As the topic of interoperability intensifies, much of the discussion is centered on how to improve the easy exchange of data between EHRs. But in this collaborative era of healthcare, interoperability is really a broader concept. It encompasses exchange of data between any number of systems and providers, and for as many purposes. Further, data exchange is hindered by more than a lack of common communication standards.In the end, this is but a technical barrier—and one that is slowly being overcome, albeit with different workarounds.
"With the IaaS model, providers and payers can lay claim to the strongest possible security measures while finally breaking down interoperability’s most persistent barriers"
A more persistent barrier is that healthcare data is often fragmented across physical environments not conducive to secure access and sharing. Still another is lack of a unique patient ID to assure providers are sharing information about the right patient. However, implementing such an ID is hugely controversial, given the common electronic theft of another valuable identifier—the Social Security number. This ties in directly with perhaps the biggest barrier to date to achieving interoperability: the widespread concern about theft of protected health information (PHI).
In response to these and other challenges, a new model for IT infrastructure has emerged that creates an impenetrable and centralized fortress around this data: Infrastructure as a Service (IaaS). Before we examine in detail how, let’s take a closer look at the concerns that are driving more entities to embrace it.
The PHI Problem
If providers and payers have serious reservations about putting PHI at risk, healthcare consumers have even more. In fact, they are well aware that their most personal health information is now targeted for theft, thanks to the mass digitization of medical records. And they are primed to backlash. Public comments received by ONC in response to the agency’s roadmap for interoperability offer an enlightening glimpse at what many consumers think about the prospect of making their PHI more easily exchanged among systems and system users.
Privacy is a person's right and this seems to be taken away with EHR interoperability. It allows nationwide access by innumerable people, which is With the IaaS model, providers and payers can lay claim to the strongest possible security measures while finally breaking down interoperability’s most persistent barriers unacceptable,” reads one comment. “If I am not sure that the records stop where the office stops, and instead goes off into cyberspace where it can be used as research data without my knowledge or consent, then I will no longer feel comfortable speaking with my doctor,” reads another.
Such a change to the doctor/patient relationship would be disastrous to healthcare. To that end, many provider networks, payers and even life sciences companies aren’t waiting any longer for the kinks with interoperability to get ironed out. They’re creating environments of their own that enable the fluid and collaborative exchange of data.
Turning Interoperability into an Affordable Utility
To create such environments, these organizations are turning to managed services vendors that offer a healthcare-exclusive, IaaS model. In essence, this is a private cloud computing environment, fully managed, with security and access control levels that meet and exceed HIPAA security standards. Similar to a monthly power bill, customers pay as they go, only for what they consume.
The IaaS model enables interoperability in distinctly different ways. First, the cloud is an ideal setting to aggregate and then provide (authorized) access to large sets of unstructured data from different locations. The cloud is also conducive to housing diverse applications that “speak” to each other, whether exchanging medical histories or exam/lab results. In a network that incorporates cloud integration, diverse applications communicate either directly or through third-party software. The cloud still uses APIs (application program interfaces) and integration methods; it simply enables them to work in a common, scalable and low-cost computing environment.
In just one example, perhaps an integrated delivery network with multiple EHRs wants all patients to have scheduling capabilities and limited access to PHI within a web browser. An IaaS vendor could build a secure user interface that does just that, creating a portal for patients across the healthcare enterprise. Whether or not this is a permanent solution is entirely up to the customer. As a utility, it can be used as long as wanted or needed (unlike the outdated legacy systems so many hospitals are wedded to).
In another example, an IaaS vendor can build an astonishingly robust platform for analytics projects, in conjunction with a data integration and analytics partner. The IaaS vendor provides a private, strongly secure service cloud, from which PHI or any data sets can be uploaded, accessed and exchanged. The data partner creates an additional layer that enables partner organizations to integrate and manipulate data sets from different sources for analysis.
Each project includes unprecedented security for PHI.An IAAS interoperable environment is protected with multiple physical, administrative and technical safeguards, all continually monitored and assessed for risk. It’s also staffed with privacy and security experts who know exactly how the HIPAA Security rule dictates how PHI can be accessed and used. Rigorous access controls and tracking are also in place a rare but needed level of security in the healthcare space.
Interoperability in Sight
Widespread, collaborative exchange and use of healthcare data requires that we expand our focus beyond applications to include the infrastructure that houses them. Along with a common communication standard, interoperability calls for secure, scalable aggregation of data into one centralized location. With the IaaS model, providers and payers can lay claim to the strongest possible security measures while finally breaking down interoperability’s most persistent barriers.