Greg Goth

Network-enabled communication has revolutionized financial services, retail sales, auctions, and business-to-business transactions. But one of the largest global economy’s sectors—healthcare—remains locked in a technological netherworld—part paper, part digital, and almost entirely user-unfriendly.

Public officials and healthcare industry executives acknowledge that switching from paper-based to network-enabled digital records would save billions of dollars per year. A recent Rand Corporation study estimates mean yearly savings through 2020 at an average $42 billion in the US alone (www.rand.org/pubs/monographs/2005/RAND_MG410.sum.pdf). Much of the savings is indirect, such as estimated savings from reducing medical errors attributable to inaccurate or out-of-date records. Still unquantified are the effects of increased consumer confidence that their records are correct—and beyond correct, in their control.

New, big kids on the block

It might take Google and Microsoft—technology giants, but health-records neophytes—to give networked and interoperable electronic health records just the kick start they need to escape the siloed and proprietary model now prevalent. The new technologies, Google Health and Microsoft HealthVault, are classified as personal health records (PHRs), which are a subset of industry-recognized electronic health records (EHRs).

Both companies are now engaged in pilot programs with healthcare organizations regarded as e-health pioneers. Google and Cleveland Clinic are piloting the Google Health technology, while Microsoft is piloting the HealthVault architecture with the Mayo Clinic. Eventually, the two technologies will allow patients to synchronize their records between their various healthcare providers, including dynamic uploading of new data that will then be available to any authorized doctor, nurse, or pharmacist, regardless of their institutional affiliation.

The approaches are different: Google Health is a front-end application, while HealthVault is a database that users will augment with via third-party applications. However, the goal is the same in both cases—patients will have ultimate control of their medical records. And to further assure patients they will be in command, Google Health executives say the technology’s business model, relying on search by users and not targeted advertising, is completely divorced from individual information stored by Google. Microsoft HealthVault’s privacy statement (https://account.healthvault.com/help.aspx?topicid=PrivacyPolicy&rmproc=true) says no individual information will be supplied for marketing purposes “without Microsoft first asking for and receiving your opt-in consent.”

“With records, most of where the industry has been in the last 10 or 15 years has been system-driven, in deployments such as large integrated delivery networks or medical groups, anybody who has economies of scale,” says Missy Krasner, product marketing manager for Google Health. “But we’re still in a siloed model where any EHR or consumer-facing tool is tethered to that particular system. The Google Health platform is a direct-to-consumer play, putting them in control.”

Whose data?

That key word—control—could be an amorphously defined but viciously contested battleground between antagonists in several camps: entrenched EHR vendors, which have done well in the current proprietary landscape, versus Microsoft, Google, and new low-cost EHR vendors; and large medical groups and hospitals, which currently store and own patient data, versus consumers, who want to be the ones to distribute data as they see fit.

“As a guy who operates the regional healthcare information organization in Massachusetts, one of our real challenges is not the technology, it’s the policy,” says Dr. John Halamka, CIO of Beth Israel Deaconess Medical Center in Boston and also CIO of Harvard Medical School. “What Google and Microsoft really do is empower the patient to be the steward of their own data. For example, a patient can apply privacy flags, and say, ‘I’m not going to send my mental health information to my dermatologist, because it will likely have zero effect on my care.’”

Clinicians might find it difficult to cede that kind of control to consumers. The advent of consumer access to medical research distributed on the Internet in the late 1990s was the first wave of debate over decades of ingrained paternalism in the doctor-patient relationship; the PHRs could prove to be another.

However, Dr. Halamka, who is also the chairman of the American National Standards Institute’s  Healthcare Information Technology Standards Panel (www.hitsp.org), says a combination of market and regulatory forces might be offering the “invisible hand” incentives for the various camps to reconcile their interests. Beth Israel Deaconess has offered a PHR for its patients for seven years, Halamka says. The patients who use them are true devotees of the technology and are willing to “vote with their feet” to find clinicians who will accommodate their preferences.

“They have basically said it is the one thing that has kept them a devoted patient of Beth Israel Deaconess,” Dr. Halamka says. “So if I can attract and retain patients based on PHR integration, it’s pretty important.”

Indeed, in a recent phone survey of 2000 adults in the medical center’s service area of eastern Massachusetts, Halamka says 19 percent said they would switch their medical affiliation if they found a doctor with an e-enabled practice.

“That’s a major forcing mechanism,” he says. “What I’ve committed to the organization is—whether it’s our own patient portal, which is really a window to our EHR, or Google or Microsoft or whomever—the patient will be able to choose how they get their data from us. It’s all about retention and recruitment.”

Closing the loop

Even for physicians, hospitals, and patients that can agree on the principles of patient-controlled records, significant financial, technical, and regulatory hurdles remain before the mass deployment of PHR-based records systems. Halamka says only 18 percent of US-based physicians currently employ EHRs.

“A solo practitioner, or small community-based practice, is being asked to shell out $60,000 for an EHR, and they may make $100,000 a year. And on top of the upfront cost, they can lose 25 to 30 percent of their productivity for three to six months while the system is being installed and configured—and they get no more money for using it.”

However, he also says regulatory and financial incentives are aligning that should increase EHR adoption. To receive accreditation, medical organizations must employ records that accurately depict patients’ medication regimens, and the US government has provided exceptions to anti-kickback statutes that allow hospitals and medical centers to provide up to 85 percent of an EHR system’s cost for affiliated physicians.

“Pay-for-performance contracts will motivate doctors to get EHRs, and the federal safe harbors will really accelerate them,” Halamka says. “If the hospital can do an 85 percent subsidy and implement a software-as-a-service model, that will really encourage the community doctors in the last mile.”

The question of resolving technical standards is also complex. For example, medical professionals use code sets such as the International Classification of Diseases (ICD) and Common Procedural Terminology (CPT) to describe symptoms and treatments. Private and public sector insurers use these records to determine payment. For the Google and Microsoft technologies to be useful to clinicians and yet not force consumers to take a crash course in medical terminology, middle layers of translation software will have to be perfected.

“Say you have an entry that says ‘Patient is a diabetic and always uses alcohol swabs before doing their injection,’” Dr. Halamka says. “The problem is that natural language processing says ‘The patient always uses alcohol.’ So there’s a challenge that natural language processing has false positives and negatives, but I think it’s probably true you can do some best guessing, and patients and doctors can help disambiguate.”

He says much of the standardization work has progressed well. Transport will be conducted via Web Services standards such as SOAP, XML, and WSDL; the industry has agreed upon a document format called the Continuity of Care Document (CCD). The CCD contains both structured and unstructured data elements and has been accepted by the major medical records vendors and the US government.

Dr. Halamka also says that both Google and Microsoft have committed to industry IT executives that they will eventually provide a standard API, therefore making integration with existing records systems less onerous. However, he adds, “As of today, there are just enough differences between Google and Microsoft that you have to do two sets of API integration.”

Because the projects are still in the early pilot phase, he doesn’t expect the existing incompatibility to severely impact mass adoption. Google's Krasner says, “There’s been a lot of friendly contact” between Google and Microsoft regarding standardizing the API, “but right now our focus is to launch.”

Global e-health

The ramifications of Google Health and HealthVault don’t stop at the US border. The patient-centric revolution is worldwide, one global e-health expert says.

“It’s bringing the patients into a partnership with their caregivers, maybe for the first time,” says Richard Alvarez, CEO of Canada Health Infoway (www.infoway-inforoute.ca), Canada’s national e-health organization. “There won’t be any governments around this world, or single payers, or health systems, that won’t subscribe to that notion. It’s enormously important—enormously important—in terms of bringing in the next wave.”

Alvarez dismisses some of the concerns over patient privacy expressed by US-based observers. Those observers claim that, because Google and Microsoft are not bound by US data security regulations under the Health Insurance Portability and Accountability Act (HIPAA), patient data will somehow be less secure than data stored by existing entities. Alvarez says many Canadians see that argument as disingenuous.

“Many people here, especially seniors but others as well, are tired of the fact that people might use the privacy argument so as not to move away from the status quo and toward more electronic systems. On the other hand, they expect those of us who are engaged in putting these systems in to make sure the systems are trusted.”

Alvarez also says that consumers in nations with single-payer health systems don’t fear private sector insurers obtaining records and denying coverage to prospective consumers with preexisting conditions, as often happens in the US. Instead, he says, global concerns center more on medical industry pitches to patients—such as direct-to-consumer drug advertising, allowed by only a few nations, including the US—and potential US government surveillance rationalized by anti-terror efforts.

“We want to make sure that if these products move up here, they are not subject to the Patriot Act,” Alvarez says. “That would be a problem for us. I guess the relevant data centers would have to be in Canada to assure that.”

Both companies have gone to great lengths to assure potential uses that industry standard security technologies and beyond will be used in the new PHRs. Google Health, for instance, will use Secure Sockets Layer (SSL), while HealthVault architects installed extra precautions, according to a statement by Microsoft.

“With HealthVault we isolated traffic onto a virtually separate network and located our servers in physically separate, locked cages,” the Microsoft representative said. “All data that moves among our systems are encrypted, including all traffic to and from HealthVault, its users, and its partners. Access to HealthVault data by Microsoft employees is tightly controlled and extremely limited to a small group of personnel necessary to perform essential operations.

“All of our back up data is encrypted, and every stage of its transportation is logged. We also log every time records are created, changed, or read, leaving a clear audit trail.”

Halamka, who sat on the expert advisory panel advising Google on Google Health, also sees the privacy issue as overstated. “Obviously, Google and Microsoft are selling trust,” he says. “That’s really all they’re selling in their PHRs, so if they abrogate that they will have lost their business model.”

---

Cite this article: Greg Goth, "Power to the Patients," IEEE Distributed Systems Online, vol. 9, no. 5, 2008, art. no. 0805-o5001.