How the private sector will drive the future of health IT
By Carten Cordell, Federal Times
Share this page:
The exhibition area of the 2016 HIMSS conference in Las Vegas is as much a carnival bazaar as it is a gathering of the nation’s health care IT professionals.
Here, you can take a photo with a McLaren sports car or the “Back to the Future” DeLorean. There are literal shell games and other contests meant to draw curiosity to a plentitude of technology offerings, thousands of enterprises, each fulfilling a function in electronic health care landscape.
It’s in this massive, diverse sphere that acting Assistant Secretary for Health Karen DeSalvo has dropped the gauntlet of interoperability.
Following the National Coordinator for Health Information Technology’s call for the private sector to work as a collaborative partner on interoperability, companies are weighing what it will take to get thousands of innovative systems working together with fluidity.
“I think a lot of it comes down to building that system of trust," said Michael Rozendaal, General Dynamics’ vice president for health analytics. "The capability to interoperate is there. The next level is allowing patients to access their data from whatever system they have, and being able to have that trust where, you know who they are and they are able to identify.
“Those are the things that are being worked on right now.”
That trust is being built with an ever-expanding coalition of partners, driven largely by the federal government’s ability to set standards for interoperability systems.
But security and the ability to clarify how the systems can share data while being HIPPA-compliant is the biggest point of discussion right now in the interoperability conversation.
“There’s been a lot progress on the technical front, with common standard APIs, [Health Level 7]-type formatting for the exchange of information, but then there is the whole piece that HL 7 doesn’t address on security,” said Ken Georgi, General Dynamics’ vice president of health care enterprise systems.
“Once I give you my information, what’s the standard there that we’ve agreed to? Really, it’s around security’s cousin, privacy. If you have my information, what are you allowed to do with it?”
Georgi said developing a one-off governance model for privacy could prove cumbersome, because there are some many players in the marketplace, so that leaves a best practices scenario, where the government develops the standards everyone adheres to.
The government is incrementally moving forward on that front. This week, DeSalvo announced a proposed rule to expand certification standards, while Secretary for Health and Human Services Sylvia Burwell managed to secure a pledge from some of the industry’s biggest players to make interoperability and data sharing a principle priority.
Standards will provide clarity for what the private sector can or can’t do with the data, which will be integral to regulate what companies do with the information.
“A lot of companies, they are sharing health data. However, they are not taking the steps necessary to reduce the risk,” said Elizabeth Sauve, a marketing and communications executive for Privacy Analytics, a Canadian software company specializing in de-identifying patient data so it can be used for research studies.
“A lot of companies, they may not have a statistician, who would be the one [looking at the data], but they do have a lawyer. So they are using data-sharing agreements, basically confidential disclosures instead of actually making steps. There’s a lot of companies who are using [HIPPA’s] Safe Harbor, because as long as you are compliant with the regulator, who else cares?”
Sauve said there were entities who protected data the right way, like the American Society of Clinical Oncologists and Sanofi, “so there is a light at the end of the tunnel.”
More regulation is expected to come as the government and private sector try to pull each other toward interoperability with a delicate dance of regulation that doesn’t inhibit innovation combined with market solutions that don’t shackle data in a cloak of proprietary restrictions.