Health Internet – The New Consumer-Friendly NHIN

Consumer directed HIE will become the most visible aspect of health IT stimulus and could lead a shift to consumer-directed health plans, increased interest in wellness programs and family-centered collaboration for the young, old and seriously ill.

At a recent Boston meeting on health records infrastructure, key stakeholders recognized the potential of patient control as a strategy to address privacy concerns that could otherwise limit ongoing health networking initiatives. MedCommons proposes one possible approach to making the national health information network (NHIN), currently conceived as a provider-to-provider exchange, consumer-friendly and consumer-accessible. We illustrate the need with a true story, propose a novel addition of independent identity service providers to the NHIN and then illustrate how this could be used to transfer the soldier’s CT to the US for a second opinion even as he’s being transported.

On the morning of the Boston meeting, a friend of mine called to say that his son was seriously wounded in Afghanistan and was being stabilized for transport via Germany to the US. He knew that his son had a CT in the field clinic and wanted to get it before the son was transported over four days through to Bethesda. Could the Health Internet be used to help this family?

The NHIN does not have to run like Big Brother. We propose a voluntary identity principle that distributes trust among multiple private and public institutions and gives consumers a choice of who controls their medical identity. Some might pick a particular hospital, others might choose their regional HIE while others could choose a private service such as a bank or telecom that is not a health care business at all.

The institution that manages a patient’s ID on the Health Internet is referred to as the IDP. To authorize health records exchange on the NHIN, an IDP would have to meet strict requirements and receive a NHIN Certificate. A NHIN Certificate is analogous to the SSL certificates issued to banks and other corporations on the Internet. Larger hospitals, military, VA and integrated delivery networks on the NHIN also hold a NIHN Certificate.

The issue and administration of NHIN Certificates could be handled by state or federal agencies or privatized to Verisign and similar services that already do this for the Internet.

We propose a Health Internet consisting of two kinds of certified entities, health care providers and identity providers. Both are chosen and trusted by the consumer but the identity providers are the key to effective competition and innovation.

Small group practices, insurance companies, web personal health records services and search engines would likely not carry NHIN Certificates and would participate in the Health Internet only under the control of the patient trough their IDP.

Substitutability, the central concept of the Boston platform meeting, is a key benefit of this proposal. An IDP that disappoints a patient could be swapped out without impacting the health care providers and a health care service that disappoints could be ignored or disconnected with a simple message to the IDP.

Public health and research users of the NHIN would not be affected since all entities that carry NHIN Certificates could still interact with each other directly under whatever rules and regulations the Certificates represent.

How would this have worked in the case of a soldier shot in Afghanistan and on his way to Bethesda?

– Before entering the service, the son might have picked Verizon as his IDP because they hold an HNIN Certificate and offer a family member override. He would have established the father, who also has a Verizon account as health care proxy.

– Upon induction, the health service saved the serviceman’s IDP selection (their Verizon health ID, possibly in OpenID format – see references below) along with the rest of his personal contact information.

– The father, when notified of the injury, is unsure which doctors will be available to consult on his son’s case, but needs to have the son’s CT scan at the ready as a first step.

– The father decides to do a transfer using a personally controlled health record service because it will give him control of the CT and make it easy to deliver the images to any physician that offers to help. Neither the father nor the health record service has a HNIN Certificate.

– The father goes to the military health service EHR portal. Without logging in, he goes to a form that requests his son’s Verizon health ID along with the MedCommons-type account ID where the CT is to be delivered.

– The EHR portal contacts Verizon for authorization on the basis of shared trust under the NHIN federation.

– When Verizon’s text message to the son goes unanswered, Verizon contacts the father as Health ID proxy. The father reviews the correctness of the familiar-looking MedCommons-type ID as a the destination and authorizes the transfer.

Note that the military health service does not actually know whether the son or the father actually authorized the request but they trust the transaction because the military health service knows that Verizon holds a valid NHIN Certificate.

In summary, the introduction of certified identity providers into the NHIN together with simple and commercially established OpenID protocol can transform the NHIN into the consumer-friendly Health Internet and bring simple regulation and market forces to bear on solving difficult privacy problems.

CODA: As of 10/4, the the soldier is stable, conscious and out of the ICU in Bethesda. A second opinion is in the works at a Boston hospital. The parents and collaborators are able to see and share 1.75 GB of imaging about their son. Let’s all hope for a good outcome and a speedy recovery.

Adrian Gropper is a physician and the CEO of MedCommons


Patient ID on the Internet; October 12, 2007; Blog; http://agropper.wordpress.com/2007/10/12/patient-id-on-the-internet/

Web leaders initiate govt open identity pilot program; September 30, 2009; Health Imaging Editorial; http://www.healthimaging.com/index.php?option=com_articles&view=article&id=18927

Livongo’s Post Ad Banner 728*90

Leave a Reply

10 Comment threads
0 Thread replies
Most reacted comment
Hottest comment thread
9 Comment authors
Body BalanceJonathanHealth News EdAdrian Gropper MDMargalit Gur-Arie Recent comment authors
newest oldest most voted
Body Balance

You’ve got great insights about free ladical, keep up the good work!


Interesting use case.
Based on my experience with Federated Identity I offer a writeup which I hope will provide clarity for anyone confused about IdP, SP etc.
Thank you

Health News Ed

The points you make in this blog post are very interesting, and certainly create a good argument for the use of a NHIN. However as much as I think it is a great idea, for me its detriments (being the privacy of American citizens) outweigh its benefits.

Margalit Gur-Arie
Margalit Gur-Arie

Thanks, Adrian. I think I understand better now and it makes perfect sense.

Adrian Gropper MD

Margalit There are two somewhat different ways to use a HealthURL: (1) “Please send my records in electronic form to AAA”, and (2) “My current medical situation is BBB” This posting mostly deals with (1) and is simply saying to a provider: – My voluntary identity is P and is managed by V – You, the provider, trusts V – When you receive an electronic request co-signed by V with destination AAA you will send the information to AAA regardless of who or where they are. Your question mostly deals with (2). There is a potential compromise between care coordination… Read more »

Margalit Gur-Arie
Margalit Gur-Arie

Adrian, I have a question regarding your paper on this subject. I’m not sure I’m understanding this correctly, but it seems to me that a patient can only have one active HealthURL at any given time and that is where all his medical records are aggregated at that moment in time. The next provider or care giver, would access that particular HealthURL and either become the current HealthURL or upload the records created to the original HealthURL. If the above assumption is correct, then I don’t really understand two things. 1) Why would providers compete to host these HealthURLs for… Read more »

Dr. Pandey

Patient controlled information is the best way for record security….I made that arguement here several months ago as well as I think I wrote about it on my blogs also…granted not as an stand alone article.
I continue to believe that $20 billion is too much money for health IT. I think a billion or two might be overkill.
we just need to put the right competencies for strategy deveopment and implementation.

David C. Kibbe, MD MBA
David C. Kibbe, MD MBA

Adrian: Nicely done. I think that the Health Internet (formerly the NHIN) could well end up functioning the way you describe it. DCK

Alexander Saip

Adrian, as far as I understand the MedCommons concept is somewhat similar to that of Google Health and Microsoft HealthVault, where customers decide who has access to their records. You are correct that the NHIN is intended mainly to connect care providers in order to facilitate integration of patient information collected or created in different care settings, functionally and geographically. Once it is in place, there will be no need for verification of patient authorization to access their data for care purposes because this is regulated by HIPAA and HITECH. PHR systems can and will participate in the NHIN, as… Read more »

Vince Kuraitis

Adrian, Well spoken.
History will be written that it was bizarre for consumers/patients (people) not to be baked in to the NHIN concept from the very beginning.