Search the KHIT Blog

Wednesday, February 11, 2015

Interoperability update. A better model?

Creating an integrated, nationwide electronic network for exchanging information is not a novel idea. There are multiple instances of similar networks that have been designed and implemented at a much larger scale decades ago, and have been financially self-sufficient ever since. The health care industry can learn many lessons from the successful design, implantation and management of the electronic network of information exchange among hundreds of thousands of financial institutions. In the following I provide a summary of the similarities and differences between the financial and health care information exchange networks and briefly discuss the potential strategies that can create a dependable source of revenue by extracting the potential value of health care information from the heaps of available health care data.

All of the three major credit bureaus in the United States are for-profit organizations that, like other private businesses, do not receive any support from the government. These entities collect financial data from various private and public organizations with which consumers have financial relationships. Creditors, banks, public courts, collection agencies, and other data furnishers provide the credit bureaus with real-time and detailed financial data of nearly half a billion credit holders worldwide. The detailed financial data is provided by institutions in different countries which each of them use their own customized information systems. The electronic information network that enables various financial institutions around the world to efficiently exchange financial information has been developed many years ago using information technologies which in today’s standards would be considered very basic and rudimentary. The federal government has not been involved in creating such systems and has not spent billions of dollars as incentives to encourage banks and other financial institutions to exchange their information with each other. Obviously, the coordination and management of such a vast network that connects financial institutions in many different countries with unique cultures, languages and regulations is much more difficult than coordinating a small number of health care providers within a relatively small geographical area here in the United States. If the financial sector could resolve the problem of interoperability decades ago, using an outdated information technology and no governmental support, the health care sector should have been able to address this problem today, with a much more advanced information technology and billions of dollars of government incentives. Information technology, many years ago, has passed the point in which interoperability could be a technical problem. As I discussed above, the current method of the payment system in the health care industry seems to be the major barrier to efficient exchange of health information. The lenders need to have a risk management system and use as much information as possible in order to reduce the risks of their decisions. The existence of interoperable information system in which they can effectively exchange their financial data with each other is vital for their survival. The health care providers are currently not bearing the risks of their decisions; instead, they transfer these risks to insurers and patients. As a result, they do not need to extensively use the patient records as a strategy to mitigate the risks of their decisions. For health care providers interoperable EHR systems and exchanging health care information fits into the category of “expenses on luxury items” rather than “essential business investments”.

The secret to the success of credit bureaus is generating value from the raw financial data. A simple data point about the payment history of a consumer reported by a credit card company may not be valuable on its own. However, when these data points are combined and merged together, analyzed, summarized, and presented as a brief and understandable credit score, significant value will be created. Credit scores help lenders to accurately estimate the risks of their financial decisions. The value of the services of credit bureaus are high enough for financial institutions that they are willing to invest in interoperable information systems which can send their raw data to credit bureaus and in return receive credit scores from them. Each of the three credit bureaus generate well over a billion dollars of annual revenue from selling the results of their analyses of the raw financial data to various types of customers who need these services for financial decision making and marketing purposes. A portion of these revenues would suffice to maintain and expand the whole financial information exchange network.

The health care sector can follow the successful strategies of financial sector...
Link to the full paper here. Well, it's an interesting paper, and he's right to argue that "interoperability" impediments may be more political than technical. But, anyone getting all jiggy over the viability of the model he proffers above should perhaps first Google "credit bureau breaches." to wit,
Equifax, Other Credit Bureaus Acknowledge Data Breach
Robert Westervelt on March 13, 2013
The three biggest credit reporting agencies in the U.S. each have reportedly acknowledged intrusions into their systems following the revelation of personal data, including financial information, of celebrities and prominent figures on a website this week.

Executives at Equifax, Trans Union and Experian acknowledged the breach to Bloomberg in a report published Tuesday. Tim Klein, a spokesman for Equifax, told the news agency that a hacker gained "fraudulent and unauthorized access" to at least four consumer credit reports at the credit reporting agency. Credit reports and sensitive data on Paris Hilton, First Lady Michelle Obama, former Secretary of State Hillary Clinton and FBI director Robert Mueller appeared this week on a website called Exposed...
Bring a Snicker's you're gonna be a while reading the various recent credit bureau breach news stories.
Massive U.S. credit bureau data breach has experts worried
April 9, 2014, Catherine Bilkey and Kathryn Burcham
CHARLOTTE, N.C. — The North Carolina Attorney General's Office is now joining other states investigating a massive data breach at a credit reporting agency that has put 200 million Social Security numbers at risk.

State justice officials told Channel 9 they are concerned about how many residents could fall victim to identity theft because of the breach uncovered at Experian.

Investigators said sometime before March 2012, a Vietnamese man named Hieu Minh Ngo used a false identity to purchase Social Security numbers with a database called Court Ventures, and then sold that information on the international black market.

Experian purchased Court Ventures in 2012, but it is unclear when Experian officials became aware of the breach, and now members of Congress and authorities in multiple states are demanding to know whether Experian and Court Ventures took steps to protect consumer information and if they notified potential victims.

"Experian and Court Ventures are each pointing a finger at the other company, saying they have to notify their customers. Meanwhile the consumer is left the odd person out with all of their vital information exposed," said financial crimes expert Chris Swecker...
So, what will serve more effectively? Centralized ePHI exchange data warehouses such as proffered by Brookings' Niam Yaraghi, or the now exuberantly touted peer-to-peer API model central to the HL7® FHIR® proposal?

Recall an infographic from one of my prior posts.

See also my prior post "Once More Into the (HIPAA) Breach." And, my post "Yet another ONC Interoperability "Roadmap."

A comment I made under Fred Trotter's recent THCB post:
My wife and I are not even Anthem customers, but her employer (where we get our health insurance) has notified them that if we’ve used providers who also take Anthem insurance, we may have been picked up in the hack. That is infuriating. Goes to some of Adrian Gropper’s points above (minimization, and persistence). If I’m not an Anthem subscriber, what right do they have to my personal information from a provider I’ve seen who also contracts with them? I would think that Anthem’s competitors will not be amused to know that they’re mining the data of THEIR customers as well.


From SBM. Another reason to not buy dietary/health supplements. You're mostly getting scammed:
GNC (Herbal Plus brand):
  • Gingko biloba: None found, detected garlic, rice, spruce, asparagus
  • St. John’s wort: None found, detected garlic, rice, and dracaena (a houseplant)
  • Ginseng: None found, detected rice, dracaena, pine, wheat, grass and citrus
  • Echinacea: None found, detected rice
  • Saw palmetto: One sample had the product
  • Garlic: Contained garlic!
Target (Up and Up brand)
  • Gingko biloba: None found, detected rice, garlic and mung bean 
  • St. John’s wort: None found, detected garlic, rice and dracaena 
  • Garlic: Contained garlic! (one test detected no product) 
  • Echinacea: Found in most samples 
  • Saw palmetto: Found in most but not all samples
  • Valerian: None detected, found allium, bean, asparagus, pea family, rice, wild carrot and saw palmetto
Walgreens (Finest Nutrition brand)
  • Gingko biloba: None found, detected rice
  • St. John’s wort: None found, detected garlic, rice and dracaena
  • Ginseng: None found, detected garlic and rice
  • Garlic: None found, detected palm, dracaena, wheat and rice
  • Echinacea: None found, detected garlic, rice and daisy
  • Saw palmetto: contained saw palmetto!
Walmart (Spring Valley brand)
  • Gingko biloba: None found, detected rice, dracaena, mustard, wheat, radish
  • St. John’s wort: None found, detected garlic, rice and cassava
  • Ginseng: None found, detected rice, dracaena, pine, wheat/grass and citrus
  • Garlic: One sample had product
  • Echinacea: None found
  • Saw palmetto: Some samples contained small amounts. Also found garlic and rice
People need to go to jail over this.

The answer is simple – we must limit the amount, duration, and types of information that are stored in the cloud forever.
Lordy. From THCB "Three Lessons Healthcare Executives Can Learn From the Sony Hack"

More to come...

No comments:

Post a Comment