Tuesday, January 19, 2010
Solving Secure Transport
I've written extensively in my blog about the need for the healthcare IT industry and government to implement a single (or maybe 2) ways to transport healthcare data securely. I feel that content and vocabulary standards are on the right track, but transport is still in need of a breakthrough. Here's a brief description of where the industry is today:
e-Prescribing - transport is an industry specific SOAP 1.2 implementation by Surescripts
Administrative - transport is often CAQH Core Phase II, an industry specific SOAP 1.2 implementation. The Workgroup for Electronic Data Interchange (WEDI) has suggested SMTP, so currently CAQH and WEDI are debating transport.
Lab - transport is Minimal Lower Layer Protocol (MLLP) and TCP/IP
Personal Health Records - Google and Microsoft Healthvault use proprietary RESTful approaches
Federal agency submissions (Social Security Administration, Food and Drug Administration) - NHIN FHA Connect, which is XDS.b, a specific implementation of SOAP 1.2
Clinical summary exchange - heterogeneous as implemented by various stakeholders
What is needed in the short term?
1. The Clinical Summary exchange transport is the place to focus, which is what we've done in Massachusetts with the NEHEN CDX gateway. An industry or government reference implementation that becomes widely adopted would help significantly.
2. Many Personal Health Record vendors have told me that they are ready to create a single RESTful front door for their PHRs to receive information.
3. Some industry stakeholders have talked about creating open source and vendor supported health hub software that offers SMTP, SOAP and REST in an appliance.
Of course, there could be other approaches.
There is an emerging technology, just implemented by eClinicalWorks in their EHR. It's called eClinicalWorks P2P and it works like linkedIn, Plaxo, Facebook i.e.
I'm a clinician and want to share patient data (after obtaining patient consent) with another clinician. I send an invite via regular email (SMTP ) that contains an embedded URL. If the clinician accepts the invite, that clinician is added to my "friend" list and I can push a record to them at anytime, which is delivered as a URL via email. Interestingly, if the clinician uses eClinicalWorks, my EHR can natively send and receive CCD's with "friends" via a RESTful approach.
Meaningful use requires many data exchanges among stakeholders. I'm confident that we'll see several reference implementations in 2010 that will accelerate interoperability by unifying approaches to transport.
Posted by John Halamka at 3:00 AM