Healthcare Innovation Through The Lens Of Interoperability And Privacy
Mifan Careem is Vice President and Head of Solutions Architecture and Head of Healthcare Solutions at WSO2.
Dwight D. Eisenhower is often attributed with the following quote: “The things that are urgent are seldom important, and the things that are important are seldom urgent.” Healthcare organizations have known that interoperability is key for innovation, although not many organizations have prioritized the implementation part of it. The impact of the pandemic flipped this well-known adage on its head for healthcare innovation though, as interoperability and data access became the No. 1 priority overnight for healthcare organizations and consumers.
The pandemic has accelerated consumer demand for newer and innovative healthcare solutions like never before. From telemedicine and digital front doors to aggregated health data apps, healthcare organizations are competing to better serve their consumer base with compelling digital solutions. And providers, payers, healthcare app developers and tech giants are scrambling to provide consumers with innovative solutions. McKinsey estimates that global digital-health revenues will rise from $350bn in 2019 to $600bn in 2024.
Interoperability is a key driver for Innovation in healthcare.
Accessibility and availability of the right data is the first step in innovation. Supporting a 360-degree aggregated view of a patient or member requires data pulled in from multiple sources, mostly from the user’s hospital and electronic health record systems, health insurance and claim management systems, wearable devices such as the Apple Watch and Fitbit, healthcare apps such as Apple Health or Epic MyChart, etc. This means access to multiple systems across multiple organizational boundaries. This requires the custodians of the data to expose accurate, timely information in a secure and controlled manner using a common language, whilst authorized users of the information such as providers should have the ability to pull (or push in some cases) data from multiple sources, integrate and augment the data and expose this data as aggregated information to a broader audience.
Initiatives to promote interoperability have been in place since before the pandemic, although their importance and need are really being felt now. Application programming interfaces (APIs) and a widely accepted canonical model are the natural first steps for this integration ecosystem.
International standards such as Health Level 7 (HL7) and Fast Healthcare Interoperability Resources (FHIR) provide API interoperability standards that encourage a common language across healthcare systems. In the U.S., regulatory standards such as the Office of the National Coordinator (ONC) for Health Information Technology’s Cures Act Final Rule support seamless and secure access, exchange and use of electronic health information. Similarly, the Centers for Medicare & Medicaid Services (CMS) Interoperability and Patient Access Final Rule mandates healthcare payers to expose patient details as FHIR APIs by July 2021.
Once these regulations are in full effect, a healthcare app developer can selectively request patient information from multiple facilities and expect that data be returned back in a canonical format, such as FHIR in real time. The fact that some healthcare systems don’t talk FHIR today would mean some level of transformation back and forth between systems — the right technology platform can help in conversions on the fly. Overall, the future of healthcare interoperability looks bright and points to a step in the right direction — a promising stage for healthcare innovation.
Security and privacy play a bigger role in healthcare.
If interoperability is one half of the healthcare innovation story, security and privacy are the other, more challenging half. Interoperability in healthcare often involves sharing individual patient data, which often falls under HIPAA’s definition of Protected Health Information (PHI). So, if an app requests a member’s first name and address, both those fields are PHI-protected and need to be handled in a certain way.
Providing data access to third parties whilst maintaining a semblance of privacy is an important and costly tradeoff. Moreover, the expectation with the newer regulations is to provide public access to certain types of information as APIs, which means those APIs need to be protected from common public attacks as well. The former is addressed in part by SMART on FHIR guidelines, which provide guidance on how OpenID Connect and other technologies can be used for API security. The latter needs to be addressed by complementary security features available in API management, such as rate limiting, script attack protection and security practices like encryption.
Sustainable innovation means consent is in the hands of users.
Ultimately though, innovation depends on the breadth and depth of information users are willing to share from the gamut of information a healthcare organization has at its disposal. Users, who might be categorized as patients or members, are required to explicitly provide their consent for data sharing and access — either broadly to a healthcare organization to share certain types of information or specifically for an app to access specific types of information.
The challenge intensifies when a parent or guardian needs to provide consent on behalf of someone else — a child perhaps — which leads to a delegated consent management use case. Healthcare organizations need to invest in the right consent management technology in order to truly encourage innovation that is sustainable in the longer run.
Healthcare innovation is a tradeoff between interoperability and security.
Innovation in healthcare is vital today, not only to keep up with the modern digital consumer, but to also help save lives. And innovation starts with having access to the right data from across the integrated spectrum — data that is interoperable, accurate, timely and secure.
Security and privacy have a huge impact on the type of information that can be shared. Whilst broader security aspects, such as data privacy and information security, need to be handled at an organizational level, the availability of certain types of user data should always be based on the consent of users. The usefulness of healthcare apps will have a direct relationship to the amount of information a user is willing to share, which puts control in the hands of the user. Sustainable innovation is a tradeoff between interoperability and privacy.