How many of you have ever had an aged parent fall sick? Often, you are shuttling them between doctors, answering the same questions, all while keeping track of medications, test results, allergies, etc. It’s a hard task for even the best of us. Now, what if they or you were on their own? Managing your own health or that of an aged parent with poly-chronic conditions is a significant challenge. In addition to managing the condition(s), you or your family must also be the manager of your own health information, forever trying to get the right information to the right doctor. It’s frustrating to say the least. With $27 billion dollars already spent on digitalizing patient health data, we still have to spend hours and hours just to get our health record to be transferred from one place to the other. We have essentially spent a lot of money to replace paper silos with digital versions.
What’s the main cause of this problem? Low data liquidity in our healthcare system. In other words, electronic health record systems don’t “talk to one another” and care providers are reluctant to share health records, each for some form of competitive advantage. The latest survey report shows that only about 40% of hospitals are capable of sharing information with out of network providers. Why is this bad? It leads to record fragmentation, which, in turn, leads to incomplete medication lists, redundant diagnostic testing, missing allergies, etc. At the middle of this is the patient. Patients, too, must act in their own self-interest by using tools that bind their care team to one playbook. In other words, one complete and accurate health record that evolves and is shared amongst the care team to not only relieve the administrative burden, but to enable effective care continuity and coordination.
How it works
What we provide is a cryptographic based privacy preserving technology to enable a patient-centric model that allows a bi-directional exchange between the doctor and the patient, and that allows patients to securely synchronize health data and manage personal health record with privacy assurance. What this means is that our technology empowers the patient to act as a go-between or hub to facilitate health data exchange between his or her providers. Therefore, it removes the obstacles caused by HIPAA privacy laws (i.e., consent) and by the providers who are reluctant or unable to share the patient information with one another.
Challenges we ran into
Since our technology captures and shares personal health data, potential consumers are understandably concerned about how SIPPA protects this data. HIPAA privacy and security assessments have been requested and, of course, Business Associate Agreements may need to be in place to implement SIPPA at the enterprise or provider level. To anticipate the need for HIPAA compliance, SIPPA Health is designed and implemented to permit communication only under HTTPS secured channel for data in transit, and additional data layer encryption --- without ever storing cryptographic key (made possible by SIPPA technology) --- for data in storage if this is necessary in the work flow process for improving the data liquidity. In addition, planning for interoperability is another challenge we need to anticipate; e.g., an exported CCD (Continuity of Care Document) health record from one Electronic Medical Record system may not always be possible for importing into another system without information loss, due in part to different implementation stages of Meaningful Use that adopt different standards. To anticipate the challenge due to interoperability, we have developed an assessment tool to determine the information loss resulted from in-taking a CCD into a system expecting CCDs that can be validated through NIST CCD validator. And we also began to investigate FHIR as an alternative option to address interoperability.
Accomplishments that we are proud of
When you visit the doctor, you can now be confident that they have your complete health record ready. Our technology gives you the granular control to share only what you want from your health record with whom you want to share it. So, now that dangerous drug interaction will be avoided because your doctor is working off of a complete medication lists rather than the medications you can or cannot recall.
What we learned
Improving data liquidity will require the participation of all stake holders. While more and more providers are capable of providing individuals with their health data in the form of digital PHR (patient controlled health record) through their patient facing systems like Microsoft Health Vault or FollowMyHealth, patient engagement remains low because individuals lack the incentive and do not see the value of the PHR. Providers have not by and large integrated these systems into their core workflows. In other words, by incorporating PHRs into the intake process (for example), providers are demonstrating value in the PHR and leading adoption. Privacy and security are real concerns that may deter health care providers from engaging in such direct work-flow process to improve the collection of patient health data. For example, information provided by an individual patient cannot be made available directly to the care providers without going through layers of interaction with the Health IT administrators and the providers. Inversely, though, NYP has pursued integration strategies that push patient health information from the EMR system to the patient portal (i.e. Health Vault). In summary, we believe that innovative health IT solutions and the current emphasis on interoperability cannot solve the health data liquidity problem alone. These advances must also be incorporated into patient-centric work-flows that engage patients meaningfully and help patients see the value of the PHR
What's next for Engaging patients to improve health data liquidity
Our next step is to understand, through pilots, the characteristics of clinical use case --- including alignment for financial incentives to the involving parties --- while preserving privacy.