Wednesday, March 31, 2010

The ONC Whitepaper on Consent

Last week was a busy one for healthcare IT. In addition to the DEA Interim Final Rule on e-prescribing of controlled substances, the launch of NHIN Direct, and the introduction of new ONC interoperability framework processes, HHS released the Whitepaper on Consent.

The entire document and its 3 appendixes are worth reading. The Executive summary contains a great classification of consent models found throughout the world:

No consent
Health information of patients is automatically included—patients cannot opt out

Opt-out
Default is for health information of patients to be included automatically, but the patient can opt out completely

Opt-out with exceptions
Default is for health information of patients to be included, but the patient can opt out completely or allow only select data to be included

Opt-in
Default is that no patient health information is included; patients must actively express consent to be included, but if they do so then their information must be all in or all out

Opt-in with restrictions
Default is that no patient health information is made available, but the patient may allow a subset of select data to be included.

Appendix A is a very helpful list of State-Led Examples of Exchange in the U.S

For more details about the Massachusetts efforts to date, including the educational materials we used, see my blog about patient privacy preferences.

Appendix B is an overview of Selected State Laws which can be empowering as we implement consent models.

Appendix C contains examples of Exchange in Other Developed Countries.

I've worked closely with the county council in Jonkoping, Sweden which has a very high percentage of EHR and hospital information system adoption

The consent whitepaper was timed perfectly to align with the HIT Standards Committee review of existing standards for storing and transmitting consent preferences.

Well done!

Tuesday, March 30, 2010

The ONC Interoperability Framework

In my summary of the March HIT Standards Committee meeting I mentioned the new ONC Interoperability Framework and the related RFPs. Here's the detail I promised in my previous blog about ONC. Thanks to Doug Fridsma for this overview and his hard work on it.

ONC announced several projects to support Standards and Interoperability Framework and Nationwide Health Information Network (NHIN).

Over ten requests for proposals were released in February 2010 under the existing contract vehicle: National Institutes of Health (NIH) Information Technology Acquisition and Assessment Center (NITACC) CIO-SP2 Task Order. The funding will support activities for two years that are designed to develop the standards, tools, interoperability framework, and technical infrastructure to support the overall goals of improving adoption of HIT. Key areas for RFP include:

ONC anticipates leveraging the National Information Exchange Model (NIEM) for health care and develop consistent process for use case development. Working closely with consumers, providers, government organizations and other stakeholders, ONC will identify real-world needs, prioritize them through a governance process, and create explicit, unambiguous documentation of the use cases, functional requirements and technical specifications for interoperability.


The harmonization process integrates different views of health care information into a consistent view. This process will include merging related concepts, adding new concepts, and mapping concepts from one view of health care information into another view. This process will also identify gaps that can point the way towards development of new interoperability standards. ONC anticipates leveraging NIEM process to support data exchange harmonization.


Standards Development
In order to meet the needs of the use cases and increased use of HIT, there will be a need to modify or extend the existing standards or develop new standards. ONC will work with standards development organizations and with research organizations to extend existing ones, or develop new standards as necessary. 



Tools and Standards Repository
To accelerate the development, use, maintenance and adoption of interoperability standards across the industry, and to spur innovation, ONC will develop tools to facilitate the entire standards lifecycle and maximize re-use of concepts and components, including tools and repository for browsing, selecting, and implementing appropriate standards.


In order to be able to test and implement the standards in real-life settings, they must be specified to a higher degree of detail. This project will focus on the development of interoperability specifications that are independent of specific software architecture (a platform-independent model, or PIM) as well as interoperability specifications that are specific to the NHIN architecture (a platform-specific model, or PSM). 


The NHIN architecture is a specific network architecture that realizes health information interoperability specifications based on open standards. This project will focus on the refinement and management of the NHIN Architecture to meet emerging needs of the health care market.
A reference implementation is the fully instantiated software solution that is analyzed to be compliant with the standards and serves as a “reference” to other software developers of what an interoperable solution looks like. The reference implementation will be accessible as a public resource with compiled code, source code and supporting documentation. 


Integration Testing
The current NHIN testing infrastructure needs to be refined to test and validate emerging needs of the network and planned NHIN capabilities as they are identified. ONC will work with NIST where NIST will provide testing tools to validate that particular implementation conforms to a set of standards specification; and ONC will support the development of an integration testing “harness” that will test how a particular component that has satisfied conformance testing requirements integrates into the reference implementation. 


NHIN Demonstrations and Emergent Pilots
Although a reference implementation provides value to the community through a thorough assessment of the technology; support for established standards, and vetting within the HHS, consumer, and other stakeholders, a reference implementation will need to be refined through real-world pilots and demonstrations. ONC will support efforts in the refinement of the reference implementation and interoperability specifications, through limited number of real world demonstration and pilots. 


NHIN Operations and Infrastructure
This project will focus on activities related to operational and infrastructure support for the ongoing demonstrations and production pilots of health information exchange across a trusted network. 



Each project will focus on specific activities within each area as well as collaboration across all other projects addressing overall effectiveness of the Standards and Interoperability framework, certification and NHIN that is critical to the wider adoption of HIT. ONC expects to award one contract for each project for a two-year project period to qualified applicants.

Monday, March 29, 2010

E-Prescribing Controlled Substances

Last week, the Drug Enforcement Administration released its long awaited Interim Final Rule on e-Prescribing of Controlled Substances

It's 334 pages long, but the most important portion is section § 1311.115 which describes the need for two factor authentication when prescribing controlled substances. Here's the detail

(a) To sign a controlled substance prescription, the electronic prescription application must require the practitioner to authenticate to the application using an authentication protocol that uses two of the following three factors:
(1) Something only the practitioner knows, such as a password or response to a challenge question.
(2) Something the practitioner is, biometric data such as a fingerprint or iris scan.
(3) Something the practitioner has, a device (hard token) separate from the computer to which the practitioner is gaining access.
(b) If one factor is a hard token, it must be separate from the computer to which it is gaining access and must meet at least the criteria of FIPS 140-2 Security Level 1, as incorporated by reference in § 1311.08, for cryptographic modules or one-time-password devices.
(c) If one factor is a biometric, the biometric subsystem must comply with the requirements of § 1311.116.

In a previous blog, I wrote about the many technologies which support strong authentication.

For e-Prescribing of controlled substances BIDMC will investigate 3 approaches

*The use of fingerprint biometrics using web-based software from Bio-Key as described in my cool technology blog.

*The use of hard tokens such as those provided by RSA.

*The use of cell phones as a two factor authentication device such as sending a PIN number via SMS after each e-prescribing session. Anakam has a complete suite of tools to implement this workflow.

Although there will be some burden/inconvenience imposed on clinicians through the use of two factor authentication, I believe it will ultimately save time. Why?

Today's e-prescribing workflow is fractured. I can write for Lipitor with fully electronic NCPDP 8.1 formatted, vocabulary controlled, end to end secure transactions. However I write for Oxycontin with a pen and paper. I have to split my time between a screen and a pen for the same encounter with the same patient depending on the drug I'm writing for. In the Emergency department, approximately 30% of all prescriptions are for controlled substances (i.e. pain control after trauma).

With fully electronic workflows, I can write for all meeds, digitally sign the enter order set, get a PIN sent to my cell phone in 2 seconds and then send the transactions to the pharmacy of the patient's choice without a pen, paper or hassle.

I look forward to our controlled substance e-prescribing pilots. Ultimately it will be a win/win/win for patients, providers, and pharmacies.

Friday, March 26, 2010

Cool Technology of the Week

Many Massachusetts homes have experienced flooding this month, so we're all a bit focused on plumbing.

I've had two plumbing issues recently, both involving interesting technology fixes.

I live in a 100 year old house with fragile plumbing and electrical infrastructure. Recently, the plumbing on two old pedestal bathroom sinks clogged to the point that no plunger or drain cleaner could clear them. In an old New England house, the bathroom sinks are often plumbed back to back together, making a plumbing snake impossible to use. The only option is to open the wall and replace the offending pipe…or so I thought until I discovered Kinetic Water Ram technology.

The idea is simple - use compressed air to create a shock wave of moving water at 5000 psi. The wave moves inside the pipe, not against the pipe walls, so it will not burst the plumbing. These devices are used by plumbers to clear very challenging clogs. Typically a plumber bills $150 for a visit. For $250, you can purchase one of your own.

Here's a video of how it is used.

The great news - I'll never need to use chemical drain cleaners or a plunger again. One device clears bathtubs, sinks, toilets etc. Clogs and accumulated corrosion deposits are both cured with a shock wave of water.

My wife and daughter thanked the home CIO for solving the problem.

In the recent floods, hundreds of basements in the Boston Metrowest area were flooded and damaged. Although my basement survived without damage, I realized that our 20 year old sump pump was a single point of failure. If the sump pump failed, we'd be flooded. If the electricity failed during a storm, we'd be flooded. Hence I investigated "disaster recovery" hardware for basements. I found the Wayne battery backup sump pump.

Last weekend, I replaced our 20 year old sump pump with a new pedestal pump and discharge hose. This weekend, I'll add the disaster recovery system.

The end result will be a 2300 gallon per hour primary pump with a 2300 gallon per hour battery backup pump that should last for a day of pumping with a 75 amp battery.

Thus, I'll be covered for pump failure and power failure. The home CIO does for the basement what the work CIO does for the data center.