Tech Giants Push Open Standards for Health Network

securitas writes "The New York Times' Steve Lohr reports that 'Eight of the nation's largest technology companies, including I.B.M., Microsoft and Oracle, have agreed to embrace open, nonproprietary technology standards as the software building blocks for a national health information network.' Microsoft, IBM, Intel, Oracle, Accenture, Cisco, Hewlett-Packard and Computer Sciences have formed the Interoperability Consortium to build a health information network proposed by the Department of Health and Human Services (HHS). The network is the first step in moving from paper to electronic patient records and sharing health data between doctors, researchers, insurers and hospitals. Mirrors at IHT and CNet News.com with additional coverage at IDG/ComputerWorld Australia."

About time ...

[malcomvetter]

Finally ... now maybe health care systems won't rely on dial-up as their primary method of sharing information from facility to facility.

Amazingly enough, health care is probably 5-10 years behind in IT. The optimistic note: Health Care IT can learn from the mistakes of the 90s (which they were thinking about implementing next quarter- honest) and with movements like this, perhaps they can finally adopt proven standards.

Interoperability and sharing...

[PornMaster]

Interoperability and sharing are all kinds of nice for the interchange of information, but what happens when a third-party developer comes up with something that can also plug-in, so it gets access to the data, but has some kind of big open hole in other parts of its code, so everyone's records are available to anyone?

Without resorting to a paranoid rant about huge databases where authorized people have access to my personal data... what about the unauthorized?

For some reason, I don't see a security framework coming down the line that is *good*, consistent, and enforced by the system as a whole.

Re:Interoperability and sharing...

[Zed2K]

This is a major problem in the hospital environment. As soon as you limit a doctor to seeing a patients record you cause problems. But you can't just let every doctor see it. The moment the doctor needs to see it and they can't is the moment the system fails. The doctor is not going to go through all the trouble it would take to request access and provide the reasons why they need access. A lot of doctors don't know how to work a mouse much less request security access to records. They will continue using paper for decades to come.

Re:Interoperability and sharing...

[Rei]

You think this isn't already an issue? I for one welcome any upgrades to the system - it's bound to be a lot more secure and have a lot less human eyes on the data.

At a job I used to work at, there was an officefull of people who really didn't need to be there if the system had just been designed properly to begin with. Each of them looked at huge amounts of personal data every day as they typed it in from one system to another. Then I, as a software developer, had access to all of it when trying to write scripts to ease access to this data. We transmitted it to several places, each of which probably had similarly inefficient and human-intensive systems. No encryption was used at any stage that I'm aware of. I mean, seriously, how is it going to get worse?

Re:Interoperability and sharing...

[jayspec462]

The system we use here has a concept known as "breaking the glass." A doctor who tries to view a record to which he normally wouldn't have access can (with confirmation) "break the glass" and see the record anyway. It sets off all kinds of alarm bells for the administrators, but if the situation was justified then it's all good.

Re:Interoperability and sharing...

[cayenne8]

"Standardizing the data isn't enough. Your system has to work with the clinic's workflow or they'll just toss it aside and keep using paper."

Yup, I used to work with a physician in a VA hospital...they just don't have time to sit at a terminal and type. Usually working with multiple patients all day...reading films and such..they will sit and dictate..but, you're not going to get a Dr. after every consultation or reading to find a terminal, sit down and type stuff in there. If they can get a viable speech to text translator...this might work.

It HAS to be quick, portable (or available within reach anywhere in hospital)...and fit in with the fast pace of Dr.'s practicing medicine, and not be intrusive to that....

HL7

[Kainaw]

Anyone who has worked on IT in the health field knows about HL7. It is a free protocol for sharing any and all medical information. As of version 3, it has become XML compliant to allow programmers to use XML parsing tools to read/write data. I don't understand why there is such a need to make a new protocol for sharing health data when one already exists and is in use with most EMR systems.

Re:HL7

[LadyLucky]

Shameless plug for our own software:

• Symphonia for parsing HL7 messages and customizing the message definition if you need to. Developers' toolkit.
• Rhapsody Integration Engine which lets you perform this integration in a GUI, without having to be a coder.

I used to be a developer for Rhapsody, and then lead the team for a while. Symphonia has been around for a very long time.

No, they don't

[CrystalFalcon]

They do not have access to the hospital data, period. I can't see why this is such a hard concept.

Hospitals are financed mostly by taxes and in part by private insurances. At no point will I allow the hospital to communicate any information directly to an insurance company, or vice versa. All such information passes through me. And I am free to lie about what I want, but I am also accountable for such lies, should I choose to change anything.

Anything other order is unthinkable.

Re:No, they don't

[kingpin2k]

You've piqued my interest. Does this mean that you're on the hook for services you consume at the hospital until such time as you receive reimbursement from the insurer? That's excellent. The third-party payment system is a joke, and it has turned on-demand healthcare into an entitlement for which the proverbial "they" always pay. If you're saying what I think you're saying, I like that a lot better.

Vista !

[Mad_Rain]

The Veteran's Administration Health Care System has an excellent electronic record-keeping system, and can be found even as an open-source format. I'm hoping that they build off of the OpenVista project, and have some standardization across health-care organizations, so that the patient records are more easily transferrable and readable by the providers.

Precursor to a national ID?

[wachusett]

Presumably this system would require a way to identify individuals (beyond name/address)...has there been any discussion of how that would be accomplished? (Social security number?) I can't think of a way that this could be accomplished where it wouldn't be controversial. Presumably you'd want to carry your "Health ID" at all times so that your records could be accessed in an emergency room. -Russ

As a Hospital IT Professional

[314m678]

I can tell you that this is great news. Our hospital currently has myriad legacy systems running on dinosaur mainframes all linked together buy buggy interfaces which sometimes resort to screen scraping.

Let me give an example of one of our systems, a text based system, with functionality similar to telnet, when I used it for the first time I noticed that it was slow to open, so I put a ethereal on it and noticed that to connect it sends 8MB of info every time you connect. Approximately 20,000 packets, each with every permutation of two ASCII chars.

We deal with crap this daily. For another program we are forced to use a non-standard telnet client that takes 100% of the CPU regardless of the machine you are using.

Open standards that could link admitting, clinical and financial hospital systems will save billions of dollars and probably a few human lives. Additionally, this will allow small software companies and open source coders to make applications that can be widely used. Ive been working on a multi million dollar project the last few months where an aspect of it was completely screwed up because one software vendor uses a non-standard interface that they will not allow us to access directly, as a result, our users have to settle for diminished functionality.

If encryption is built into this standard it will be a step ahead for HIPPA protection and most systems just send everything, (passwords too) in plain text. I for one, look forward enthusiastically to open source hospital applications made possible by open standards.

Actually, it varies

[CrystalFalcon]

but that's how it mostly works, yes. The hospital bills me, I am reimbursed by the insurance company, minus a small fixed amount which I don't know the U.S. term for.

There may be other systems but this is how I know it from where I live.

This only applies when seeking private care (95% not necessary) or needing a hospital bed, though. If it's an ordinary visit, I pay a small fee when entering the hospital, and the rest is paid through taxes. Many European countries don't have the entry fee, either.

A bigger problem than standards

The huge problem of sorting through extreemly complicated db groups has always caused delays in the roll out of health care software. The most reliable db in use so far is Oracle. If there was some standard in query language things might be different. Migrating data from one db to another has caused huge headaches for implimentation with MS gui driven aps.

The client aps are all written so that one implimentation can use MS sql or the db software of choice. My wife works with business process testing and function analysis on a large roll out of health care software. So far the act of going filmless has been successfull, but the time to implimentation costs are huge because of db migration and integration testing.

As far as the security of access goes, decisions about user access control have been paramount in the design. Each user and terminmal can access only the necessary info. In short the system has had to be designed from the ground up.

With the forsight to understand the asp.net and all the other access control problems caused by MS software, Cerner (the software vendor) has made some interesting decisions about going further than just being a MS centric gui vendor. They are starting to release unix versions of their healthcare software. Most people in the know would like to go back to a good old Vax style terminal and get away from the overblown MS wacky mouse button gui crap. Creating eye candy is not a big consideration in the real world. Effective training and efficient simple gui's are much more important.

Re:"Insurers"?

[the_rev_matt]

Because insurance companies donate heavily to political campaigns and any attempt to change things is met with overwhelming pr campaigns.

On example, back in the early 90's there was a ballot initiative in California to institute some mild insurance industry reform. Supporters managed to raise a few hundred thousand dollars to promote the initiative. The industry spent well over twenty million dollars on a campaign that basically said 'this initiative is anti-American, it will destroy the state economy and result in everyone in the state having no insurance at all.'

The initiative passed overwhelmingly in spite of this, amazingly. And last I checked, CA's economy was on par with the rest of the country, and roughly the same portion of the population has insurance.