Google Buzz & Your Digital Health Doppelganger

At this point, it is fair to say that everyone has either heard or read about how Google’s latest foray into social networking, Google Buzz, has gotten off to a bumpy start due to privacy concerns. We can only speculate as to why Google failed to appreciate Buzz’s underwhelming privacy protections. Maybe Google was aware of the privacy issues but felt that they were outweighed by the “turn key” social network that would automatically be created by leveraging the user’s own Gmail contact list. Alternatively, Google may have simply not appreciated the privacy issues. Whether Buzz’s threats to privacy justified the immense firestorm that has occurred is besides the point. Regardless of whether the privacy issues are justified or not, as consumers utilize social networking tools to a greater degree, they are becoming more aware of the potential privacy problems, and are becoming more vocal when they disapprove.

One of the more troubling aspects of Google Buzz was that  it automatically created a network of users in your Buzz social network based on the addresses you emailed most in Gmail. Buzz would then automatically start following those contacts. The issue was compounded by the fact that Google made the list of people you were following on Buzz public by default. This automatic follow-and-tell-the-world approach that piggybacked off of Gmail users’ contact list has since been tweaked. Currently, a user joining Buzz is offered suggestions of who to follow, and those whom they choose to follow are not broadcast for the world to see.

A hypothetical within the health care setting may serve to illustrate why this approach was problematic, and will also illustrate why social networking may have profound implications for our “digital health doppelganger.” Under the initial iteration of Buzz, physicians using Buzz who were following the Buzz feeds of their patients would, simply by using the service, make the names of who they were following public to all their other followers.  In other words, a patient could see the names of all the individuals that their physician was following, including any who happen to be patients.  This situation could be disastrous both personally and economically if the individual was being treated by a physician specializing in schizophrenia or HIV/AIDS–diseases that have, for whatever reason, become highly stigmatized and prone to various discriminatory responses. It is therefore clear that myriad privacy and confidentiality issues arise, including questions of whether such information would be considered protected health information under HIPAA. That the disclosure of fiduciary relationships is troublesome is nothing unique to health care: in the legal profession, the mere existence of an  attorney-client relationship can be considered privileged information.

But back to Health IT, an area where  our digital health doppelganger is progressing through its adolescence in a landscape of social networks, electronic health records, and a highly fragmented health care delivery system. A number of general areas of concern arise. Including:

1) the online storage of our personal sensitive health information (e.g. in EHR and PHR databases, and Law Enforcement and “Fusion Centers”).

2) current modes of interfacing with our online health data (e.g. access viz. home computer, mobile phone, kiosks).

3) future modes of interfacing with our online health data (e.g. increasing mobile use, RFID, Smartcards, video playback of encounters).

4) how others will access and use our online health data (e.g. Primary care physician accessing our PHR, Site-wide access by Accountable Care Organizations, targeted advertising in PHRs based on the content found within the PHR service or services it can connect to).

5) how we will interact with the health data of others (e.g. PatientsLikeMe.com, increasing meta-analysis of health data available through future nationwide interoperable EHR systems).

6) how our increasingly digitized health care persona will exist alongside our professional and social personas.

Google and  Microsoft offer immensely useful services, but which concomitantly force us to more deeply analyze these issues, particularly the last issue, which both feeds back, and is affected by, each of the other issues. More than any other company, Google has sought to integrate their products to make communication and organization as seamless as possible. For example, The to-do list in Google Tasks is, not surprisingly, symbiotic with Google Calendar, while the latter service interfaces with Gmail by scanning the content of a user’s email for the tell tale signs of future events, and and offering to add a calendar entry.  For those of you not using Google, the right portion of the picture below illustrates how Google recognizes the contents of the email message, and asks the Gmail user if she wants to add the event to their Google Calendar.

The simple example above makes it easy to imagine similar features being offered in PHRs like Google Health and Microsoft HealthVault–PHRs that are provided by entities that either offer social networking tools alongside their PHRs, or who plan to somehow utilize outside data that is available through other means.  As consumers, we must determine how precocious we want our online health persona to be. It must be noted that there is nothing intrinsically wrong with this integration, and such integration certainly offers many benefits to providing better information to patients and physicians.

However, both Google and Microsoft are unique in that they are introducing personal health records to their users who have already ceded to them an extraordinary amount of highly personal information.  This raises interesting questions that will test our willingness to integrate our social network with our health identity. For example, how should Google Wave–Google’s new hybrid email/chat service–be interfaced with Google Health? Furthermore, what status will a physician-patient conversation thread on Google Wave or Google Buzz be provided? Is it more like a health record or a phone conversation? Would it be acceptable for Google Health to utilize health related information that it recognizes within your Gmail messages? Even though Google has refrained from displaying targeted ads within Google Health, would the reverse be acceptable, whereby Gmail advertisements are determined based on Google Health data?  Would it be inappropriate for Google Health to utilize information about your newly diagnosed diseases  to connect you to health-related social networks such PatientsLikeMe?

Users are likely to forget about Google Buzz’s initial oversights, especially in the short-attention span sphere that is the Internet. This is okay, so long as changes are made to appropriately address such glaring issues. We must, however, ensure that we tackle the much more difficult question of what limits to place on the subtle, yet no less powerful, forces that are altering the breadth of our increasingly digitized and integrated online persona.  For many of us, the personality of our digital health doppelganger is taking shape on our screens and our smartphones. Are we going to like what we see? And perhaps more importantly, will others?

Things You Wanted to Know About the New HIT Standards But Were Too Afraid to Ask

In a previous post I discussed the interim final rule (IFR) that was recently promulgated by the Office of the National Coordinator for Health Information Technology (ONC).  The previous post discussed two of the four categories of standards in the IFR. This post will look at the final two categories. In order to appreciate the purpose of the final two standards, it is worth recapitulating the basic framework upon which the IFR is based.

The ONC’s framework for the standards is to first start with the meaningful use objectives. From the broad objectives of meaningful use, the ONC establishes certification criteria for these objectives. Based on the certification criteria, the ONC has adopted standards that would allow for an objective determination of whether the criteria has been met.

An example will help: One of the meaningful use objectives is “the capability to exchange key clinical information among providers of care and patient authorized entities electronically.”  To achieve this objective, “Certified EHRs” will have to meet the following criteria: “[The EHR system must] electronically receive a patient summary record, from other providers and organizations including, at a minimum, diagnostic test results, problem list, medication list, immunizations, and procedures and upon receipt of a patient summary record formatted in an alternative standard specified in Table 2A row 1, displaying it in human readable format.”

In order to guide EHR vendors (and purchasers) in fulfilling the above criteria–and likewise the larger meaningful use objective–the ONC has adopted a number of standards that EHRs must utilize in order to be certified. These standards fall into 4 general categories.

1. Vocabulary Standards — The standardized nomenclatures and code sets used to describe clinical problems and procedures, medications and allergies.
2. Content Exchange Standards –  The standards used to share clinical information such as clinical summaries, prescriptions, and structured electronic documents.
3. Transport Standards — The standards used to establish a common, predictable, secure communication protocol between systems.
4. Privacy and Security Standards — Standards relating to authentication, access control, transmission security which relate to and span across all of the other types of standards.

My previous post provided a general overview of the first two standards, the first of which specifies the language of “EHR speak,” while the second specifies standards giving that EHR vocabulary a predictable organization so as to ensure that different EHR systems can interpret the data.

In the previous post I used the analogy of the Bluebook style of citation to explain the content exchange standard and vocabulary standard. As you can see, the following two citations share the same basic organization (e.g. case name in italics, followed by the reporter volume number, name of the reporter, starting page of case, etc).

Wilson v. Mar. Overseas Corp., 150 F.3d 1 (1st Cir. 1998)

Orange County Agric. Soc’y, Inc. v. Comm’r, 893 F.2d 529 (2d Cir. 1990).

The content exchange standard is analogous to the order of the different elements of the citation. Regardless of the case, all Bluebook citations to federal court of appeals cases have this same basic organization. The part that changes is the vocabulary. As you can see in the cases above, two different reporters (publishers) have been used: F.3d and F.2d.  There are still only limited options for the vocabulary of court reporters.  Likewise, even though the organization of a patient’s record will remain constant, it will obviously consist of different terms depending on, among other things, the patient’s diagnosis and test results. The possible terms within the chart are determined by the vocabulary standards.

Essentially, the signifier and syntax standards are meant to save us from constructing a costly high-tech Tower of Babel. A sign (word, letter, number, symbol) displayed in a particular way must have an agreed to and discernible meaning.

With these two standards in mind, a brief overview of the latter two standards is possible.

Transport Standards

Though the data is sitting on server A in a structured format–governed by the content exchange and vocabulary standards discussed above–there is more that needs to occur for the data to be useful. For example, Computer A must “know” how to send a request for that data in a way that Computer B can understand. Likewise, Computer B must “know” how to respond to Computer A’s request, i.e., how to structure the response it will give to Computer A. This is where the third category of “transport standards” becomes important.

Luckily for us, one of the transport standards (SOAP) adopted by the ONC is the same standard used by LexisNexis. This allows us to continue our analogy.

When I log onto LexisNexis, I have the opportunity to enter a citation. The citation must be entered in the same basic order that the Bluebook citation provides. Therefore, utilizing the first case cited above, I would type in:

150 F.3d 1

The name of the parties in the case is not necessary since only one case occurs at a given page (page 1) of a reporter’s (F.3d) volume (150). If I submit that citation and Lexis recognizes it, Lexis will then display the case. The beautiful thing about Lexis (and Westlaw) is that the case data, like the citations, has a specified organization–analogous to the organization specified by content exchange standards. One discrete element common to all Lexis cases is a field listing the parties’ counsel. Let’s say that I am an iPhone application developer and I want to create a simple application that would allow a user with a Lexis account to type in a citation like the one above, and in response the program would output the opposing counsel field (as opposed to the whole case). My application would need to know how to trigger Lexis’s server to go and find that information in the database. Likewise, the Lexis database must know how to package and send that data back to the client application. Thus, the fact that Lexis organizes data like citations and counsel into organized fields with specific vocabulary is not sufficient. Rather, there must be a standard governing the requests of specific information, as well as how that information should be formatted and transmitted. This is the role of the “transport standards.”

The ONC adopted two alternative standards–the SOAP standard and the REST standard–to govern requests and responses between client and server computers. As stated above, the SOAP standard is used by Lexis (and other Internet sites) to allow other applications and services to be able to interact with it. That Lexis uses the same standard as that adopted in the HIT interim final rule helps to illustrate the broad nature of  transport standards. Unlike the content exchange and vocabulary standards that are unique to the practice of health care, the transport standards ensure that services wishing to interact with a server have an agreed upon framework by which to accomplish the interaction.  As becomes obvious from this discussion, ensuring the proper implementation of the transport standards is critical to meeting the meaningful use objective described earlier that dealt with exchanging clinical information among providers. Additionally, having a specified standard for requesting and receiving the data is crucial for personal health record (PHR) services that seek to interface with the databases of health care providers in order to retrieve and display certain information to the consumer of the PHR.

Privacy and Security Standards

The fourth group of standards deals with privacy and security, and for the most part, this part of the IFR is straightforward. The reason for the straightforwardness is that the ONC has decided to model their privacy and security criteria off of HIPAA’s Privacy and Security Rules. Therefore, there are no real surprises. With that said, the HITECH Act does direct the various HIT committees as well as the ONC to look at capabilities beyond those specified in the HIPAA Security Rule. Thus, even though the IFR does not change the privacy and security landscape in any major way, there is no promise that things won’t change in the future.

Specifically,  the ONC has adopted standards for certain aspects of HIPAA but not others. For example, standards have been adopted for the encryption of data, but not for “access control” measures that are used to prevent unauthorized access at computer terminals connected to EHR systems. The ONC’s rationale is that the methods of regulating access are evolving at a rapid pace, whereas there are industry best practices available for encrypting information. As a result, the ONC requires all certified EHR systems to be capable of encrypting their data. This is somewhat remarkable given that HIPAA and HITECH do not require all entities to use encryption. The ONC believes that this capability will spur the use of encryption by making it available to all consumers of certified EHR systems. Furthermore, the implementation of encryption by HIPAA covered entities is important because it acts as a safe harbor, relieving them of the responsibility of having to report a data breach.

As Table 2B shows, the ONC distinguishes between the general encryption of stored data on the one hand and the encryption of transmitted data on the other hand. Please click on the thumbnail below to enlarge the table.

The ONC has stated numerous times that the IFR in no way changes the responsibilities of covered entities or business associates under HIPAA (and HITECH). Rather, it solely concerns the capabilities of certified EHR systems.

An Overview of the New Federal Standards Governing Health Information Technology (Part 1)

Those hoping for health reform have recently had a bad stretch of luck. I am here to report that movement in the reform process is certain in one area: health information technology (HIT). It may not be the sexiest topic in health care, but as David Blumental, the director of the Office of the National Coordinator for Health Information Technology (ONC),  noted in his piece for the New England Journal of Medicine, “[i]nformation is the lifeblood of modern medicine. Health information technology (HIT) is destined to be its circulatory system.” The ONC recently released an interim final rule (IFR) for HIT standards. CMS released a notice of proposed rule making (NPRM) that describes how Electronic Health Records (EHRs) are to be put to “meaningful use.” The context of both of these rules is the incentive-based program that the federal government has created. The goal of this program is to spur the creation of a sustainable and interoperable nationwide network of EHRs.

As opposed to describing every detail of the ONC’s interim final rule, I think it would be more valuable to broadly discuss the general standards that the government has decided upon, and then describe those standards so that the reader has a general idea of what these standards are.

Two Tables are Primary Reference for Understanding the Rule

So what did the ONC determine? The easiest way to tease out the big picture is to refer to two tables (Table 1 and Table 2A) that are buried within the IFR.

The two tables have been extracted from the pdf for ease of reference. Table 1 can be found here (pdf). Table 2A can be found here (pdf).

For the full IFR, it can be found here in pdf or here in html.

Using the tables to decode the IFR

Table 1 has three columns. The column on the left consists of the stage 1 meaningful use objectives that were issued by CMS and which serve to govern the purpose and capabilities of EHRs at a broad level. (For background on CMS’s proposed guidelines for meaningful use, see my earlier post here). The two columns on the right of Table 1 are the ONC’s certification criteria. These criteria have been created in order to support CMS’s meaningful use objectives. The middle column corresponds to the criteria for non-hospital providers–referred to as eligible professionals–such non-hospital-based physicians. The rightmost column corresponds to the criteria for hospitals (referred to as eligible hospitals). These two groups, eligible professionals and eligible hospitals, are eligible in the sense that they are eligible for reimbursement in exchange for the meaningful use of EHR technology.

Table 2 is the final piece of the puzzle, laying out the standards that the ONC has adopted. The standards are the nitty gritty details of the broader certification criteria that support the even broader meaningful use objectives.  Thus, we have a framework for our standards: start with the meaningful use objectives, establish certification criteria for these objectives, and then specify the standards that would allow for an objective determination of whether the criteria has been met.

With these tables in hand, it is possible to delve a bit deeper into the ONC’s vision of HIT.

Three Important Phrases: “Certified EHR Technology”, “Complete EHR”, and “EHR Module”

The regulations utilize the phrases “Certified EHR Technology”, “Complete EHR,” and “EHR Module” in an effort to implement flexible standards that can evolve as the standards continue to evolve. This idea of the rules evolving is a common theme, and it cannot be stressed enough that the ONC has gone through great pains in balancing the predictability of constrained EHR standards with the dynamism of the evolving standards landscape.

Terms

• Qualified EHR: an electronic record of health-related information on an individual that:
  • (A) Includes patient demographic and clinical health information, such as medical history and problem lists; and
  • (B) has the capacity:
    • (i) To provide clinical decision support;
    • (ii) to support physician order entry;
    • (iii) to capture and query information relevant to health care quality; and
    • (iv) to exchange electronic health information with, and integrate such information from, other sources.’
• Certified EHR Technology: A Complete EHR or a combination of EHR Modules, each of which:
  1. Meets the requirements included in the definition of a Qualified EHR; and
  2. has been tested and certified in accordance with the certification program established by the National Coordinator as having met all applicable certification criteria adopted by the Secretary.
• Complete EHR: EHR technology that has been developed to meet all applicable certification criteria adopted by the Secretary.
• EHR Module:  any service, component, or combination thereof that can meet the requirements of at least one certification criterion adopted by the Secretary. Examples:  Interface or other software program that provides the capability to exchange electronic health information; An open source software program that enables individuals online access to certain health information maintained by EHR technology; A clinical decision support rules engine; A software program used to submit public health information to public health authorities; and, A quality measure reporting service or software program.

In order to allow for flexibility, the ONC does not require that “Certified EHR technology” is a complete “turn key” system. Rather, the ONC allows for two different types of “Certified EHR Technology.” On the one hand you have “Complete EHRs” which are  “turn key” solutions in that a complete EHR meets the broad functional requirements of a qualified EHR and all of the  certification criteria listed in Table 1 (see link to Table 1 pdf above). On the other hand, “Certified EHR Technology” may also consist of a combination of modules, as long as the combination of modules meets the broad functional requirements of a “Qualified EHR,” and the modules together satisfy all of the certification criteria. Thus, physicians and hospitals retain flexibility in how they implement technology to achieve meaningful use.

The Adopted Standards

The ONC has grouped the standards into four groups:

1. Vocabulary Standards — The standardized nomenclatures and code sets used to describe clinical problems and procedures, medications and allergies.
2. Content Exchange Standards –  The standards used to share clinical information such as clinical summaries, prescriptions, and structured electronic documents.
3. Transport Standards — The standards used to establish a common, predictable, secure communication protocol between systems.
4. Privacy and Security Standards — Standards relating to authentication, access control, transmission security which relate to and span across all of the other types of standards.

Content Exchange Standards

Table 2A describes the first 2 categories. It is actually most helpful to initially discuss the second category: the content exchange standards. The content exchange standard can be thought of as the rules that constrain the shape and form of the data. In other words, it concerns how the data is structured. A standardization  of the structure is necessary so that different computer systems can predictably send and receive data that is organized in a predictable format. A rough analogy can be made to the Bluebook citation standards which specify the organization of legal citations. Regardless of the court reporter being used, all bluebook citations to federal court cases have the same basic organization (e.g. case name in italics, followed by the reporter, starting page, etc). Whereas a law school journal may only accept the Bluebook standard, the ONC has decided to allow for two standards:  Health Level Seven (HL7) Clinical Document Architecture (CDA) Release 2 (R2) Level 2 CCD or ASTM CCR.  Again, the ONC has sought flexibility in the initial stage of the certification process by allowing for multiple standards to be used. As noted in Table 2A, the ONC will eventually decide on one of these standards. It should be noted that if HL7 is picked, the ASTM standard can be “mapped” onto HL7 so that systems using ASTM can become interoperable with HL7-based systems.

The first standard is referred to as HL7 CDA R2 CCD. Though the name is intimidating, it is not very difficult to explain. HL7 is an international health care standards organization. The Clinical Data Architecture part of the name serves to identify that we are dealing with HL7’s standards regarding the organization of clinical documents that are sent and received electronically. It is necessary to specify CDA because HL7 has released other standards. The R2 refers to the fact that it is a second version of the standard. The CCD stands for Continuity of Care Document, and identifies that the standard deals with a constrained amount of health information–specifically, the information necessary to create a summary of a patient’s medical history.

Vocabulary Standards

To go back to the Bluebook analogy, the Bluebook must do more than specify the organization of the information in a citation. Additionally, it must specify the actual content that can be represented. For example,  the vocabulary of the reporter of a federal appeals case consists of F. or F.2d or F. 3d. Likewise, the vocabulary of EHRs must be standardized. The standards adopted for the vocabulary are listed in Table 2A.  There are a variety of different standards that have been adopted, including ICD-9, SNOMED, and LOINC. Some of these standards are in competition, and as Table 2A shows, the ONC’s position on competing standards will change in Stage 2 of Meaningful Use. For example, the vocabulary for medications will become more restrictive in Stage 2. However, some standards are not in competition, but are independent and describe wholly different aspects of medicine. For example, RxNorm describes medications but says nothing about laboratory test results, which is the domain of the LOINC vocabulary.

Hopefully the above discussion of the ONC’s adopted standards offers a foundation that allows for closer inspection of the IFR. The second part in this series will detail the two additional categories of standards, as well as other salient details of the IFR.

For additional information on the ONC’s rules, the following resources may be of interest:

The ONC’s most recent meeting, including mp3s of the meeting, can be found here.

General information about the ONC’s efforts with respect to the new standards can be found here.

Information about Clinical Data Architecture can be found here.

A solid overview of the new standards can be found here.