Mazen Elkurd, DO, a neurology resident at Georgetown University, recent generated a post on KevinMD about how “Medicine is Stuck in the Dark Ages.” He speaks about how technologies are so far behind in the field of medicine and rightly points at some of how HIPAA regulations are creating unintended consequences regarding patient data access and undermining the very security and privacy concerns the legislation was meant to address. This funny YouTube video accurately highlights the real absurdity of our health care system today. Believe me, as a practicing physician, the maze that patients go through to get health care services and their information is really embarrassing.
My response to Mazen’s post: WE (meaning patients and physicians) HAVE THE POWER AND THE TOOLS NECESSARY TO CHANGE THIS. It’s not a dream device or a hope that Google, Microsoft or Apple will create the EHR of our dreams (BTW, reading that article made me laugh so hard…I wish Micro$oft or Apple the best of luck on overthrowing Epic). The tools that exist today, exist through open source projects that many other industries are utilizing and exploring. It fosters on the idea of privacy, security, and the idea that data does not and need not be stored in a centralized (or accurately put, a “honey pot”) way. The current, unacceptable, way health data is stored and collected (by design, and by human choice through Meaningful Use) is the siloed, centralized method that translates to non-reconcilable, inaccurate, and useless healthcare data. It’s frustrating at best, but dangerous for patient safety at its worst.
What are the tools I’m talking about that already exist? They are:
- An open source EHR that focuses on user interfaces designed for physicians and patients to better health data focused on the patient. The working code in an open source project is subject to and thrives on peer review so that physicians and patients can continuously improve on it as they see fit without relying on a third party that works against our interests.
- OAuth2 for single-sign on so that physicians and patients are not relying on username and passwords that get forgotten, lost, shared, or hacked.
- User managed access (UMA), a subset of OAuth2, so that patients can set access for physicians, institutions, caregivers, or applications to their health information
- Blockchain for identity verification (which again is to minimize the use of usernames and passwords) and auditing for actions done to the patient’s health related information for data integrity.
- FHIR for health information transactions once UMA and the patient that controls it determines appropriate access. When combined, all leads to:
- A distributed network of singular patient data, controlled by UMA, FHIR, OAuth2, and Blockchain, that is not centralized or owned by any particular entity except the patient, so that data protection, security, and integrity are maintained.
What does a distributed network mean? Most of what we see today is a centralized repository of data (or what I call a node) stored one one large entity (like Google, Apple, Epic, a hospital) with data of millions of people in one server or service. If a nefarious hacker was wanting to break into any one node (and it only takes one), the hacker could easily get health related information on millions of individuals quickly with very little work. One has to also assume that there is no bullet proof way to secure any node. So if a nefarious hacker really wants to get your data, it’s pretty likely that is going to happen especially in a honey pot scenario. So by spreading the data around to millions of nodes instead one, it would takes a lot of work for the hacker to get your data. That’s the future of data security that no one in health IT is even remotely addressing. These recent cyberattacks on hospitals to get data for ransom are just the start and there is no way to really stop them in the future.
The good news about this distributed network solution to healthcare data? No one “owns” any these technologies that exist today. So, in essence, patients and physicians HAVE the immense power to harness and utilize them. We are and can no longer be beholden to EHR companies to give us what we want. We are no longer shackled by inferior and backdated technologies that hold us back in the dark ages. Being patient-informed in a distributed network solution calls for a complete, but necessary overhaul of how we currently implement health IT.
Most patients believe that health care should be a simple transaction they have control over and that there is only one data set for one person as the YouTube video suggests. But the disconnect between reality and the dream appears to be so wide that we’re just sitting on the sidelines…complaining and dreaming.
But it doesn’t have to be this way. We can wake up from our health IT nightmare right now if we choose to. The solution is in our hands. NOSH and HIE of One, both open source projects that harnesses all of these technologies, aim to unlock the shackles that hold us down the path of the health IT dark ages and is ready to be served. Are you ready?