HIE of One

Last updated

HIE of One is a free software project developing tools for patients to manage their own health records. [1] HIE stands for Health Information Exchange, an electronic network for sharing health information across different organizations, hospitals, providers, and patients. This is one of a growing number of tools for encrypted data exchange within the healthcare sphere. [2]

Contents

Journalist Doc Searls claims that a major structural problem with health care in the United States is that it is paid for by insurance companies and not patients, robbing patients of the power they would normally have as customers in a free market. Searls writes: “The best approach I have seen so far to this challenge is HIE of One, a project of two MDs, Adrian Gropper and Michael Chen.” [3] He notes that HIE of One provides a patient-centered toolkit built around open source software and open data exchange standards. [3] Prof. Phillip Windley, former Chief Information Officer of the State of Utah, has noted the positive impact that HIE of One could have on privacy and consent. [4]

A proposal [5] for using HIE of One, in conjunction with blockchain technology, was reviewed by the US Office of the National Coordinator (ONC), winning an award from the ONC on the basis that the proposal was innovative, viable, and significant. [6]

The project rests on the premise that patients should authorize the sharing of their health data, instead of leaving these decisions up to hospitals and other healthcare providers who offer generic and opaque disclosure forms. The elements of sharing health data can be broken down into storage, authorization, and transmission. HIE of One has decentralization solutions for each of these elements and provides an open platform on which far more capabilities can be built, such as decision support, analytics, public health efforts, and coordinated health care.

Background and name

For most of their medical histories, doctors shared minimal information about patients. Before the computer age, a doctor might have a phone conversation with a specialist before sending over a patient or send a few pages of a Continuity of Care Document (CCD) to the next healthcare provider or nursing facility. Many important aspects of treatment were dropped along the way, leading to suboptimal outcomes and duplication of work.

The advent of electronic records theoretically enabled much better care coordination, and the field of health information exchange (HIE) grew up around electronic records. Data sharing currently revolves around large, expensive organizations called Health Information Exchanges and industry-led efforts such as CommonWell. However, such data exchanges have made slow progress, as found in a literature survey by the Agency for Healthcare Research and Quality. [7] Studies cited by that survey found the HIEs hard to use. An official 2016 government study [8] found uneven progress, with a few states succeeding and many lagging.

HIE of One, in contrast, dispenses with these middlemen by allowing each patient to direct the data flow using an automated policy-driven authorization server. Data sharing is carried out through protocols run by the patient and the people to whom she wishes to grant access (doctors, clinical researchers, family members, etc.).

OpenID HEART project developed the protocols forming the basis of HIE of One. HEART grew out of a pair of meetings at the MIT Media Lab in 2014 designed to charter work on adding a healthcare-specific authorization layer to a RESTful API. Once the scope and charter were defined, the workgroup began under the rules of the OpenID Foundation, with industry and government representatives as co-chairs.

Storage

HIE of One's success relies on moving patient data sharing from doctors' offices to patient authorization servers. Most patients use cloud computing for robust data backup and security. However, authorization servers can also be on a stand-alone computer or dedicated appliance at the patient's home, such as a FreedomBox.

Authorization

Patient control over access to her own data is the central goal of HIE of One, so authorization is the key feature. HIE of One employs standard technologies, including the OpenID OAuth and OpenID Connect standards, and User-Managed Access (UMA) from the Kantara Initiative.

Both the patient and the person requesting access to the data authenticate and provide an identity. The patient delegates control over personal data held by a hospital system or other resource server using a typical OAuth flow. [9] The requesting party authenticates and provides identity claims to the HIE of One authorization server specified by the patient. The HIE of the One authorization server can accept direct login (username/password or multi-factor), federated identity, and even self-sovereign identity. [5]

Transmission

HIE of One theoretically can use any RESTful (Representational state transfer) standard available for data transmission, as long as it is controlled by a supported authorization standard such as OAuth2. Fast Healthcare Interoperability Resources (FHIR) is emerging as the healthcare industry's choice for formatting data and transmitting it over the Web.

Related Research Articles

Health Level Seven or HL7 is a range of global standards for the transfer of clinical and administrative health data between applications. The HL7 standards focus on the application layer, which is "layer 7" in the Open Systems Interconnection model. The standards are produced by Health Level Seven International, an international standards organization, and are adopted by other standards issuing bodies such as American National Standards Institute and International Organization for Standardization. There are a range of primary standards that are commonly used across the industry, as well as secondary standards which are less frequently adopted.

<span class="mw-page-title-main">OpenID</span> Open and decentralized authentication protocol standard

OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites using a third-party identity provider (IDP) service, eliminating the need for webmasters to provide their own ad hoc login systems, and allowing users to log in to multiple unrelated websites without having to have a separate identity and password for each. Users create accounts by selecting an OpenID identity provider, and then use those accounts to sign on to any website that accepts OpenID authentication. Several large organizations either issue or accept OpenIDs on their websites.

Health information exchange (HIE) is the mobilization of health care information electronically across organizations within a region, community or hospital system. Participants in data exchange are called in the aggregate Health Information Networks (HIN). In practice, the term HIE may also refer to the health information organization (HIO) that facilitates the exchange.

A Regional Health Information Organization, also called a Health Information Exchange Organization, is a multistakeholder organization created to facilitate a health information exchange (HIE) – the transfer of healthcare information electronically across organizations – among stakeholders of that region's healthcare system. The ultimate objective is to improve the safety, quality, and efficiency of healthcare as well as access to healthcare through the efficient application of health information technology. RHIOs are also intended to support secondary use of clinical data for research as well as institution/provider quality assessment and improvement. RHIO stakeholders include smaller clinics, hospitals, medical societies, major employers and payers.

The eHealth Exchange, formerly known as the Nationwide Health Information Network, is an initiative for the exchange of healthcare information. It was developed under the auspices of the U.S. Office of the National Coordinator for Health Information Technology (ONC), and now managed by a non-profit industry coalition called Sequoia Project. The exchange is a web-services based series of specifications designed to securely exchange healthcare related data. The NwHIN is related to the Direct Project which uses a secure email-based approach. One of the latest goals is to increase the amount of onboarding information about the NwHIN to prospective vendors of health care systems.

OAuth is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Facebook, Microsoft, and Twitter to permit users to share information about their accounts with third-party applications or websites.

Health information technology (HIT) is health technology, particularly information technology, applied to health and health care. It supports health information management across computerized systems and the secure exchange of health information between consumers, providers, payers, and quality monitors. Based on a 2008 report on a small series of studies conducted at four sites that provide ambulatory care – three U.S. medical centers and one in the Netherlands, the use of electronic health records (EHRs) was viewed as the most promising tool for improving the overall quality, safety and efficiency of the health delivery system.

The Office of the National Coordinator for Health Information Technology (ONC) is a staff division of the Office of the Secretary, within the U.S. Department of Health and Human Services. ONC leads national health IT efforts, charged as the principal federal entity to coordinate nationwide efforts to implement and use the most advanced health information technology and the electronic exchange of health information.

<span class="mw-page-title-main">VistA</span> Health information system

The Veterans Health Information Systems and Technology Architecture (VISTA) is the system of record for the clinical, administrative and financial operations of the Veterans Health Administration VISTA consists of over 180 clinical, financial, and administrative applications integrated within a single shared lifelong database (figure 1).

InterSystems Corporation is a privately held vendor of software systems and technology for high-performance database management, rapid application development, integration, and healthcare information systems. The vendor's products include InterSystems IRIS Data Platform, Caché Database Management System, the InterSystems Ensemble integration platform, the HealthShare healthcare informatics platform and TrakCare healthcare information system, which is sold outside the United States.

An identity provider is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network.

The Electronic Healthcare Network Accreditation Commission (EHNAC) is a voluntary, self-governing standards development organization (SDO) in the United States established to develop standard criteria and accredit organizations that electronically exchange healthcare data. These entities include electronic health networks, payers, financial services firms, health information exchanges (HIEs), management service organizations and e-prescribing solution providers.

<span class="mw-page-title-main">Blue Button</span> System for access to personal health records

The Blue Button is a system for patients to view online and download their own personal health records. Several Federal agencies, including the Departments of Defense, Health and Human Services, and Veterans Affairs, implemented this capability for their beneficiaries. In addition, Blue Button has pledges of support from numerous health plans and some vendors of personal health record vendors across the United States. Data from Blue Button-enabled sites can be used to create portable medical histories that facilitate dialog among health care providers, caregivers, and other trusted individuals or entities.

User-Managed Access (UMA) is an OAuth-based access management protocol standard for party-to-party authorization. Version 1.0 of the standard was approved by the Kantara Initiative on March 23, 2015.

The Health Information Technology for Economic and Clinical Health Act, abbreviated the HITECH Act, was enacted under Title XIII of the American Recovery and Reinvestment Act of 2009. Under the HITECH Act, the United States Department of Health and Human Services resolved to spend $25.9 billion to promote and expand the adoption of health information technology. The Washington Post reported the inclusion of "as much as $36.5 billion in spending to create a nationwide network of electronic health records." At the time it was enacted, it was considered "the most important piece of health care legislation to be passed in the last 20 to 30 years" and the "foundation for health care reform."

The Fast Healthcare Interoperability Resources standard is a set of rules and specifications for exchanging electronic health care data. It is designed to be flexible and adaptable, so that it can be used in a wide range of settings and with different health care information systems. The goal of FHIR is to enable the seamless and secure exchange of health care information, so that patients can receive the best possible care. The standard describes data formats and elements and an application programming interface (API) for exchanging electronic health records (EHR). The standard was created by the Health Level Seven International (HL7) health-care standards organization.

<span class="mw-page-title-main">Medical image sharing</span> Electronic exchange of medical images

Medical image sharing is the electronic exchange of medical images between hospitals, physicians and patients. Rather than using traditional media, such as a CD or DVD, and either shipping it out or having patients carry it with them, technology now allows for the sharing of these images using the cloud. The primary format for images is DICOM. Typically, non-image data such as reports may be attached in standard formats like PDF during the sending process. Additionally, there are standards in the industry, such as IHE Cross Enterprise Document Sharing for Imaging (XDS-I), for managing the sharing of documents between healthcare enterprises. A typical architecture involved in setup is a locally installed server, which sits behind the firewall, allowing secure transmissions with outside facilities. In 2009, the Radiological Society of North America launched the "Image Share" project, with the goal of giving patients control of their imaging histories by allowing them to manage these records as they would online banking or shopping.

InterSystems HealthShare is a healthcare informatics platform for hospitals, integrated delivery networks (IDNs) and regional and national health information exchanges (HIE).

Health care analytics is the health care analysis activities that can be undertaken as a result of data collected from four areas within healthcare; claims and cost data, pharmaceutical and research and development (R&D) data, clinical data, and patient behavior and sentiment data (patient behaviors and preferences,. Health care analytics is a growing industry in the United States, expected to grow to more than $31 billion by 2022. The industry focuses on the areas of clinical analysis, financial analysis, supply chain analysis, as well as marketing, fraud and HR analysis.

Audacious Inquiry (Ai) is an American company founded in 2004 and with headquarters in Baltimore, Maryland. The company provides health information technology services and cloud-based software.

References

  1. Center for Democracy & Technology staff. "Patient-Managed Health Information Exchange: An HIE of One". Center for Democracy & Technology (CDT). Retrieved 27 November 2016.
  2. Conn, Joseph (2016-11-05). "Could blockchain help cure health IT's security woes?". Modern Healthcare Magazine. No. 2016–11–05. Crain Communications. Retrieved 27 November 2016.
  3. 1 2 Searls, Doc (2016-11-09). "Consumers can't help health care. Customers can". Doc Searls Weblog (Harvard Berkman Center). Retrieved 27 November 2016.
  4. Windley, Phillip (2016-11-14). "Sovrin Use Cases: Healthcare". Technometria. Retrieved 27 November 2016.
  5. 1 2 Gropper, Adrian. "Powering the Physician-Patient Relationship with HIE of One Blockchain Health IT" (PDF). HealthIT.gov. U.S. Department of Health and Human Services. Retrieved 27 November 2016.
  6. Office of the National Coordinator for Health Information Technology (2016-09-01). "ONC announces Blockchain challenge winners". HHS.gov. HHS.gov U.S. Department of Health & Human Services. Retrieved 27 November 2016.
  7. Hersh; et al. (December 2015). "Health Information Exchange". Evidence Report/Technology Assessment. 220 (15(16)–E002–EF).
  8. Dullabh; et al. (March 2016). "EVALUATION OF THE STATE HIE COOPERATIVE AGREEMENT PROGRAM" (PDF). HealthIT.gov. NORC at the University of Chicago. Retrieved 27 November 2016.
  9. Hardt, D., Ed. (October 2012). Hardt, D (ed.). "The OAuth 2.0 Authorization Framework". RFC 6749 . Internet Engineering Task Force (IETF). doi:10.17487/RFC6749 . Retrieved 27 November 2016.{{cite journal}}: CS1 maint: multiple names: authors list (link)
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.