While everyone is up in arms about the operation, or lack thereof, of the Affordable Care Act (aka Obamacare) mandated Health Care Exchange, there is another health information exchange infrastructure being rolled out to comply with elements of ACA that is actually working. Powered by the Open Cloud by IBM and others, these new health information exchanges allow doctors and other healthcare providers to seamlessly exchange and share healthcare information with each other as well as with health insurance providers.
I had a chance to sit down with Scott Megill, CEO of Coriell Life Sciences, who recently wrote an article on this subject on IBM's "a smarter planet" blog. Scott and I spoke about the challenges of not only having health information available to multiple parties using multiple systems, but also of storing and sharing this information securely. In addition to the ACA provisions, which mandate electronic health records and assume significant savings by the sharing of this information, HIPAA and other regulations mandate that this confidential information be handled in a secure manner.
Scott says that on the surface these seem to be two diametrically opposed goals. On one hand, you want information open enough that a doctor in California can access your records from a clinic in New York. But at the same time those records have to be secured to prevent unauthorized access. It would seem that using open source tools and an open architecture would only complicate this already difficult task. However, Scott says it is exactly the opposite. Only through using open systems, including open source tools such as Hadoop, Linux, etc. can healthcare organizations achieve compliance with the sharing provisions of the ACA while also complying with the security requirements of HIPAA and other regulations.
It has been forecasted that as a result of electronic medical records, as much as 40% of storage in the cloud may be medical records-related in the near future. I always assumed that it would be all of those MRI and CT Scans that everyone has to go for. Scott informed me of another source as well. Over at Coriell Life Sciences they are making digital copies of people's genome. Just a few years ago, making a copy of your genome would cost tens if not hundreds of thousands of dollars. Nowadays, it is coming down to just a few thousand dollars on the way to maybe a thousand dollars soon. Scott thinks it may be as cheap as a hundred dollars in the near future.
This kind of information would be very valuable to doctors and healthcare professionals in providing care to you. However, each human genome can contain something like three billion points of data. You can imagine that storing genomes for lots of people will create secure storage nightmares.
Beyond pure storage though imagine the bigger picture. Health information is stored in the cloud. A doctor in Florida using Windows infrastructure needs to view it and add some information. A clinic in Boston then needs to see the info, perhaps in real time, and add to it as well. The Boston clinic uses Macs. All of this then needs to get to the Mayo Clinic on their mainframe when the patient goes there. Without an open system based on recognized standards, this would be impossible. It is a situation that screams for open source and open standards. It is also a situation that IBM is very familiar with.
By supporting open standards and open source for many years, IBM has built an expertise that Megill and others are now leveraging. The SoftLayer acquisition gave IBM one of the leading cloud platforms upon which to build. Layering in security and other expertise has given companies like Coriell a readymade platform upon which to build their healthcare information business.
Whether you support the ACA or not, there is no denying that our health information will be moving to the cloud. When it does we need to make sure it is secure. Companies like Coriell and IBM are paving the way to make it smoother than signing up for healthcare is today. I am sure there will be other providers besides IBM offering standards based cloud systems. Companies like Coriell will leverage these to provide even better healthcare options for all of us.
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast. Follow him on Google.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.