Healthcare Interoperability & Security Must Coexist – Part 2



In Part 1 of this article, we looked at the history of Interoperability, the challenges to implementation, and how HIPAA and other regulations are no obstacle to interoperability.

Federal and State Bodies Recognize Data Security is Vital for Interoperability

The US Department of Health and Human Services (HHS) Office of the National Coordinator for Health IT (ONC) released the final version of its Interoperability Roadmap [PDF] near the end of 2015. The Roadmap stated that strong and effective data security safeguards are essential to interoperability success. ONC stated there must be “a stable, trusted, secure, widely available network capability that supports technology developer-neutral protocols and a wide variety of core services” for an interoperable and learning health system to flourish.

The FDA published its Design Considerations and Pre-market Submission Recommendations for Interoperable Devices [PDF] draft guidance in 2016, underlining necessary safety precautions for developers as they create interoperable health devices. The FDA said: “Including an electronic data interface on a medical device may have an impact on the security and other risk management considerations for the medical device, the network, and other interfaced devices.” And also, “Analysis of risks due to both the intended and unintended access of the medical device through the interface should be considered.”

The National Governor’s Association (NGA) published a roadmap in 2016 titled “Getting the Right Information to the Right Health Care Providers at the Right Time: A Road Map for States to Improve Health Information Flow Between Providers”. Among other action items, the NGA’s Roadmap calls on States to align their State privacy laws with the HIPAA Regs. Specifically, the Roadmap calls on States to “Amend select statutes to allow certain types of information, such as information exchanged electronically, to be exchanged in accordance with HIPAA.” Additionally, the Roadmap urges States to “create one standardized consent form that will simplify how providers gain a patient’s permission for sharing data.” The Roadmap is another powerful push for widespread interoperability, and the NGA has already begun to assist States in executing the Roadmap’s recommendations.

HL7’s FHIR Standard for Secure Interoperability Today

The Fast Healthcare Interoperability Resource (FHIR) is a next-generation standards framework created by HL7, and it’s here now. This new standard is designed to be quick and easy for developers to adopt, with a strong focus on implementation. FHIR is a major leap forward from previous versions of HL7 standards, but can also be used in parallel with older versions.

FHIR embodies core aspects of healthcare, including clinical record contents, identification of entities involved in patient care, workflow processes, and financial processes like billing and payment. FHIR is also explicitly designed to store and manage data securely.

The FHIR standard is currently published as a “Standard for Trial Use”, with the latest release (Release 3) out on March 22, 2017. But a majority of the largest EHR players have already announced support for FHIR, including Allscripts, Cerner, Epic, McKesson and Meditech. More importantly, Epic, Allscripts and Cerner have already opened interoperability developer programs that fully support FHIR.

On the US national level, the ONC’s 2015 Final Rule has a strong focus on interoperability, including the use of API’s built using FHIR. In Canada, efforts are underway within the FHIR Working Group on InfoCentral to define the business case for using FHIR throughout Canada.

Blockchain Technology for Secure Interoperability Tomorrow

While still in its infancy, the technology known as blockchain is a leading contender for integrating impenetrable security with interoperability in the future. Created as a means of securely tracking bitcoin transactions over the internet, blockchains are in fact a protocol layer similar to TCP/IP. According to Micah Winkelspecht, CEO of blockchain startup GEM, “Blockchains are designed as a new type of security model for critical data where the data is completely distributed across many different nodes across the internet. And the change history, or the log of everything that’s going on with the data, is recorded in an immutable ledger and an immutable log that can’t be changed. And so you have a perfect history of everything that everybody has done within that system. And because you have this immutable ledger, and you have this immutable log of all the events on the network, multiple parties who otherwise wouldn’t be able to necessarily trust each other directly can now trust in the ledger, and they can see the history of events and know that it’s true.

Just three or four years ago the financial industry regarded blockchain technology as a joke. Today, nearly every major financial institution in the world has one or more blockchain projects under development. Healthcare has noticed, and early efforts to create blockchain-based systems in healthcare have begun. Blockchain technology may prove to be a critical element in secure interoperable systems of the future, but it’s not quite ready for primetime in healthcare today.

Interoperability Won’t Wait for Tomorrow

For developers, today is the time to explore interoperability options, find the best vendors to partner with, and get ahead of the interoperability/security curve. Using FHIR and SDLC best practices, developers can build solutions today that incorporate both interoperability and robust security.

A handful of the most prescient vendors and platforms already offer managed FHIR services today, including FHIR Clinical Data Repositories, FHIR databases, FHIR APIs and FHIR servers. Tools such as FHIR today and blockchain tomorrow provide a clear path for developers to begin making their systems both interoperable and secure. Developers, don’t wait for tomorrow. Seize the opportunity and build secure, interoperable solutions today.