DirectTrust, a nonprofit association of health IT and healthcare organizations, has taken a step forward in developing health data exchange standards.
The nonprofit announced Tuesday that it has been accredited by the American National Standards Institute (ANSI) to develop health data exchange standards to increase data sharing using Direct exchange and trust frameworks.
DirectTrust has created a trust framework, which extends data exchange to more than 106,000 healthcare organizations and supports provider-to-provider information exchange, as well as data exchange between patients and providers.
More than 300 electronic health record and personal health record vendors and 50 health information exchanges (HIEs) participate in the DirectTrust network, which aims to support interoperable health information exchange through its Direct message protocols. Direct is similar to email, except the Health Internet Service Provider (HISP) handles email exchanges rather than an email provider such as Google or Yahoo.
DirectTrust began its application last year for ANSI accreditation and was approved in March. ANSI coordinates and facilitates the development of standards used worldwide by the healthcare industry, government agencies and consumers.
The Direct messaging exchange is a set of specifications and protocols known as the Direct standard, which was developed by a public-private collaboration called the Direct Project that was sponsored by the Office of the National Coordinator for Health IT (ONC) starting in 2010.
Don Rucker, national coordinator for health information technology, said in a news release that ONC initiated the Direct Project as a new option for exchanging electronic health information. The Direct Project grew from stakeholder meetings and was structured as a consensus-based standards development organization. The Direct Project had participation and the sanction of the U.S. Department of Health and Human Services and ONC, but no affiliation with an accrediting authority.
“DirectTrust’s accreditation by ANSI is an important step forward for this decade-long public-private effort to advance interoperability nationwide,” Rucker said in the release.
DirectTrust has also issued a call for participation for the Direct Standard Consensus Body, a group of healthcare industry stakeholders to help develop DirectTrust standards.
Earlier this month, the VA teamed up with DirectTrust to improve interoperability with community hospitals through DirectTrust’s health data exchange services. The VA joined the DirectTrust Accredited Trust Anchor Bundle, which gives VA healthcare providers access to 1.8 million endpoints in DirectTrust’s national network.
DirectTrust will also be hosting its first conference in June. The DirectTrust Summit will offer panels focused on FHIR and the future of trust in healthcare as well as the role of identity in healthcare exchange.
The Centers for Medicare and Medicaid Services appointed a new leader to drive change and interoperability in healthcare from the federal level.
Mark Roche, a physician informaticist, will take on the newly formed role as chief healthcare informatics officer, a position created last year by the Centers for Medicare and Medicaid Services. He is set to lead CMS’s core initiatives, including its push for interoperability in healthcare and the MyHealthEData Initiative.
Roche spent more than 16 years working on initiatives such as semantic interoperability, which would enable healthcare systems to share data in a way that’s useful. He also served as a physician adviser to the Office of the National Coordinator for Health IT, according to an email from CMS Administrator Seema Verma to her staff. He aided in developing components of measures like the 2015 E-Certification Rule supporting CMS’ Meaningful Use Stage 3 program, renamed now to the Promoting Interoperability program.
Along with his work on the federal level, Roche also served as an adjunct professor for Northwestern University’s medical informatics program and worked at the U.S. National Cancer Institute.
CMS started its search for a CHIO last summer, a move Verma said was overdue. “The truth is, as the largest healthcare payer in the country, CMS should have had a [chief healthcare informatics officer] function long ago,” she said in a blog post announcing the search.
The decision to create a chief healthcare informatics officer position is an acknowledgement by CMS that the agency couldn’t continue to operate in a business as usual kind of way and hope for different results, according to Verma’s blog post. Roche’s mission will be focused on data — how it could better be shared and used to improve healthcare delivery and outcomes, she said.
Interoperability in healthcare isn’t just a buzzword for the healthcare community, it’s also something technology companies are talking about.
Patrick Combes, technology leader for healthcare and life sciences at Amazon Web Services (AWS), said interoperability in healthcare is one of the biggest trends he’s paying attention to this year. While AWS is a major provider of cloud computing services, its healthcare and life sciences track focuses specifically on simplifying technology integration for healthcare organizations, where improving care delivery to patients is part of its underlying mission statement for healthcare providers.
In an interview with Combes at HIMSS 2019, he said he’s seen a push toward greater interoperability both from federal regulators and demand from AWS customers.
“People are beginning to realize the value of bringing this data together,” he said, citing this as the reason for the uptick in interoperability interest.
“We see this not only as a trend, but the only path forward,” he said. “To build a better collective understanding of all the data that’s being pulled in, we have to at least be able to talk about the same things in the same way.”
When it comes to increasing interoperability in healthcare, Combes said AWS is particularly focused on creating the technology backbone necessary for interoperability to take root.
“What we’re trying to do is make sure the machinery for a lot of this works,” he said. “And then surface that machinery so our partners can develop these very specific interoperability solutions.”
One of the biggest interoperability challenges Combes sees for the healthcare community is expanding interoperability standards, such as Fast Healthcare Interoperability Resources standards developed by Health Level Seven, and making them applicable on a larger scale.
“When we work with our partners to scale out these solutions we help build, one of the bigger issues we find is that there’s not a complete understanding of how best to scale,” he said.
Though bringing interoperability to scale can be a challenge, Combes said it’s valuable in the long run because it allows further reach to a greater number of patient records as a result.
Stan Huff has spent years helping create what he believes is now one of the best standards for moving healthcare closer to interoperability. The Fast Healthcare Interoperability Resources (FHIR) standard, developed by standards organization Health Level 7 International (HL7) for the purpose of exchanging clinical data electronically, saw its fourth release last month. From Huff’s point of view, the FHIR standard takes the healthcare industry to a “new level of interoperability.”
Huff, chief medical informatics officer for Intermountain Healthcare in Utah and co-chairman for an HL7 working group, said FHIR R4 addresses a major pain point for developers.
The most important development in FHIR R4 is that much of its base platform is now normative and backward compatible. The designation indicates a level of maturity and stability and, for developers, promises fewer changes to the base platform’s structure going forward so that programs written against FHIR R4 will work in future versions, Huff said.
Before this, programmers who built applications on an earlier version of the standard were forced to go back and make significant changes to the program to accommodate the release of a new version, according to Huff.
“Now when we go from version four to version five, there should be few if any changes to those resources, so you don’t have to anticipate or expect that you’re going to have that programming burden when the next version of FHIR comes out,” he said.
The FHIR standard still faces its share of hurdles, such as making additional resources normative and standardizing more medical terminology, Huff said. Semantic interoperability is a general sticking point for the healthcare community, and the FHIR standard is no different. For example, a field in the FHIR standard called the “observation resource,” allows programmers to input codes for medical observations such as blood pressure. But, because multiple codes for blood pressure exist, medical professionals risk how effectively systems can talk to each other, he said.
“If you’re not careful, people implementing the standard will choose different codes and then you don’t end up with a high level of interoperability that people expect,” Huff said. “We’re working right now, trying to include clinical societies and others to converge around exactly the way we use that standard and the way we use terminology to get us to a higher level of interoperability.”
Huff said with the new release of the FHIR standard, he’s looking forward to broader implementation, which will only help improve future versions of the standard.
“I think what we need to do is continue to improve FHIR, to use FHIR and add information models and terminology that we need to make it even more interoperable,” he said. “And that’s the path we should be on.”
Rules and regulations proposed by the Office of the National Coordinator for Health Information Technology hang in limbo, thanks to the government shutdown. But that isn’t stopping the federal organization from pushing forward on addressing a significant pain point for the healthcare industry.
ONC released updates to its Interoperability Standards Advisory (ISA), a living document focused on improving the exchange of data between healthcare systems. The updates are based on recommendations from the Health IT Advisory Committee and feedback from the healthcare community.
ONC has added interoperability needs the healthcare industry should address to further information-sharing to ISA 2019, including several electronic prescribing-related interoperability standards that would allow pharmacies to request additional refills and prescribers to send prescriptions for controlled substances to a pharmacy.
ONC included the updates in its release of the 2019 ISA Reference Edition, which provides a snapshot of the document, and the healthcare community can also tap into an ISA RSS feed when the document is changed.
ONC received 74 comments on the document in 2018, resulting in around 400 revision recommendations, according to an ONC news release. ONC uses the ISA to identify and assess interoperability standards and implementation specifications the healthcare industry can use to address interoperability needs, the release said.
The federal organization believes the ISA should be considered an open resource for healthcare industry leaders that reflects the latest thinking around standards aimed toward nationwide interoperability.
The Department of Health and Human Services published a guide of cybersecurity practices with the aim of reducing the growing risk from cyberattacks. The recommendations are just that — suggestions to be instituted voluntarily.
“Health Industry Cybersecurity Practices: Managing threats and protecting patients” stems from the Cybersecurity Act of 2015. Section 405(d) called for an alignment of security approaches across the healthcare industry.
In that vein, HHS and the 405(d) Task Group spent more than a year tapping into the expertise of 150 public and private healthcare and cybersecurity experts through the Health Sector Coordinating Council. The task group focused on current threats, weaknesses and effective cybersecurity practices.
Last week, the task group published its four-volume guide. Rather than reinvent the wheel, the guide builds off the NIST Cybersecurity Framework with the aim of helping healthcare CIOs move the cybersecurity needle. Indeed, one of the guide’s unmistakable themes is the criticality of educating everyone in an organization on how to fight against cyber threats. As Janet Vogel, HHS acting chief information officer, said in a press release announcing the news, “Cybersecurity is everyone’s responsibility.”
The guide’s first volume details five of the most widespread cybersecurity threats healthcare organizations face. It uses easy-to-understand language, for example, describing email phishing attacks as “an attempt to trick you, a colleague or someone else in the workplace into giving out information using e-mail.” The first volume also includes real-world scenarios, quick tips on how to keep the threats at bay and, in table form, the potential vulnerabilities that may exist within an organization and the corresponding cybersecurity practices to consider.
The second and third volumes are “technical volumes” broken down by organization size. One provides detail on the ten recommended cybersecurity practices for small healthcare organizations and the other for mid-sized and large healthcare organizations.
The cybersecurity practices are not listed in any order. Instead, the resource is meant to provide “flexibility for an organization to determine its unique security posture, through a risk assessment or other assessment, and to determine how to prioritize and allocate resources,” according to the guide.
The final volume is a collection of additional resources that may come in handy.
And if healthcare CIOs need it, the guide makes a compelling case as to why cybersecurity should be top of mind for anyone in the C-suite. Healthcare organizations are increasingly facing ransomware attacks, where crucial data is sometimes held hostage, and the cost of data breaches continues to rise. According to survey results from IBM Security and Ponemon Institute, the cost for a healthcare data breach rose $28 per record between 2017 and 2018 from $380 to $408.
The U.S. Department of Health and Human Services is seeking the public’s input on how Health Insurance Portability and Accountability Act (HIPAA) rules should be modified to promote better patient care.
HIPAA rules were developed to protect patient information and enable information sharing when necessary. But in recent years, the Office for Civil Rights (OCR) has fielded calls to revisit the rules, claiming they limit the very information sharing that’s needed for coordinated care and impede standing up a payment model that rewards providing quality care to patients, also known as value-based care.
The Department of Health and Human Services (HHS) is now asking what HIPAA rules make accomplishing those goals challenging.
“In addressing the opioid crisis, we’ve heard stories about how the privacy rule can get in the way of patients and families getting the help they need,” Eric Hargan, HHS deputy secretary, said in a press release. “We’ve also heard how the rule may impede other forms of care coordination that can drive value.”
While changes have occurred within the healthcare field that could warrant some changes in regulation, HIPAA tends to be “everybody’s favorite bogeyman,” said David Harlow, a Boston lawyer who specializes in healthcare law and regulations.
“The danger in rewriting the regulations anytime something changes in the technical environment in the real world is it’s going to be different by the time the regulations are finalized, so you’re perpetually playing catch up,” he said.
Harlow said HIPAA isn’t always to blame for data-sharing issues, which instead can stem from an organization’s misunderstanding of HIPAA rules. For example, nothing in HIPAA prohibits information sharing between providers or between providers and payers, which Harlow said could indicate that healthcare providers or payers that engage in value-based payment arrangements can’t get data from their partners.
To be involved in care coordination and case management, partners, which include providers and payers, have to negotiate agreements that include data sharing, according to Harlow.
“I’m scratching my head why is this an issue,” he said.
However, Harlow believes some HIPAA rules should be modified such as shortening the length of time for an insurance company or provider to deliver a patient’s protected health information (PHI) once requested, as well as adjustments to rules regarding parental involvement in children’s care.
Harlow said some regulations have not kept up with the times that may need revisiting, but there are also rules written flexibly enough that don’t need tinkering with. He said it’s up to OCR to figure out which is which.
Seeking public input for modifying HIPAA rules is part of the Regulatory Spring to Coordinated Care initiative, which is led by HHS’ Hargan. He said in a press release that the initiative’s goal is to take a closer look at how regulations such as HIPAA can be fine-tuned to incentivize care coordination while protecting patients.
While HHS is seeking broad input on HIPAA rules, the department is also seeking comments on specific areas of the HIPAA privacy rule, such as facilitating parental involvement in patient care, accounting for patient protected health information disclosures as required by the HITECH Act, and information sharing for care coordination.
Public comments on HIPAA rule modifications are due by Feb. 11, 2019. You can submit public comments here.
The U.S. Food and Drug Administration took an innovative approach to combating the national opioid crisis earlier this year. The FDA issued a challenge to medical device developers to leverage technology in the fight against opioid addiction and abuse.
In response to the FDA Innovation Challenge: Devices to Prevent and Treat Opioid Use Disorder, the federal agency received more than 250 applications from medical device developers. Last month, the FDA selected eight applicants to advance to the next phase.
Those selected will build out their ideas, which range in capabilities from predicting risk of opioid use disorder and detecting opioid overdose, to providing pain treatment alternatives and dispensing medication, according to a news release from the FDA.
The eight applicants selected are:
- Algomet Rx, Inc.: Rapid Drug Screen for monitoring
- Avanos: Product name and purpose have been withheld per company request
- Brainsway, LTD: Brainsway Deep Transcranial Magnetic Stimulation Device for opioid use disorder therapy
- CognifiSense, Inc.: Virtual Reality Neuropsychological Therapy for pain therapy
- iPill Dispenser: iPill Dispenser for medication dispensing
- Masimo Corporation: Product name withheld; purpose is overdose therapy
- Milliman: Opioid Prediction Service for diagnosis
- ThermoTek, Inc.: NanoThermTM and VascuThermTM Systems for pain therapy
iPill’s opioid dispenser
Sherie Hsieh, co-founder of iPill Dispenser, said being chosen to participate in the challenge validated her and co-founder John Hsu’s vision to revolutionize the way prescriptions are dispensed.
“We want to empower the patient experience and to empower physician engagement and also to empower our public health agencies with the data we’re able to collect,” she said.
iPill Dispenser is an opioid dispenser controlled by a mobile app. Hsu said the dispenser is a “hack-proof square box that is difficult to open.” The dispenser only allocates the prescribed amount of medication at a pre-programmed time. Unauthorized attempts to open the device trigger the release of a gel, making the opioids unusable.
“Opioids currently are prescribed in a way in which people can self-medicate,” Hsu said. “You get a bottle with a child-resistant cap and you can take one pill or the bottle… [iPill Dispenser] is opened by the iPill app. And you have to use your fingerprint and a personal, special code within the iPill app that confirms that the particular app that resides on a particular cell phone is recognized by the dispenser.”
The iPill mobile app also collects real-time data as users access the dispenser, which can be anonymously shared with public health agencies to remain HIPAA-compliant.
In a former interview, FDA spokesman Michael Felberbaum said that the goal of the innovation challenge was to “provide additional incentives for product developers to invest in products that can address aspects of the addiction crisis and advance the development of promising technologies.”
Indeed, iPill’s Hsu said he hopes to work collaboratively with the FDA to receive financial support to complete product development, as well as regulatory support to move the iPill Dispenser into the market as quickly as possible.
“The innovation challenge is important because there are many reasons for people to have pain and there are many solutions,” Hsu said. “For the FDA to help us through this period allows us to move forward with a solution that can really help the population.”
The next steps start with a collaborative phase that focuses on creating a product profile for the selected medical devices. Product profiles will take into account risks and benefits, as well as patient needs, according to a press release. Potential regulations the device will have to adhere to will also be discussed.
In most cases, challenge participants will submit formal applications to the FDA, such as the Premarket Approval application. While the application review times will be expedited, the devices will need to adhere to the regulatory standard of demonstrating a reasonable assurance of effectiveness and safety, the release said.
It’s almost too easy to dismiss the idea of blockchain in healthcare. The first major application of blockchain — Bitcoin – does feel kind of sketchy (all the currency that went “missing”) and the idea that patients will own their health records as long as they can hang on to long numeric keys seems ridiculous when most of us can’t even remember passwords we create.
At the American Medical Informatics Association meeting in San Francisco, blockchain in healthcare came up often during presentations. But even among a group of people looking for forward thinking ideas there was a tremendous amount of skepticism.
Amidst the doubters, Roger Boodoo, MD, a radiologist with the Defense Health Agency and an enthusiastic participant in a number of the blockchain financial exchanges, offered a vision that could improve patient engagement and ultimately all of healthcare.
For Boodoo, it comes down to the fact that blockchain is a way to create “programmable money” and that money can be used to incentivize patients to get health screens, cavities filled or even participate in medical research. “Only 4% of the people eligible for lung cancer screening actually get screened,” he explained. “We could offer incentives like tokens at the point of care and that would not violate anyone’s privacy.”
That’s just the beginning, in Boodoo’s view. “Dentacoin” could reward patients for getting cavities filled and for paying attention to dental health. Participants in clinical trials could be paid in a blockchain currency, and if the drug makes it to the market, the payment could represent a small percentage of the pharmaceutical maker’s profits.
Blockchain incentives could also help solve problems that simply require a lot of people to participate, Boodoo said, like the large numbers needed to train an AI in order to ensure it’s a reliable reader of xrays or MRIs. And it’s an obvious choice as a foolproof way to track organ donations.
While he acknowledged the hurdles, Boodoo challenged the audience to at least consider blockchain going forward. “Define a business problem that is not currently solved and identify a network of participants,” he said. “There are many failed abstracts but we are making progress thanks to education. Just brainstorm some use cases and lead the way.”
By October 18, Hurricane Michael, the strongest U.S. storm in terms of maximum sustained wind speed since Hurricane Andrew in 1992, left 35 people dead and displaced over 300,000 people in Florida, Georgia and Alabama. In preparation for the storm, the Strategic Health Information Exchange Collaborative (SHIEC) connected HIEs throughout the Southeast to make sure providers in surrounding states had access to patient records, taking into consideration the needs of evacuees who were injured from the disaster or needed to be transferred from their home-based healthcare facilities.
“This hurricane in particular came very quickly after Florence. There just was not as much time to prepare for this one as there was for Florence,” said Kelly Thompson, CEO of SHIEC. “So in terms of the arrangement between the states and things that we have done, we have been very focused on disaster preparedness, the planning, and the response.”
The Georgia Regional Academic Community Health Information Exchange (GRAChIE) and Alabama State HIE, One Health Record, collaborated closely to build up connectivity between providers in and beyond these two states within 24 hours after SHIEC set them up for connection in response to Michael. The HIEs’ effort in establishing a provider network lies in leveraging the existing data centers and ensuring providers have access to patient records.
“We actually don’t follow a different set of protocol for moving data around than we do for our day-to-day business operations. It’s the same kind of connectivity. What we’re doing now is broadcasting a much wider net,” said Tara Cramer, executive director of GRAChIE. “We set up emergent connections so that as people relocate for a period of time, we’re hopefully able to capture some of their data (to provide care when) they arrive in an emergency room or an urgent care center or need a medication refilled, anything like that.”
The connection would spread out into Alabama, North Carolina, South Carolina and Florida for data. And it’s not just the record itself that can be accessed, updated and resubmitted by providers, but a Continuity of Care Document, which is an HL7 standardized document that has various types of summaries of information on each patient.
Basically, what HIEs do is register patients with some demographic information and link these patients with their records and documents in a registry in the form of an index. For ease of use and for quick response and recovery, HIEs initially query the indexes to see which patient the provider is looking for, and then the related documents are queued off to let providers see what patient information has been stored in the HIE database.
“Alabama has a hybrid model, which means that we have a centralized repository that can be leveraged for the storage of data,” said Gary Parker, the director of Health Information Technology for One Health Record. “In cases between GRAChIE and One Health Record, because of that hybrid model, we can allow queries to pass through bidirectional from GRAChIE to One Health Record through the EHR systems or through our portal (if they do not have an EHR), that are connected on either side.”
But there are also challenges in terms of implementing the existing framework for connectivity. Since giving providers access to patient records and building up connections among HIEs in surrounding states are not the main concerns for HIEs, thanks to the experiences they have for disaster response and the protocol they are practicing on a day-to-day basis, the difficulty sometimes is the buy-in that they need from facilities and providers to provide them with the patient information in the exchange.
Out of the consideration of keeping patient’s privacy, providers tend to be cautious of how patient information is being shared, even though they understand the benefit of HIEs in terms of disaster response and recovery. “It’s the education as well and outreach that we’re going to do a better job of promoting going forward,” said Parker.
Based on the previous experience of dealing with hurricanes, HIEs such as GRAChIE see the important role that HIEs are playing in natural disaster preparation, response and recovery, and are opting to be involved in a wider network to help providers deliver better care.
“Let’s not wait for these things to be coming before we start talking to our neighbor HIEs about how we’re going communicate during the times of the disaster. Let’s get the plans in place now,” said Cramer. “We will likely maintain all of these connections. We may not keep them active all the time. But instead of having to build them when we need them, we can just turn them off and on as needed.”
And it’s not just in hurricanes that HIEs can ensure access to patient records, but also in tornadoes, fires or anything of that nature where patients are moving to other locations. For better outcomes, HIEs should partner with state officials, whether it’s an agency at Department of Health and Human Services, EMS, the Federal Emergency Management Agency, the American Red Cross or anyone else that is involved in planning and response effort.
“We just feel so strongly that accessing their medical information should not be one of those stressors. We can do better than that,” said Cramer.