Premise
Ownership of health information is vested in the person (patient). Ownership is defined as access and control (of permission). Provider (of services) has permitted access to modify and act upon health information. Privacy and security of health information is maintained by permission (or permission sets). For any patient seeking healthcare from any provider there should exists a mechanism to automatically provide all permitted and relevant health information in a timely manner.
Data Portability/Interoperability
To have such a mechanism, either all health information (content) for every patient must be ubiquitously, instantaneously, and redundantly available, or there exists a ubiquity of permission practices that instantly grants access to a store of wholly unique singular content. This begs the question whether, for health information, data (content) portability and interoperability are the correct paths?
Interoperability and health information exchanges (HIE) are predicated on the belief that moving content is the only feasible and safe solution in creating a national health information infrastructure. Can an alternative model infrastructure be conceived where content is not moved, but rather permissive access and use is facilitated? Data portability and interoperability would be replaced with permission portability and interpermissibility.
Interoperability's feasibility is dependent upon the build–up and build–out of HIEs, voluntary (albeit initially incentivized) participation of vast numbers of health enterprises and entities, and the indefinite sustaining and improvement costs and duration of such an infrastructure. Interoperability will literally take a village—innumerable villages. It is also about the creation and entrenchment of a whole new healthcare industry—an industry (in aggregate) that Blumenthal's has characterized as "a stalking horse—for…changing compensation of medicine and the economics of health care."
Interoperability's safety is dependent upon the belief that vast numbers of health enterprises and entities can individually secure their health information. Because interoperability requires innumerable villages—every window in every house in every village will need to be safely secured. This is contrary to the 3,432,833 breaches reported since September 2009 (90% from digital sources).
Interoperability is core to cellular roaming and to the use of ATMs, but differs fundamentally from interoperability within healthcare. The former renders a transactional service and only retains a residual of the service rendered. There is no movement of your account, or substantial parts, from your cell provider or bank. What is exchanged is the permissive use of a service for the verification of identity. Contrast that with healthcare where interoperability is both a maintenance of information in perpetuity and the creation of innumerable additional partial stores of one's health information. Instead of a communication to facilitate a service transaction, it is a senescence therapy and a form of parthenogenesis.
Healthcare's interoperability raison d'être may be to fundamentally change it's economics, but for patients and providers it's solution must include ubiquity, low–cost to implement and sustain, and more secure than existing practices. It has to work right out–of–the–box with a simplicity that rivals cellular roaming and ATM use to precipitate rapid and universal adoption. Where this simplicity does not exist, is there not a high likelihood of a myriad incremental patchworks?
Information
Generally, information may be characterized as a construct of content and permission. Content is a language–based representation of real or imaginary objects or things. Permission is a set of values that determine access to content.
Content may be further characterized as a combination of semantic wrapped in syntax. Semantic is the meaning–representation of language. Syntax is the structural–representation of language.
Informational Content
Content is always described in terms of a context, e.g., Smith's health record, the Times' article, Sally's car. A set of permission values is a form of contextual framework that wraps around content defining ownership, accessibility, mobility, and actionability.
Informational Payload (Resting State)
Transport of content is similarly contextual and will impose a distinct separate layer of permission values.
Informational Transport (Active State)
A distinction between data portability and interoperability exists where two entities share information but do not share a common semantic. Data portability is the general case where there is a permissive sharing of syntax, and interoperability is the specific case where there is the addition of a common semantic.
Informational Sharing
| syntax | semantic | permission | |
|---|---|---|---|
| common values | × | ||
| common structure | × | ||
| common meaning | × | ||
| data portability | × | × | |
| interoperability | × | × | × |
Permission
Permission (broadly construed) is either affirmative and permissive, or negative and restrictive. Permission may also be active or passive. A breach is a negation of a value, or values, constituting a given permission state. A breach may be strict (no intent required), by intent, or with negligence (without intent).
Characterizations
| active | passive | |
|---|---|---|
| affirmative | granted | have |
| negative | denied | don't have |
Scope: affirmation
| affirmative | negative | |
|---|---|---|
| access | grant | deny |
| modify | grant | deny |
| act upon | grant | deny |
Scope: action
| active | passive | |
|---|---|---|
| access | enable | request |
| modify | enable | request |
| act upon | enable | request |
Breach
| intent | no intent | |
|---|---|---|
| strict | … | … |
| intentional | × | |
| negligent | × |
A breach may also occur at the level of transport, gaining access to the informational payload. A second breach is then required to access the informational content.
Payload Breach
Payload and Transport Breach
Interpermissibility
Interpermissibility (Interper) doesn't exist, but if it did—what are some of the characterizations?
Characteristics
- Interper is a nascent enterprise, no legacy baggage.
- Ownership of content is at the person–level.
- Single content or informational (data) storage.
- Syntax and semantic based upon open standards.
- Permission sets are imposed on all content.
- Content is not transmitted.
- Permission to access, modify and act upon is transmitted.
- A potent deterrent to content breaches is to maintain zero or low residual content on the myriad of healthcare devices that may access and have capability and capacity to retain content. The analogy would be to reduce the informational footprints to that seen in cellular roaming and ATM use.
- Interper is a subscription service with no hardware or software requirements beyond a web–enabled device capable of using open web standards.
- UI/UX would be permission set configurable (both for patient and the subscribing enterprises and entities).
- Interper is scalable, because it is just a matter of adding capacity to the system.
- The cost for patients and providers could essential be zero (except for the cost of web–enabled devices). Where enrollment in the service is sufficient, the cost of the service may be offset by providing deidentified patient information to the secondary health data markets. Additional offset to cost where duplication of services are avoided because of the wholeness of the stored content and the timeliness of permissive access, modifications, and actionability.
- Where Interper is in widespread use, there will be no need for HIEs—because what they would be exchanging resides and is permissively accessible from a single source.
Interoperability's Hurdles
- Cost to enterprises and entitities to implement and sustain indefinitely (well beyond the ARRA/HITECH meaningful use inducements).
- Cost to implement and sustain indefinitely the extra–enterprise and extra–entity interoperability's infrastructure—HIEs and their kin (well beyond the ARRA/HITECH seed funding).
- Cost of breaches because of the potential exposures from the innumerable enterprises, entities, and their devices that may have unsecured or breachable content.
- Cost incurred from and savings denied to those partiipating in the interoperability infrastructure by those that do not. Cost and potential savings will be incrementally linked to the degree of participation by all eligible to participate.
Interper Candidates
There are none, but their are harbingers. Google Health and Microsoft HealthVault could up their game. Amazon could! Could we trust Google, Microsoft, or Amazon? That's probably not the right question. Breaches happen, and they will continue to happen. It's not the happening that should be disturbing or determinative, but rather the propensity for breaches. Do you trust your doctor's office staff, your dentist's billing company, or your insurer's claims agent's laptop?
The analysis should also center, in addition to the propensity of a particular enterprise or entity, on the sheer number of enterprises and entities that have our health information. If it should come down to a choice amongst Google, Microsoft, or the present arrangement to secure my health information—without a doubt or hesitancy I would go with either Google or Microsoft (putting all the baskets in one egg).
If the first and most important barrier to health information breaches is the permission set surrounding the content, then the more controlled and limited those acting on that permission set the better. Where those acting on the permission set is reduced to unity that is a barrier we should all want. The single barrier is the easiest to control, vis–a–vis a permission set, and will maximize the internal scrutiny efforts, governmental regulatory oversight, and public angst.
Footnotes
- Most current [information] systems have methods of administering permissions or access rights to specific users and groups of users. These systems control the ability of the users affected to view or make changes to the contents of the [information] system. Wikipedia.
- Data portability is the ability for people to reuse their data across interoperable applications—the ability for people to be able to control their identity, media and other forms of personal data. Wikipedia.
- Interoperability is a property referring to the ability of diverse systems and organizations to work together (inter–operate). Interoperability is a property of a product or system, whose interfaces are completely understood, to work with other products or systems, present or future, without any restricted access or implementation. If two or more systems are capable of communicating and exchanging data, they are exhibiting syntactic interoperability. [S]emantic interoperability is the ability to automatically interpret the information exchanged meaningfully and accurately in order to produce useful results as defined by the end users of both systems. To achieve semantic interoperability, both sides must defer to a common information exchange reference model. The content of the information exchange requests are unambiguously defined: what is sent is the same as what is understood. Wikipedia.
- Health information exchange (HIE) is defined as the mobilization of healthcare information electronically across organizations within a region, community or hospital system. HIE provides the capability to electronically move clinical information among disparate health care information systems while maintaining the meaning of the information being exchanged. The goal of HIE is to facilitate access to and retrieval of clinical data to provide safer, more timely, efficient, effective, equitable, patient-centered care. Wikipedia.
4 comments: