from home. .This network that I am explaining is being used in CA to help those displaced by the wildfires. The exchange is simply doing what most patients figure is logical. This exchange helped Grandma Gloria when she would go between Wisconsin, and Texas. It requires nothing of you, except you agreement.

2) Direct: There is an agreed protocol for sending healthcare data to a healthcare provider of your choosing. This is a different network, and a different concept. In this case you must enter what looks like an email address (it actually is, but in a secure way). You pick the data you want to send. And you send it at that time. This works really well when you want to get a second-opinion, or are moving to a new home. It however requires you to request the transfer, and it is done once.

3) Apps: The newest hot technology (meaning it isn't available everywhere) is to use a third method that enables Applications. This is what Apple has added to their phones. If you have an Apple phone you have an App from Apple that can get your data. That is, if your healthcare provider has offered the data through this "API", specifically the API following the FHIR standard. This standard is very new, not really ready to be used. Apple is not the only one with a Healthcare App. There are many. The struggle is that this is all so new that there are many issues to work out. For the geeks, this is fun. For everyone else, this will be nothing but frustration for the next 2-3 years. So play with it, but don't rely on it.

Conclusion

I want EVERYONE to know about this. The main reason to know about it is to be happy that Exchange happens, but is controllable by you. And that Download is available for the chance that you need it for a second opinion or to help with clinical research. All the other reason to get your data are not all that well developed, so would just frustrate you. I have my data, and it just sits there on my computer taking up space.

YES I know many people find their data far more useful, and life critical. This is why I do what I do. I am simply realistic about the impact to the general public.
 

Tuesday, August 21, 2018

IHE Document Sharing (XDS) Metadata management Handbook

The IHE IT Infrastructure Technical Committee has published a new Handbook as of August 20, 2018: Document Sharing Metadata

The above document is available for download at https://www.ihe.net/Technical_Frameworks/ or at User Handbooks.

The full IHE formal announcement


The Document Sharing profiles from IHE including XDS and XCA, enable a Community to share Patient specific medical documents. This is described in the Enabling Document Sharing through IHE Profiles white paper (HIE using IHE). Each document shared is described by metadata. A Community deploying an HIE this way needs to define some metadata constraints and practices, so that the documents are found when they are needed. This handbook helps a Community to come up with appropriate constraints.

Purpose of the Document Sharing Metadata Handbook

This handbook is intended to assist the reader on the steps necessary to define how document metadata would be used, how to enforce and propagate that use, and how to evolve the document metadata use constraints over time. Use of this handbook will produce a set of documentation and plans that we call your “Community Metadata Specification”. A well-managed Community Metadata Specification is an essential component of an efficient and coordinated Document Sharing system. This becomes more important with increase in participation, the number of patients, document types, and shared documents.

This handbook uses the term “Community” as defined in the Enabling Document Sharing through IHE Profiles white paper (HIE using IHE). This definition is inclusive of an XDS Affinity Domain, an XCA Community, or a set of XCA Communities. This definition is also inclusive of the use of MHD (XDS-on-FHIR), although further discussion of MHD is not explicitly included in this handbook.

This handbook constrains document metadata to enable optimal discoverability of the shared documents within your Community. There are other responsibilities of Community management: patient identity and demographics management, organizational identification and credentialing, privacy policy, security policy, partner certification processes, etc. IHE addresses these broader topics in other publications listed in , Section 1.3, including the whitepaper “Template for XDS Affinity Domain Deployment Planning”.


Continued Discussion and sharing

These and other examples can be found at https://wiki.ihe.net/index.php/Metadata_Handbook. A discussion forum has also been setup at https://groups.google.com/forum/#!forum/ihe-metadata

August 24, 2018 -- added
For Fun I put the handbook on GITHub in Markdown format. Comments (issues) welcome.


Other articles of mine on Healthcare Document Sharing (HIE)

Friday, August 17, 2018

Blockchain for Patient to sell their data to Clinical Research

Smart-Contracts are a very important part of blockchain. The openness of blockchain is another. I have presented a possible way to use these features of blockchain to enable a Patient to be able to sell access to their data. I include some features also enabled by blockchain, such as micro-payments and escrow for breach of terms. I think these are critical to Patient selling access to their Data, and the ability to add this is simple given the Bitcoin example of Blockchain.

This all said, Smart-Contracts are hard to write correctly, and easy to get wrong. So I think there needs to be far more maturity to the space of Smart-Contracts before they are actually controlling access to Patient data.

Patient data for sale for Clinical Research

So a patient might offer access to their data, managed on a FHIR Server, to anyone that can satisfy a smart-contract they put into a public chain. I first described over two year ago as a response to Grahame's original ask Healthcare Blockchain - Big-Data Pseudonyms on FHIR

The smart-contract would include:
  1. Upfront payment for the access (some micro-payment)
  2. Requirement for escrow of coin to be unlocked to the Patient if other terms are violated
  3. Terms of protection of the data
  4. Kind of clinical trial allowed (heart conditions, but not brain)
  5. Agreement to keep all research public
  6. Agreement to contact patient if the patient could benefit from new treatment detected
  7. Agreement to contact patient if some treatable medical condition not previously known is discovered
  8. Agreement to not contact patient if terminal condition is detected
A clinical trail that can meet these, could satisfy the contract and gain access. If they violated any of the terms, the smart-contract would automatically transfer the escrow coin to the patient. Based on some sunset term (like possibly the natural death of the patient), the escrow coin goes back to the research organization. So clearly that legal-will is important to this use-case...

How does this work? 

I have indicated that the data would not exist on the Blockchain, it would exist in some FHIR server somewhere. I use FHIR because it is http RESTful and common to protect it using OAuth using SMART-on-FHIR profile. Thus it is to the general IT world, a RESTful server protected by OAuth.

So, this specific FHIR Server, and the OAuth that is protecting it, is linked to the BlockChain. It is the one taking the results of the Smart-Contract. If the terms of a Smart-Contract are satisfied by an agent, then that agent gets an appropriately scoped OAuth token. That agent can then use that OAuth token to access the data in the FHIR server.

In this way the FHIR Server is just a normal FHIR Server being protected by OAuth using the SMART-on-FHIR profile (aka scopes).   The OAuth service is the bridge between http-RESTful world and the BlockChain Smart-Contract world.

Variants on smart-contract based on de-identification capability

It is possible that the patient publishes multiple flavors of the smart-contract. Each offering different types of pseudonym blinding: Some flavors would expose MORE information, and have higher contract requirements (like shown above). Some would expose very well de-identified data, and have less strict contract requirements.

Highly de-identified data, where ALL direct and in-direct (Quasi identifiers) are removed. Including fuzzing completely dates, patient characteristics, location, etc. If the data is highly de-identified it is less valuable for clinical trials, but it also wold not need to be as strongly protected. So it is possible for this offering the smart-contract does not require an escrow of coin.

These variants would require that the authorized access to the data enforce these variations. Thus one would need some access method to the data where the de-identification can be accomplished. This might be done by different servers hosting the various flavors, confirmed by a human statistical analysis. This might be done by some automated de-identification service as I describe in
#FHIR and Bulk De-Identification

Am I wrong?

I am very willing to hear that I am wrong. I am very willing to hear adjustments. I am very willing to hear that someone has implemented this.

Thursday, August 16, 2018

Healthcare use of Blockchain on FHIR

I went to the ONC Interop Forum in DC. The security track focused on blockchain all morning. There was nothing new mentioned. This not to say that the audience didn't get any value, just that I didn't hear anything new. This lack of new insight is itself an important point. It indicates that much of the interest in Blockchain is very niche, that any efforts have not yet found the 'killer app'. This is also not an indication that no killer app is going to appear, just that it has not yet been found.

The panelists were surprised by this question. All the experts were clear that this early days. Caution, but excitement. They were all full of encouragement to try stuff out. All recognized that there is much misinformation and hype. All recognized anyone using blockchain is taking a big risk. None would state any prediction of the future. They also all recognized that those that have succeeded have reaped great rewards. They are all fully committed and excited...

There was not much questions from the audience so I asked
Given that the use of Blockchain will be use-case specific, has there been Healthcare use-cases brought before the Blockchain community that were determined to be a poor use of Blockchain?
Their answer: Do not put healthcare data onto the blockchain, no matter how it is protected (e.g. permissioned chains, or encrypted, etc) . It is better to put pointers (to FHIR Servers) onto the chain. So pointers are good, data are bad. 

To emphasize a Good use-case is where the data are already public, thus the blockchain is there to support it, validate it, confirm it, or trigger off of it.
 keeps fidgeters occupied while not bothering others around them

No surprise, I have said this too:

What should Healthcare do with blockchain?

This does not mean there is no room for blockchain and healthcare. just that we need to be careful about how we approach the topic. I have covered a set of Blockchain considerations for healthcare

Don't put medical data into the blockchain.
I am more convinced that putting healthcare data into a blockchain is a really bad idea.  Seems this is also a consensus that is coming together. Thus there will be many FHIR Servers that hold your data (might be others than FHIR, but why bother mentioning them).  For any specific use of data related to the blockchain, there might be one server or there might be many. That is to say that it is fully possible that the FHIR server associated with a blockchain project might have centralized the data prior to exposure through blockchain, or might proxy and make it appear as if there is only one. However probably best to presume many FHIR servers. In initial experimentation, experiment with one, but keep open as a gap expansion to many.

Don't use blockchain for direct Treatment.
I am equally convinced that using blockchain for direct Treatment use-cases is a very bad idea. Treatment has many expectations. The data must clearly be identified with a specific human, can't use pseudonyms. There must be no delay in getting to the data (urgency). There must be clear provenance of the data (where did this data come from, etc...). Treatment use-cases require that new events, observation, interactions are recorded; that any mistake detected is corrected. And there is also medical-emergency break-glass. etc.

Treatment related workflows
There are some Treatment like things that don't have these expectations. Such as participating in a clinical trial, where they can treat you as a pseudonym (strongly identity proofed). There are other Treatment scenarios where one also don't need actual identity, like a laboratory or pharmacy supply. Some of these are already given only the MRN, thus they don't have much more than a form of pseudonym. A new one that I really like is using blockchain to track the supply-chain of medication and medication components.

Provider Directory proofing
The beyond the medication supply-chain use-case, this Provider Directory use-case seems very interesting to me. The general need is that each provider organization must do background checks on all of their practicing clinicians. This background checking is expensive. The idea of using blockchain is to have a permissioned chain that is managed by all the provider organizations. Each time they proof a clinician, they put that evidence onto that permissioned chain and indicate they have verified it. Thus it is a consensus driven identity proofing for clinician licensing and background.

Smart-Contract to control clinical research
Patient data for sale for Clinical Research might be an opportunity. A patient might offer access to their data (which is elsewhere) to anyone that can satisfy a smart-contract they put into a public chain. Unfortunately this best opportunity is what I described over a year ago given Grahame's original ask  Healthcare Blockchain - Big-Data Pseudonyms on FHIR

The smart-contract would include:
  • Upfront payment for the access (some micro-payment)
  • Requirement for escrow of coin to be unlocked to the Patient if other terms are violated
  • Terms of protection of the data
  • Kind of clinical trial allowed (heart conditions, but not brain)
  • Agreement to keep all research public
  • Agreement to contact patient if the patient could benefit from new treatment detected
  • Agreement to contact patient if some treatable medical condition not previously known is discovered
  • Agreement to not contact patient if terminal condition is detected
A clinical trail that can meet these, could satisfy the contract and gain access. If they violated any of the terms, the smart-contract would automatically transfer the escrow coin to the patient.  Based on some sunset term (like possibly the natural death of the patient), the escrow coin goes back to the research organization. So clearly that legal-will is important to this use-case...

Variants on smart-contract based on de-identification capability
It is possible that the patient publishes multiple flavors of the smart-contract. Each offering different types of pseudonym blinding: Some flavors would expose MORE information, and have higher contract requirements (like shown above). Some would expose very well de-identified data, and have less strict contract requirements.  

Highly de-identified data, where ALL direct and in-direct (Quasi identifiers) are removed. Including fuzzing completely dates, patient characteristics, location, etc. If the data is highly de-identified it is less valuable for clinical trials, but it also wold not need to be as strongly protected. So it is possible for this offering the smart-contract does not require an escrow of coin.

These variants would require that the authorized access to the data enforce these variations. Thus one would need some access method to the data where the de-identification can be accomplished. This might be done by different servers hosting the various flavors, confirmed by a human statistical analysis. This might be done by some automated de-identification service as I describe in
#FHIR and Bulk De-Identification

Healthcare Financial transactions
I any financial related transactions might certainly be good blockchain, even if it is healthcare related. Still privacy and safety concerns, but these are a step away. For example 

Wednesday, August 15, 2018

Open Call for IHE Work Item Proposals 2019

As the IHE ITI Planning Co-Chair... I want to bring attention to the opportunity to bring an Interoperability Problem to IHE to be solved and formulated into an IHE Profile (Implementation Guide). The planning cycle has begun! The IT Infrastructure (ITI) and Patient Care Coordination (PCC) Domains are soliciting work item proposals for the 2018 Publication Cycle. The Call for Proposals concludes September 21, 2018.

For detailed information visit the IHE Call for Proposals Wiki site.

If you are new to the IHE International Call for Proposal Process?
Ready to participate in the Call for Proposals?
Interested parties are invited to submit a brief proposal (template form) for new IHE Profiles and/or White Papers to be considered for development in the new Publication Cycle.

Proposals should be entered using the attached Brief Profile Proposal template. They should address the following:
  • What is the problem and how does it look in practice? (Describe the use case)
  • How should things look in practice if it were fixed?
  • What specific standards could be used to solve the problem, if known?
  • If possible, give some indication of the business case for solving the problem (e.g., quantify the cost).
  • It is strongly recommended that the proposal include the name of an editor for the proposal should it be selected for development.

Email your completed brief IHE Proposal template to the corresponding email address listed below before September 21, 2018 at 11:59pm CDT. Proposal templates can also be found online at:
  • ITI Domain Proposals: John Moehrke at: johnmoehrke@gmail.com, ITI Planning Chair
  • PCC Domain Proposals: Emma Jones at: Emma.Jones@allscripts.com, PCC Planning Chair
What happens if my proposal is selected?
The IHE ITI and PCC Planning Committee will review each Brief Proposal and select a "short list" of proposals for further consideration. Detailed Profile Proposals are sent to the IHE ITI or PCC Technical Committee for evaluation and returned to the Planning Committee for a final vote. Please visit the Wiki for detailed information about the IHE Call for Proposals.

Questions or Comments? I am glad to guide, assist, or otherwise encourage.

Thursday, August 9, 2018

Modes of patient centric communication

When it comes to Patient Data exchange, I want us to be inclusive of "Mediated" exchange, "Directed" exchange, "Controlled" exchange, and "Negotiated" exchange. I have not seen these formally defined, so here is my informal definition. Let me know if you know of another mode of communication.

  • Mediated Exchange -- where the Patient themselves is an active part of the communication pathway. Such as carrying the data within their possession, using a personal device and application, --- Such as using a phone resident App using FHIR to download their data, then upload that data to some recipient. 
  • Directed Exchange -- where the Patient actively requests that the information flow to a selected destination. --- Such as a patient using Direct Secure Messaging, or where a patient requests that the data be pushed.
  • Controlled Exchange -- where the Patient does not get directly involved in the communication, but should be understanding of the communication and possibly have control. over that communication ---- Like using Health Exchange between Provider organizations
  • Negotiated Exchange -- where the Patient themselves connects two parties and authorizes the flow between those two parties. This might use the HEART standard for authorization, and FHIR bulk data access.
Are we there yet? I think we need multiple modes. None of these solve all needs. Each has specific strength.