Healthcare data sharing is a balancing act of innovation and security

Interoperability: Health IT's Dynamic Future

 |  Audrey Carson

For better or for worse, healthcare is a fragmented field. There are different types of providers, varying patient care settings and a wide range of adopted technology within these settings. And somehow, bouncing among these technologies at varying stages of maturity, patient data has to last a lifetime.

As data flows through a stream of multiple interfaces and programs, maintaining integrity and semantic clarity is crucial for providers and patients to make the right healthcare decisions. At minimum, different EHRs and programs need to understand each other. At best, they will synergize for a seamless user experience, on pace with the expansion of smart devices and the Internet of Things (IoT).

Equally important — if not more — is information security.

“People’s health records are some of the most valuable data out there,” said Nick Anderson, director of product management, provider at CoverMyMeds. “Medical information can be worth ten times credit information in black market.”

So with hundreds of EHR platforms on the market – and most hospitals using at least 10 of them 1 – as well as patient apps, payment and notification technologies in play, how do we make sure everyone is playing by the rules in the health IT sandbox, but also has the space and freedom to innovate?

SMART on FHIR

To standardize health technology platforms, the U.S. government launched SMART Health IT in 2010. SMART is a universal application programming interface (API) which allows EHRs to operate more like app platforms than a single, static program. In 2013, SMART teamed up with HL7’s Fast Healthcare Interoperability Resource (FHIR) to add a free, open draft standard set of core data models. Known now as SMART on FHIR, this model enables innovators to create groundbreaking apps in the healthcare space while working within regulated guardrails.

“FHIR has an incredible potential as a mechanism to deliver interoperability in the near future,” Anderson said. “Current standards often pre-define the data flow/conversations between platforms; restricting messages to specific intent and data requirements that have little flexibility to deal with innovation. FHIR allows organizations the flexibility to self-define the data exchange, allowing data to be built from a set of components that can meet the varied intent and data requirements across different platforms.”

SMART on FHIR modernizes previous health data exchange standards to support further interoperability, reaching into the patient realm with health and medical data apps. The demand for patient-friendly portals is evident. In 2017, 93 percent of hospitals gave patients access to their health records online, a 27 percent increase in a five-year period.2

The Push: 21st Century Cures Act

Broad in its reach of healthcare, the 21st Century Cures Act “is designed to help accelerate medical product development and bring new innovations and advances to patients who need them faster and more efficiently.”3

Included in these advances was the requirement of certain health information technology products to have open APIs, allowing the easy access and exchange of information and to provide access “to all data elements of a patient’s electronic health record to the extent permissible under applicable privacy laws.”

As EHRs and data platforms got on board with FHIR, another issue surfaced: with no mandate for a specific version of FHIR resources (and with version updates rolling out, as software tends to do), programs could interoperate on a technical level, but not necessarily on a semantic level. It would be like a phone call connecting, but on one line the person is speaking French and the receiver can only speak English.

FHIR R4 Brings The Normative, R5 On the Horizon

HL7 released FHIR R4 in early 2019, to the collective relief of healthcare developers and, eventually, users. The version allowed backward compatibility, meaning applications on FHIR now could speak a common language, accounting for the uneven version adoption across platforms. While it doesn’t mean a single standard, it certainly brought the ecosystem closer together.

Version 5 is expected early next year, with even more content moving to a normative status as well as support for applications using multiple FHIR releases seamlessly, multi-language support and federated servers. Another update will be the ability to manage event notifications to clients as actions happen within the server.4

Barriers to Interoperability

As is the case with most industries, consumers want visibility and accessibility. Healthcare is no different, which is why, for example, Apple leaned into the healthcare API space with its personal health record feature, which uses HL7’s FHIR specification. Users have EHR-like visibility into their immunization history, allergies, lab results and data updates. Of course, with this comes encryption and security concerns. With greater flexibility comes a risk of security breaches each time users share information. Infrastructure must allow providers to verify authorization for an information request, while each entity must secure this data.

Some in the healthcare IT space have raised concerns about liability and patient data being used without express permission. Last year, the Department of Health and Human Services introduced proposed rules around healthcare interoperability to enable easier patient access to their health data.5 Many health systems and health IT companies applaud the push for patient empowerment with their own health data, but remain very concerned about patient and relatives’ privacy and rapid implementation timelines that may not allow time for building security guardrails.6

Those in favor of the rules as written, mainly large tech companies, want to get them finalized and released to spearhead greater interoperability and new opportunities for growth in the healthcare technology space.

The rules are currently under review by the Office of Management and Budget (OMB), the final step before publication.7

A Productive Future

While rules and regulations on the patient data side are hotly debated, innovators continue to push the boundaries of software and interoperability, ready with solutions that can be implemented when the time is right. To bridge tomorrow’s innovation with today’s health information security challenges, HL7 hosts regular FHIR Connectathons to give developers an opportunity to test and gain experience with FHIR-based solutions in a safe environment.

The Healthcare Information and Management Systems Society (HIMSS) regularly hosts webinars and resources around interoperability. The HIMSS20 Interoperability Showcase will allow conference participants to see interoperability in action through specific use cases showing how information can exchange seamlessly throughout the healthcare journey.

Be sure to visit CoverMyMeds at HIMSS20 to see how we’re connecting with other innovators in healthcare information technology.

Sources

  1. “Healthcare IT News, May 2018”
  2. “Sharing Data, Saving Lives: The Hospital Agenda for Interoperability, American Hospital Association, 2019”
  3. “U.S. Food & Drug Administration, 21st Century Cures Act”
  4. “Microsoft Cloud Blogs FHIR Subscriptions and State Changes”
  5. “Notice of Proposed Rulemaking to Improve the Interoperability of Health Information, Health IT”
  6. “CNBC, January 2020”
  7. “FierceHealthcare, January 2020”
Share this article on Facebook Share this article on Twitter Share this article on LinkedIn Share this article via email
Stay up to date on what's trending in healthcare