HIE that really works

Just a few short decades ago, when the Internet was first forming, the community of people using this new network quickly settled on some standard ways to share documents, images, and other information over the web.

The Transmission Control Protocol / Internet Protocol (TCP/IP) was a reliable way to handle the lower level communications over packet switched networks.  Very quickly, some application layer protocol standards like FTP for exchanging files, HTTP for hypertext documents, and SMTP for e-mail became widely adopted standards allowing for the massive interoperability that exists over the Internet today.  Thanks in large part to these standards, it is now surprisingly easy to share all kinds of data over the Web.

So what about our health data like our allergies, the medications we’re currently taking, and the notes our healthcare providers wrote the last time we went to the doctor?  What about our X-rays, previous conditions, and lab results?  Medical data is special.  Our health data has additional requirements surrounding security, privacy, and consent to be met.  Many of these additional requirements are established as our right in laws like HIPAA and the Privacy Act.

Clearly, the protocols that govern computers sharing completely public Web pages are not enough.  However, we bank online.  Our financial data and monetary transactions certainly have additional security, privacy, and consent requirements as well as additional rules from law.

And while nothing’s perfect, most of us feel reasonably comfortable with financial transactions online.  I don’t know about you, but I’m even more concerned about somebody stealing my money than I am about somebody stealing my medical records.  I believe the success of banking online is proof that our medical data and health information can successfully be made available over the Web as well.

So why, when I step on a nail, is it still incumbent upon me to remember the date of my last tetanus shot?  Why is time and money still wasted repeating lab tests?  Why do clinicians still have to make diagnoses without being able to view all of the information that they might possibly want on the patient, assuming patient consent?

And what might a solution that really works look like?  Would it look like a secure giant repository in the sky?  Would it look like a distributed network of secure Web servers at every hospital or data source?  Would it perhaps be a card with a memory chip that patients carry around in their wallets?

The community is currently moving towards the distributed secure network of servers, specifically, the NHIN and the CONNECT open source project.  This is a reasonable approach, but it still feels like early days.  In its current form, it is difficult to work with and some of the specifications are a little ambiguous. It needs to be easy for the providers’ organizations to use.  Complex, difficult server software is not likely to be deployed effectively everywhere.