In the June 2006 issue of 24×7, Ray Zambuto and I explained the Integrating the Healthcare Enterprise (IHE) and IHE patient care device domain activities. While it has made huge progress each year, the IHE program—formally started in 1998—has not yet become the “standard of care” for health care providers or manufacturers because there are so many separate business and information silos in health care. This has made it virtually impossible for information system (IS) vendors to develop, sell, and support economically efficient quantities of systems throughout the country, but that seems to be finally changing. The precipitating factors forcing the change have been serious money and safety pressures.
The 2004 Executive Order1 mandated the creation within the Secretary of Health and Human Services’ staff of a new Office of the National Coordinator for Healthcare Information Technology (ONCHIT) that was tasked with creating the United States National Healthcare Information Network (NHIN). In the 3 years of ONCHIT’s existence, it funded three major initiatives, two of which have already completed their first major NHIN milestones: The American Healthcare Information Community (AHIC) group has delivered clinical and technical requirements for a core electronic health record (EHR), basic biosurveillance programs, and patient-empowerment resources; the Healthcare Technology Standards Panel (HITSP) group voted in September to approve an interim suite of technical standards to meet those AHIC requirements; and on October 31, 2006, the AHIC confirmed the HITSP recommendations for the coming year’s demonstration projects. This fall, the third initiative—funding to establish and operate four 2007 Regional Healthcare Information Organization (RHIO) pilot projects—is preparing to develop and launch its demonstration RHIO programs.
A recent Executive Order2 has directed that beginning January 1, 2007, all federal agencies that provide medical care and all agencies that pay other providers for medical care (which would include Medicare), “… shall utilize, where available, health information technology systems and products that meet recognized interoperability standards.”
In short, it seems clear that the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the 2004 and 2006 Executive Orders have finally set the stage to design, and require, the use of standardized, electronic data interchange-enabled information systems as quickly as possible.
Although these changes are mostly being warmly greeted by the health care industry, they also herald new and complex challenges for those of us who work in the industry. While there are finally numerous vendors, governmental agencies, and medical researchers laboring together to help health care IS managers by developing improved standardized resources and processes, the architecture that has been chosen will not be an easy one to design, implement, or support. Rather than define a central, nationally standardized architecture to ensure personal health privacy, the NHIN’s RHIO architecture is based on loosely coupled information systems that will be locally/regionally defined and maintained. For example, patients are not being assigned a single “account number.” The Social Security number is viewed as too personal, and national patient health identifiers are perceived as too intrusive. Further, to protect patient data, the RHIOs are not designed as centralized storage of patient data but act solely as data brokers between the health providers in a given region and between regions. For that reason, complying with the NHIN—which is clearly becoming essential for reimbursement—will require local strategies to customize software and hardware systems to stay synchronized with whichever RHIO is nearby.
Where We Fit In
What the federal government is not willing to fund or even define is how individual health care providers can successfully build and maintain NHIN-compliant systems, which is where we fit in. In the next several years, core clinical and operational health care information systems, such as the Anesthesia Information System, Cardiology Information System, and Hospital Information System (HIS), among others, will begin to offer functional interoperability, at least to the level required by the hospital, by the NHIN, and by the RHIO programs.
Many of the clinical engineering, BMET, and IS challenges in health care are likely to shift quickly to selecting, implementing, and then managing relatively complex “systems of systems (SoS),” which is, in itself, becoming a newly specialized field. The SoS challenge is simply that the behavior of many interdependent systems is difficult to predict, let alone manage. The World Wide Web (WWW) is perhaps one extreme example. While the underlying Internet communication infrastructure has proven fairly robust and reliable, when an individual Web site fails it may affect dozens, hundreds, or even thousands of other sites. When any single airline or hotel shuts down its Web site for maintenance, for example, travel services like Expedia, Orbitz, or Travelocity must be designed to limp along regardless of the limitations. No single government or commercial standard governs individual Web sites, and the WWW functions as a loose federation of independent but interdependent systems.
As we know all too well, the difference in health care SoS applications is that flaws, delays, and failures can be life-critical. If a penicillin or tetanus allergy is not relayed from a physician’s office computer to an emergency department, a patient might quickly be killed. Indeed, the HIPAA regulations include “integrity and availability” of information as core legal obligations of the health care provider’s HIS. Further, cheap and ubiquitous microprocessor and telecommunication chips are transforming medical devices, which is precipitating a convergence with the whole HIS. Not only are medical devices themselves now software controlled, but they are rapidly becoming wired- and wireless-peripherals that feed data directly and accurately into the EHR. As with all technological advances, this introduces new risks and challenges, including the newly emerging obligation on the health care information system (HCIS) to reliably capture, store, and recall complex and very large blocks of real-time data such as heart waveform or surgical videography. Again, the consequences could be fatal, as might happen if an alarm from a patient’s heart monitor is endlessly delayed or lost by a wireless medical device network.
The challenges of this new era of HCIS cannot be taken lightly, if for no other reason than that HIPAA shares an important characteristic with the Sarbanes Oxley Act: Lapses in compliance are punishable by both criminal and civil penalties on the CEO and other company leaders as well as on the institution. Special care must be applied to the selection and system validation and verification for future HCIS tools. In this context, validation and verification take on two purposes: 1) to ensure that new, as-installed components, systems, and subsystems work properly, and 2) to ensure that ongoing system maintenance, including antivirus patches by third parties, does not compromise individual- or whole-system integrity. This complex but very interesting and rewarding area defines the technical and managerial vanguard for our future careers.
Now is the time to volunteer to help define our collective future by participating actively in learning, teaching, and whatever committee work you do. If we do not step forward and tackle the job, we are simply letting someone else become the leaders.
Elliot B. Sloane, PhD, Villanova University; cochair HIMSS/RSNA/ACC IHE Strategic Planning Committee; cochair ACCE/HIMSS IHE patient care device domain. For more information, contact us at [email protected]
1. Bush, GW. Incentives for the Use of Health Information Technology and Establishing the Position of the National Health Information Technology Coordinator. Executive Order 13335 of the President of the United States. April 27, 2004.
2. Bush, GW. Promoting Quality and Efficient Health Care in Federal Government Administered or Sponsored Health Care Programs. Executive Order 13410 of the President of the United States. August 22, 2006.