Saint James Infirmary: checking the pulse of health IT at HIMSS

by Andrew Oram

This was originally published on O’Reilly Media’s Strata blog, March 11, 2013.

I spent most of the past week on my annual assessment of the progress that the field of health information technology is making toward culling the benefits offered by computers and Internet connectivity: instant access to data anywhere; a leveling of access for different patient populations and for health care providers big and small; the use of analytics to direct resources and attack problems better.

The big HIMSS conference in New Orleans, a crossroads for doctors, technologists, and policy-makers, provided a one-stop check-in. I already covered several aspects of the conference in two earlier postings, Singin’ the Blues: visions deferred at HIMSS health IT conference and Slow & Steady: looking toward a better health IT future at HIMSS. Here I’ll summarize a couple more trends in data exchange and basic functions of health IT systems.

I Ain’t Gonna Tell Nobody: the drawbacks of trying to do it all yourself

In the 1980s, as computing burst out of isolated data centers and became part of all modern commerce (except health care and education, which suffer from a number of similar constraints), computer companies offered "all in one" solutions that attempted to keep the customer within the provider’s walls. In fact, Digital Equipment Corporation, the towering success of the era, named one of their products ALL-IN-1.

Most customers chose flexibility over the convenience of the "all in one" products, and companies with open strategies such as Sun Microsystems came to dominate. Later, Microsoft adopted the integrated approach with much success, but that epoch also is coming to an end. In the health care field, however, "all in one" thrives. I found some examples at HIMSS this year.

There are certainly attractions to choosing a unified solution. A contract with EMC, for instance, covers you all the way from virtual computing power (provided by their subsidiary VMware and available as private or public clouds) and information storage (tapping into EMC’s high availability, security and backup) to clinical applications and analytics provided by another famous subsidiary, Greenplum.

I also swung by Optum, which is really a collection of companies, having bought hundreds in the health care space. This was explained to me by developer Vaibhav Bhandari (author of O’Reilly’s Enabling Programmable Self with HealthVault), who has helped implement the Direct protocol at Optum to tie these different products together, just as much as to enable patient data exchange with outsiders. By using Direct exchanges instead of older methods (such as fax and even paper) for conducting transactions between doctors and payers, Optum drastically cuts costs, which could be up to $25 per transaction. In addition to email and web interfaces, Optum’s Direct implementation offers access through Java and .NET APIs. The project shows that a comprehensive proprietary solution can coexist with open standards.

Another integrated approach involves mobile app development. Diversinet provides a platform with a number of presentation-layer services needed by mobile apps, such as logging for security and auditing purposes. So the programmer is relieved from reinventing a number of wheels, and enjoys easy integration with other apps based on Diversinet.

What will happen, though, when doctors or patients want access to the myriad of outside health apps being developed? How many app developers are interested in data exchange? The problems we’ve had with EHRs for years could be repeated at the new level.

This was the useful lesson I took from an article by a doctor who was critical of patient access to records. For the most part, Dr. Fisher indicted himself with the accusations aired by Dr. Eric Topol at his HIMSS keynote. His article recycled old, discredited arguments about patients who can’t understand their records or will be more likely to sue. But it’s worth noting some real problems with the app he reviewed.

The app has the potential to add great value to doctor/patient interactions and patient self-help. But (here I am just drawing conclusions from my reading of the article), because the doctors’ own medical systems and EHRs have no incentive to incorporate the app, its business model rests on patient installation. Along with some other design choices (perhaps related to legitimate privacy worries), the app is hard to use.

At HIMSS, I talked to people from a small analytics firm called Valence Health, which siphons up data from numerous EHRs (using the ad hoc methods I described in my first posting from this year’s conference. Valence Health can then provide lots of useful quality measures and population health goals. For instance, a practice can see which of its physicians are failing to prescribe the commonly recommended treatments for medical conditions. The practice can determine which patients are in high-risk groups and whether they’re coming to their appointments. Or whether the practice’s rates of readmissions are higher or lower than the norm. To provide comparative data, Valence Health contracts with numerous insurance companies. This would be good data to have in the public domain.

Reflecting the ubiquity of mobile phones—even a doctor who professes to hate electronic records and health applications will have one—a number of companies selling apps came to HIMSS. One of them, docBeat, sponsored a social media party set up by health care leader and blogger John Lynn. CEO Sunny Tara told me that the app, which permits secure messaging and data transfers for doctors, was influenced by work in the game industry.

MTBC offers a patient portal somewhat like Diversinet, but its focus is on an "all-in-one" experience backed up by a centralized data store. Patients can quickly view their records, get reminders and alerts for disease management, order prescriptions, and even conduct video interviews with their doctors. The cloud storage enforces the security that allows patients to view data on their devices without risk of having it exposed on the Internet in unencrypted form.

Many of these services are routine at large practices but are rarely available at the one- and two-physician shops that still predominate in the US, and rarely with an interface as spiffy as the one I saw at the MTBC booth. MTBC appeals to this customer base by offering even its own cloud-based EHR.

Any system aimed at small practices needs to support data exchange, and MTBC President Stephen Snyder assured me that this was designed into their platform. "We have more than 40 interfaces with other EMRs, hospitals, and vendors. Also, we are committed to developing HIE connections to our EHR to support our national client base and are currently developing these connections in New Jersey and New York."

One more area where a comprehensive solution may do the job best is security, the biggest headache on the mind of hospital administrators. Comprehensive expertise is effective for security because it is inherently holistic: there is no point to triple-locking your front door and leaving a side window open. CynergisTek is a consulting firm in that area with a leading figure in health security, Mac McMillian, as CEO. They look at everything for IDS and encryption to logging, where McMillian says they recently purchased the first company to offer application-level logging for health applications.

Hotter Than That: the open source future peeps through

Everything that makes modern health software hard to interconnect, hard to adapt, and hard to extend would be ameliorated by open source software. There are almost too many open source solutions already, and developers might be more successful if they converged on a few systems with modern interfaces, based on a common format. Still, encouraging evidence of open source’s advance turned up at HIMSS this year.

The humming center of the HIMSS conference this year was its Interoperability Showcase, located to encourage foot traffic through it on the way to or from other events. I saw some good talks there and visited several booths. But Will Ross of Redwood Mednet told me many of the kiosks in the Showcase are still showing Stage 1 of Meaningful Use. The final Stage 2 rules were released toward the end of 2012, and vendors are still implementing them. Furthermore, Meaningful Use offers a menu of features for both vendors and health care providers to support, so you may have a system that—for instance—shares radiology images but your health care partner may not. And of course, a provider can’t demonstrate interoperability at a Stage 2 level if the partner is still at Stage 1. But Ross also said that some vendors and organizations were ahead of the curve, and even had some Stage 3 features.

On the open source front, MITRE has created an implementation of the S&I Framework’s RHEX protocol for the RESTful exchange of health data over the web. I talked to some people in Maine who were using it to connect geographically disconnected communities, including islands. The patient access component built on RHEX is called hReader. Its web site boasts of it being "provider-agnostic while other mobile solutions are currently proprietary, walled gardens."

The central question of any health record is who it describes—was it actually generated for the patient I think it was? Patient identification is a fiendishly tough problem, given that the American public loathes centralized identification systems (antipathy to "show me your papers" has been a constant across time). A speaker at HIMSS reported that European countries are dealing with the same problem, even though some countries have national identifiers, because patients cross borders so much.

A range of proposals have been aired, from a Voluntary Universal Healthcare Identifier that essentially tries to do what government is not allowed to do, to using email addresses generated through the Direct.

The first part of the open source OpenHIE project, which runs under the Open Health Tools umbrella, is OpenEMPI, an open source patient identifier system. OpenHIE is currently used throughout Rwanda, in tandem with the OpenMRS record system. In Rwanda, OpenEMPI relies on a national identifier. An OpenEMPI developer told me it has also been put to work in the United States by maintaining a master index that maps the unique ID maintained by one health provider to the unique ID maintained by another. The OpenEMPI web site indicates that it accepts the user’s choice of matching algorithm, so it potentially provides a home for any patient identification system. OpenEMPI has a RESTful interface.

In the absence of portable IDs, health exchanges and providers cobble together heuristics. A couple years ago, an HIE told me they check a selection of identifying characteristics, with 17 different ones to choose from. On Monday I heard from Gevik Nalbandian of NextGate that they also have 17 characteristics to choose from. I have no idea whether the characteristics have stayed the same over time.

Nalbandian said that in some organizations, as much as 23 percent of their records are duplicates. The need to find all the data about a patient provides a reason for using NextGate. HIE obviously is another. NextGate uses fuzzy pattern matching to discover matches even when letters have been omitted or transposed in a name. They are currently intrigued with the popularity of OpenID and OAuth, and would like to interact with the popular web sites that use those for single sign-on and data exchange.

New Orleans—that long-suffering city so rich in spirit—proved to be an inconsistent venue. As we started, a fire disrupted water distribution and forced everyone to stop drinking tap water for a couple days. There were reports of difficulty getting flights and finding hotels. Temperatures were also 20 degrees below normal. The entertainment and restaurant scene was in good form, however.

Mayor Mitch Landrieu gave a keynote inn which he pointed to the opening of 103 primary care clinics about the city, where people could go for routine care instead of packing the emergency rooms of hospitals. He was even prouder of an innovation center New Orleans is opening to develop new health care applications. While details were sparse, Landrieu’s emphasis on reaching the individual sounded promising.

The conference organizers failed to provide enough overflow rooms for all the attendees who wanted to hear Bill Clinton’s speech, and there were numerous audiovisual problems, of which the worst was playing the audio and video out of sync. The Clinton Global Initiative and HIMSS had just announced a partnership that morning. But oddly enough, Clinton made no mention of it in his speech, which focused on the economic and political aspects of health care reform along with an appeal for the private sector to take responsibility for public health.

Author’s home page
Other articles in chronological order
Index to other articles