Tag: Adrian Gropper

Are Patients and Interoperability Finally Coming to the Fore of Health IT?

In recent weeks, I’ve witnessed a huge change among my practicing colleagues. For the first time, the true cost of vendor-proprietary records is seen as an existential issue for practices that may need to join an Accountable Care Organization to survive.

To a doctor in the good old days, IT meant practice management as a tool to get paid. As the days of fee-for-service give way to ACOs and global payments, doctors are starting to realize the direct link between payment, health records and patient engagement.

In a recent essay titled “Show Me the Money” in Patient Safety and Quality Healthcare, Barry Chaiken, MD summarizes:

“Regular assessment of quality performance will identify those providers who might be withholding care or over-utilizing care, helping to balance the equation between clinical and financial objectives. Entities such as ACOs and patient-centered medical homes will either take on the financial risk and therefore share in the savings generated by their transformed care delivery processes or receive added payments, along the lines of current pay-for-performance schemes, for delivering predetermined clinical and financial outcomes.”Continue reading…

Putting the Patient First, Literally

Interoperability is front and center, again. Stage 1 of HITECH was about health records for doctors. Stage 2 is about interoperability. The President’s Council of Advisors on Science and Technology (PCAST) report is all about interoperability. At a recent state medical society meeting, the most animated questions by physicians to Dr. Blumenthal were about the lack of interoperability in electronic health records.

While HITECH is designed to regulate the behavior of technology vendors, it is struggling to encourage doctors to accept the result. Growing interest in ACOs may, at last, drive doctors to demand effective interoperability, and using the patient as a principal or intermediary can jump-start the clinical integration they seek.

For more than 5 years, interoperability has been approached from the perspective of doctors and hospitals. The results speak for themselves. As we process the innovations proposed by PCAST and consider the specifics of Stage 2 regulations, it’s time to put patients first and technology second by giving patients (and their designated agents) convenient access to their health records in their choice of electronic formats including Blue Button, CCR and CDA. Market forces will take care of the rest. Experience with Blue Button and the Direct Project shows that patient-centered and secure, directed exchange avoid the privacy and policy issues that delay technological approaches to interoperability.

Continue reading…

The Dog’s OAuth

Adrian Gropper A simple technology for linking EHRs will have a major impact on health care.

We’ve all heard the one about what does the barking dog do when it catches the car.

The dogs of health IT seem to have caught their car when the Interim Final Rule for standards for meaningful use accepted certification of “EHR Modules” and left it up to the marketplace to decide how the modules would communicate with each other. I think ONC deserves much praise for a very fair and innovation-friendly approach.Continue reading…

Health Internet – The New Consumer-Friendly NHIN

Consumer directed HIE will become the most visible aspect of health IT stimulus and could lead a shift to consumer-directed health plans, increased interest in wellness programs and family-centered collaboration for the young, old and seriously ill.

At a recent Boston meeting on health records infrastructure, key stakeholders recognized the potential of patient control as a strategy to address privacy concerns that could otherwise limit ongoing health networking initiatives. MedCommons proposes one possible approach to making the national health information network (NHIN), currently conceived as a provider-to-provider exchange, consumer-friendly and consumer-accessible. We illustrate the need with a true story, propose a novel addition of independent identity service providers to the NHIN and then illustrate how this could be used to transfer the soldier’s CT to the US for a second opinion even as he’s being transported.

On the morning of the Boston meeting, a friend of mine called to say that his son was seriously wounded in Afghanistan and was being stabilized for transport via Germany to the US. He knew that his son had a CT in the field clinic and wanted to get it before the son was transported over four days through to Bethesda. Could the Health Internet be used to help this family?

The NHIN does not have to run like Big Brother. We propose a voluntary identity principle that distributes trust among multiple private and public institutions and gives consumers a choice of who controls their medical identity. Some might pick a particular hospital, others might choose their regional HIE while others could choose a private service such as a bank or telecom that is not a health care business at all.

The institution that manages a patient’s ID on the Health Internet is referred to as the IDP. To authorize health records exchange on the NHIN, an IDP would have to meet strict requirements and receive a NHIN Certificate. A NHIN Certificate is analogous to the SSL certificates issued to banks and other corporations on the Internet. Larger hospitals, military, VA and integrated delivery networks on the NHIN also hold a NIHN Certificate.

The issue and administration of NHIN Certificates could be handled by state or federal agencies or privatized to Verisign and similar services that already do this for the Internet.

We propose a Health Internet consisting of two kinds of certified entities, health care providers and identity providers. Both are chosen and trusted by the consumer but the identity providers are the key to effective competition and innovation.

Small group practices, insurance companies, web personal health records services and search engines would likely not carry NHIN Certificates and would participate in the Health Internet only under the control of the patient trough their IDP.

Substitutability, the central concept of the Boston platform meeting, is a key benefit of this proposal. An IDP that disappoints a patient could be swapped out without impacting the health care providers and a health care service that disappoints could be ignored or disconnected with a simple message to the IDP.

Public health and research users of the NHIN would not be affected since all entities that carry NHIN Certificates could still interact with each other directly under whatever rules and regulations the Certificates represent.

How would this have worked in the case of a soldier shot in Afghanistan and on his way to Bethesda?

– Before entering the service, the son might have picked Verizon as his IDP because they hold an HNIN Certificate and offer a family member override. He would have established the father, who also has a Verizon account as health care proxy.

– Upon induction, the health service saved the serviceman’s IDP selection (their Verizon health ID, possibly in OpenID format – see references below) along with the rest of his personal contact information.

– The father, when notified of the injury, is unsure which doctors will be available to consult on his son’s case, but needs to have the son’s CT scan at the ready as a first step.

– The father decides to do a transfer using a personally controlled health record service because it will give him control of the CT and make it easy to deliver the images to any physician that offers to help. Neither the father nor the health record service has a HNIN Certificate.

– The father goes to the military health service EHR portal. Without logging in, he goes to a form that requests his son’s Verizon health ID along with the MedCommons-type account ID where the CT is to be delivered.

– The EHR portal contacts Verizon for authorization on the basis of shared trust under the NHIN federation.

– When Verizon’s text message to the son goes unanswered, Verizon contacts the father as Health ID proxy. The father reviews the correctness of the familiar-looking MedCommons-type ID as a the destination and authorizes the transfer.

Note that the military health service does not actually know whether the son or the father actually authorized the request but they trust the transaction because the military health service knows that Verizon holds a valid NHIN Certificate.

In summary, the introduction of certified identity providers into the NHIN together with simple and commercially established OpenID protocol can transform the NHIN into the consumer-friendly Health Internet and bring simple regulation and market forces to bear on solving difficult privacy problems.

CODA: As of 10/4, the the soldier is stable, conscious and out of the ICU in Bethesda. A second opinion is in the works at a Boston hospital. The parents and collaborators are able to see and share 1.75 GB of imaging about their son. Let’s all hope for a good outcome and a speedy recovery.

Adrian Gropper is a physician and the CEO of MedCommons


Patient ID on the Internet; October 12, 2007; Blog;

Web leaders initiate govt open identity pilot program; September 30, 2009; Health Imaging Editorial;

Meaningful Health Data Mining – How will we regulate consumer-driven research and advice?

At the National Committee on Vital and Health Statistics executive subcommittee hearing on “meaningful use” of health information technology, Carolyn Clancy, director of the Agency for Healthcare Research and Quality testified “We haven’t reached a system-based approach where the right thing to do is the easy thing to do.” The meaningful use of health information technology will free patients to organize to accelerate research and deliver advice independent of any particular doctor orhealth plan. Data mining opportunities traditionally restricted to doctors and health plans as a side-effect of their essential services will now be available to anyone that gains the trust of a patient-consumer including, for example, not-for-profits and Internet social networking groups.

Suggesting or confirming “the right thing to do” involves coordinating disparate information that includes mining patient data for decision support (to search and display guidelines), for comparative effectiveness research (to find and group similar cases), for bio-surveillance (to find cases that match a profile) and for informed consent (to quantify the risks of alternative treatments). The result of data mining is useful to the doctor, the patient and the investigator.

As with other things, the American Recovery and Reinvestment Act (ARRA) leaves much of the rulemaking and guidance regarding data mining to interpretation by the Secretary of Health and Human Services. To add to the uncertainty, at the recent Health 2.0 conference I learned from Ann Waldo, Esq. that health records not covered by ARRA are nonetheless covered by consumer protection laws. The law addresses the problem of inappropriate solicitation or misleading advice as a matter of privacy, consent, disclosure, role, identity (anonymity), transparency and accountability. I’m not enough of an amateur lawyer to dive into the details.Continue reading…


Forgotten Password?