Tuesday, October 13, 2009
Adoption and Implementation of Standards
In the past 4 years, many standards have been harmonized, many gaps closed, and many controversies resolved. Stakeholders have come together and the conversations have evolved from emotion to problem solving. Some of these standards are widely adopted and implemented. Others are so new that implementations are limited to prototypes and pilots. To me, the work ahead is continued evolution of the work we've done to ensure adoption of the standards is widespread and implementation is accelerated.
Tomorrow's HIT Standards Committee meeting will focus on these issues - adoption and implementation.
The theme of 2011 will be getting data into electronic form and beginning data exchange via simple architectures - pushing data from organization to organization. As a country, I think we can move forward with consensus on the 2011 Meaningful Use data exchanges - laboratories (HL7 2.x messaging, CDA document summaries, UCUM for units of measure, and LOINC for lab names), medications (NCPDP Script 10.x for messaging, RxNorm for medication names), administrative transactions (X12 for content, CAQH Core for vocabulary), and quality (HL7 2.x messaging, CDA documents). Transmission of all this content will be done using common web standards - TLS to establish a mutually authenticated channel for data exchanges over the internet, SHA to protect the integrity of data transmissions, and AES to encrypt data for transmission.
The theme of 2013 will be enhanced data exchange among payers, providers and patients, encouraging more participants to get involved in data exchanges using a variety of architectures - push from point to point, publish/subscribe, secure email, and mobile devices.
The theme of 2015 will ubiquitous data sharing with patient consent from all stakeholders to all stakeholders. This level of data exchange requires sophisticated consent management and architectures such as pulling from multiple sources that require a master patient index or voluntary universal healthcare identifier.
What evolution will be required for the transition from 2011 to 2013?
1. Policies that help streamline security frameworks - Currently, HITSP and the HIT Standards Committee have selected standards and implementation guides that can support the entire range of possible policies. This means that the list of standards for authentication, authorization, access control, secure transmission, document exchange and auditing looks intimidating. Ideally, the Policy Committee and the Standards Committee will work together to develop data exchange policies that will narrow the architecture choices and simplify the list of security standards. We'll discuss this at the HIT Standards Committee.
2. Common Data Transport - Currently there is little controversy about the secure transmission standards (TLS plus SHA and AES). However, there is ongoing debate among stakeholders about SOAP verses REST and the use of the various profiles to support document exchange - XDS (document sharing in an organization), XCA (document sharing between organizations), XDR (point to point document exchange), and XDM (document exchange on mobile devices). Sometimes this debate is framed as large established companies verses small innovative Health 2.0 companies. Ideally, we'll come to a meeting of the minds in which the right tools are used for the right applications. I can certainly appreciate the pros/cons of the various approaches - SOAP has well developed security tools but is more challenging to implement than REST. In some ways, SOAP is losing popularity among web application developers. XDS, XCA, XDR and XDM contain pieces of the somewhat challenging to implement ebRS standards used in the SOAP headers for metadata and message routing. REST is very easy to implement but lacks generalizable security tools, forcing each implementer to create their own application specific security controls, such as Microsoft and Google have done with their PHRs. We'll discuss this at the HIT Standards Committee.
3. Vocabulary tools - The vocabularies suggested by HITSP and the HIT Standards Committee - SNOMED-CT for problem lists, LOINC for lab names, RXNorm for medication names, UCUM for units of measure, and UNII (for allergies) will be more easily implementable in Health Information Exchanges if mapping tools are created which enable existing proprietary or older codesets to be mapped to these newer standards. This means that existing legacy systems inside an organization can be left untouched and vocabulary normalization can take place as data leaves applications for data exchange to other organizations or registries. We'll discuss this at the HIT Standards Committee.
In tomorrow's blog, I'll summarize the HIT Standards Committee meeting and the next steps we'll take to evolve the work to date so that adoption and implementation are accelerated.
Posted by John Halamka at 3:00 AM