By Kiran Kuchibotla, VP Project Portfolio Delivery, Advantasure
February 2022 – The healthcare industry invests millions in modernizing technology stacks and building high tech platforms and applications. Yet those platforms and applications continue to be siloed, preventing healthcare institutions from sharing patient data and communicating effectively. In short, these systems still don’t talk to each other.
Imagine if a primary physician and several specialists can share patient data, even if their internal applications and systems are different. Coordination and treatment plans will be more cohesive and high quality.
Although systems are segregated, institutions are slowing jumping on the interoperability train. According to the Healthcare Information and Management Systems Society (HIMSS), “Interoperability describes the extent to which systems and devices can exchange data, and interpret that shared data. For two systems to be interoperable, they must be able to exchange data and subsequently present that data such that it can be understood by a user.”
There have been several key legislations that have helped interoperability. It started with the HITECH Act (Health Information Technology for Economic and Clinical Health) introduced in July 2010, which incented providers to adopt the EHR (Electronic Health Record). More recently, CMS’s Interoperability and Patient Access final rule put patients first by giving them access to their health information when they need it most, in a way they can use it best. This meant payers were asked to adopt specific APIs (Application Programming Interfaces), standards and protocols that will allow two applications to talk to each other for the exchange of patient data.
Complementing this, HL7 (Health Level Standard, a healthcare standards organization) developed the FHIR (Fast Healthcare interoperability Resources), a standard API for third party app developers to be able to access patient’s administrative and clinical data. Although CMS issued a rule requiring its regulated payers to implement the FHIR API by July 1st, 2021, only about half of the payers had implemented it as of November 2021.
Implementing interoperability via FHIR is not easy. It requires specific expertise and significant coordination between multiple entities. Consequently, it could take years before data can be organized in a meaningful way, producing an actionable outcome for the patient. Two critical issues will impede the progress of interoperability if not resolved quickly.
The first issue is Data Integrity: Variations in interpretation and implementation of the FHIR API could result in missing or inaccurate data, causing compliance risk and a significant risk to patient safety. For example, depending upon the version of the implementation guide a vendor uses, a non-required field in one version could be a required field in another version. For instance, a data field called Patient could have ten attributes. One vendor leveraging a specific implementation guide may implement only eight attributes. Yet, other vendors may implement all ten attributes, causing inconsistencies with the data exchanged between entities.
This problem is exacerbated by duplicate records since we don’t have a unique ID identifying a patient. Unfortunately, social security numbers can be used only for insurance and financial reporting purposes, limiting clinical data use due to privacy concerns.
There are, however, several tools and algorithms to remove data inconsistencies and improve patient matching. And recent developments concerning patient matching are promising. The ONC’s publication of ProjectUS@, the technical specification to standardize patient address matching, and the Senate’s approval of allowing innovation around a Unique Patient ID, will help address long-standing issues with patient matching.
Indeed, there is progress, albeit slow. Data issues in patient records will persist until standardization takes place.
The second issue is Security: The FHIR standard used in interoperability does not necessarily have security flaws. However, a recent white paper by Alissa Valentina Knight (a leading cyber security expert and influencer) from Knight Ink revealed vulnerabilities when data aggregators and intermediaries use the FHIR API. She tested 5 FHIR APIs (2 EHR vendors with no security vulnerabilities), representing 48 total FHIR mobile/web clients. She was able to aggregate EHR data from over 25,000 healthcare providers and payers, which gave her to access over 4 million patient and clinician records with one patient credential.
These findings are alarming, and patients need to be wary that their data is leaving highly secured walls of payers and providers to less secure third-party aggregators.
HL7 is actively working to create a new implementation division to address such concerns. Knight proposed several recommendations for each entity in this ecosystem (from ONC to app developer) to address these concerns. She argues it should not be the responsibility of payers or providers to assess the app’s security where patient data gets downloaded. Instead, she recommends initiating a separate oversight organization to protect the patient’s data.
Despite these developments, each player in the healthcare ecosystem has responsibility to protect patient data. Payers and providers need to have a robust security paradigm as they vet third-party apps trying to access the data. And third-party app developers must implement FHIR APIs securely.
Implementation of interoperability will be a long journey, and we cannot realize its value until these critical challenges are addressed.
About the Author
Kiran Kuchibotla is a transformational senior technology leader and client executive with over 20 years of progressive global leadership with healthcare payers. A collaborative leader with a reputation for turning around businesses by unlocking the value using technology and formulating trusted partnerships with C-Level executives. Kiran has a passion for helping businesses implement operational and technology initiatives that improve processes, reduce expenses and drive bottom-line profitability. Her holistic approach to innovation and problem solving is deeply rooted in Human-Centered Design and Design Thinking.
Kiran works alongside Advantasure partner organizations in her role as Vice President of Project Portfolio Delivery to ensure successful product implementations and integrations.
Kiran has demonstrated progressive global leadership throughout a career in which she has cultivated deep expertise in technology and strategies for payer organizations. Previously, she was Vice President, client partner at Health Plan Services, responsible for the management of all Blues accounts. Earlier, Kiran was Vice President for strategy at Xerox in its government healthcare business.
Kiran earned an executive MBA from Kellogg School of Management at Northwestern University and a Master of Science in Computer Science from the University of Louisville. She also holds a master’s in Computer Applications and a bachelor’s in commerce from Osmania University in India.
Leave a Reply