Q&A: CareGroup CIO advances standards for healthcare IT

John Halamka is steering industry efforts to create specifications for healthcare content such as medications, labs, demographics and more

Dr. John Halamka sees great potential for interoperable electronic health records, which could turn out to be “like Google for healthcare combined with Napster for healthcare,” says the CIO of the CareGroup Healthcare System in Boston. But first, standards need to be ironed out and technology hurdles need to be crossed. Halamka, who is chair of the Health Information Technology Standards Panel, sat down with Network World Senior Editor Deni Connor at the Health Information and Management Systems Society event in New Orleans this week and detailed the progress of standards for interoperable healthcare systems and the Bush administration-mandated National Health Information Network.

Tell me about your impressions of Microsoft CEO Steve Ballmer’s keynote address at HIMSS about XML being the panacea to interoperability between health information systems.

XML is a mechanism of transport but doesn’t necessarily describe content. What HITSP has done through this national standards activity that I lead is create interoperability specifications for medications, labs, allergies, demographics and population health to get to the granular level we are talking about. So are we using XML? Absolutely. But that’s a bit like saying ‘Do you speak English?’ It’s the difference between Shakespeare and a pulp novel. It’s all English.

XML is a higher-level protocol.

Exactly. XML, HTTPS, but then very specific constructs, so that when I describe a medication, I do it in an unambiguous way so that it’s clear that a hospital, doctor’s office, ER will all understand what that medication means, not just ‘Here’s a medical record in XML,' whatever that means. So here is what I did today [after Ballmer’s keynote], I forwarded my information through some HIMSS folks to Steve and said, ‘Look Steve, I look forward to working with Microsoft and aligning these national efforts of HITSP with the Microsoft healthcare framework [announced Monday] because it’s really specific. The example I gave today when I gave my standards talk regards gender. Normally you might think gender is only male, female and we can represent the standard vocabulary as M or F. That’s not true because there’s actually male, female, other, unknown, in transition, hermaphrodite characteristics, etc. So, if all you said in XML is female . . .

Then you have problems.

Exactly, you have problems. That’s what HITSP has done through the last 12,000 hours of volunteer work; it has gotten to the granular level you need to. I hope that the outcome of this is that Microsoft and HITSP can work together. HITSP has embraced XML constructs everywhere but included vocabularies, structure and specificity.

In order for the National Health Information Network or electronic health records [EHR] or personal health records [PHR] to succeed, and to do so in time for the Bush administration’s 2014 mandate, it seems like a lot of stuff needs to happen. Vendors have to adopt these standards for interoperability, and providers need to adopt them.

So here’s the timeframe. HITSP finished its first round of work in 2006. The Secretary of Health and Human Services, Michael Leavitt, accepted our work in December 2006. Now there’s a legalistic process in the government, where what Leavitt accepts will be recognized one year later and thereafter federal procurement must be done using our standards. So on the federal side, on January 2008, all federal procurement must use these standards. On the non-federal side, HITSP has been working with the CCHIT [Certification Commission for Healthcare Information Technology] to have a three-year timeframe for adoption across all lab systems, vendor health-information systems and [EHR] systems. So it’s going to be 2009 before you see these [standards] baked into vendors’ products.

We all know that there is going to be quite variable uptake across the United States. In Boston, 52% of the docs use [EHRs]; 18% is the average in the rest of the country. So, will Boston have the Bush vision by 2014 of EHRs and interoperability? Probably. Will others? It will probably be longer in the rest of the country. But standards, architecture, privacy, policy and certification are key. In the United States today, we have 50 states that all preempt HIPAA [the Health Insurance Portability and Accountability Act], so it may be that I have a certain set of privacy principles in Massachusetts, but as I go across the state lines, there are totally different laws. So what do you do with that?

So what is the incentive for vendors to adopt EHR and these standards?

CCHIT certification and the idea that a user would choose a certified product rather than a noncertified one. On the healthcare provider side, pay-for-performance will be the incentive for them to adopt interoperable systems. So, what happens is a payor like Blue Cross of Massachusetts says, “Interoperable e-prescribing is key, and we will pay you 10% more if you have an interoperable EHR that does e-prescribing.’ The doctor goes to the vendor and says, ‘I really need this standards-based product,’ and the vendor would have to provide it. A lot of this is alignment of incentives. If CMMS [Centers for Medicare & Medicaid Services] paid differentially for the use of EHR, then you would see adoption. So, 2014 is overly optimistic, but by then you’ll see the alignment of incentives, and we’ll see gradual adoption.

In order for standards to be accepted, there must be some level of policy setting and automation. IT has been really hesitant about automation. Policies are another thing; there have to be committees that set policy, and that may delay implementation of software while the committee sets policies.

That’s true. Policy is key, because you have to have policy before you have technology. There are areas of security that don’t need policy like auditing, authentication and secure transport. HITSP has tried to standardize a lot of that security stuff awaiting policy from the Health Information Security, Privacy and Collaboration [HISPC] group. There’s a lot of work to be done yet.

It would seem that policy would have a lot to do with the sharing of information and whom an organization shares it with.

Absolutely. Let me give you an example. There are many hospitals in the Boston area. Some hospitals believe data-sharing is appropriate and good for patient care because an informed doctor makes better decisions. Others have said they are so concerned with a privacy spill that they will only share data with credentialed doctors who are on our staff. By hospital there is variation in policy, and that is going to result at best in a fractured medical record. Still, some information is better than no information, and I really do believe that the patient should be in charge of what is shared and what is not shared -- an opt-in consent model. Wouldn’t it be great if we had a nationwide model for what the model of consent looked like? Then we could say, this is the policy that exists, and the patient can decide regardless whether they are in California or Massachusetts what get shared when. We don’t have that yet -- it’s a couple of years away.

At HIMSS, we are hearing a lot about PHRs that can be stored on a VeriChip, a credit card or a thumb drive.

That’s right. That’s what I have been charged with doing in 2007 and putting it on a transportable media.

So, with PHRs, do we still have to have a unique patient health identifier, and is it used to aggregate a patient's records?

Aha, what an interesting question that is. Here’s the challenge. In this country, we have no single patient identifier for patients. Using the Social Security number is very bad. Women born before 1930 don’t have one because it was assumed they wouldn't work, so they were given their spouse’s SSN. Eleven percent of the time the Social Security number is just wrong, with data transposition. So, we use standard demographics -- name, date of birth, address and Social Security number -- to match people. It’s not perfect, but it’s good enough. If we had a unique patient identifier, we could add that to the mix, but I'll tell you, privacy advocates are very sensitive to a single identifier because conceivably you could link it to your mortgage and financial records, and a lot of people don’t want that.

So how do we link all these records for a patient together?

Here’s what we’ve done in Massachusetts. When a patient registers for care, their name, gender, data of birth and ZIP code is linked with an algorithm that can say the patient was here, here, here and here, and all the medical records are assembled virtually, with pointers back to where all that information should live. It’s like Google for healthcare combined with Napster for healthcare.

Learn more about this topic

Healthcare pros debate interoperability standards02/27/07A growing divide in healthcare IT02/06/07VA, Pentagon commit to joint e-health records01/29/07
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.

IT Salary Survey: The results are in