The HIT Policy Committee and its Meaningful Use Working Group will be defining meaningful use very soon. Although I have no inside knowledge of what meaningful use will be, I think it will likely include several elements of health information exchange.
To me, health information exchange is three things
1. Policies for exchange which protect confidentiality, ensure compliance with regulations, and meet the service expectations of stakeholders.
2. Workflow which supports the business processes of payers, providers and patients.
3. A technical architecture which implements the workflow.
To achieve meaningfully useful health information exchange, Massachusetts has recently convened three committees under the auspices of the Eastern Massachusetts Healthcare Initiative. During May and June, we'll complete meetings of our Policy Committee, the Workflow Committee and the Architecture Committee which will take our existing health information exchanges to the next level.
I'm an active participant in these activities and want to share our work in progress with you.
Policy Committee - we're working through complex issues of consent, liability, service levels, and the division of responsibility between the health information exchange and local organizations sending/receiving data. Last Friday, we discussed these issues in detail. Here's the powerpoint outlining the issues and the draft policy for health information exchange we have developed thus far, based on our experience with NEHEN.
Workflow Committee - There are several high priority workflows among our stakeholders including clinical summary exchange, referral management, admission notification, results exchange, and quality reporting. Here's an overview of our workflow activities in progress.
Architecture Committee - In Massachusetts, we've tended to implement a service oriented architecture using CAQH Core Phase II common data transport and XML constructs such as CCD. I'll post the details of our implementation guides when they are complete.
With sound policies, prioritized workflow, and a single architecture including content, vocabulary, and secure transmission standards, Massachusetts will be "shovel ready" for health information exchange supporting meaningful use by this Summer.
Sunday 31 May 2009
Friday 29 May 2009
Cool Technology of the Week
In my recent blog about the Red Flags rule, GreenLeaves commented that biometric checking would help reduce errors by establishing identity and uncovering fraud.
Using biometrics to verify identity seems like a good idea, so I met with Jim Sullivan from BIO-key, a leading provider of biometric solutions.
In the past, I've been reluctant to adopt biometrics because of the expense of buying fingerprint or Iris scanners for each of my 8000 client devices.
However, now that many laptops and hospital ready tablets include embedded fingerprint swipe scanners and that the price of USB fingerprint scanners has dropped significantly, it is realistic to consider biometrics.
BIO-key has developed a next-generation algorithm that reduces the fingerprint to set of calculated unique identifiers. A person’s fingerprint graphic is not the credential; their finger is. BIO-key ensures that only a real finger is being scanned to produce these unique identifiers, making a stolen fingerprint graphic useless to a potential imposter. It's the computed values that are stored when the user's finger is scanned at enrollment, and is later used for comparison with future scans. To me, it's similar to the way NTLM authentication works - there is no need to store or exchange the actual password, it's a mathematical hash of the password that is compared to a stored mathematical hash of the original password. BIO-key allows you to enroll and identify on most of the different fingerprint scanners in the market, allowing an open, heterogeneous fingerprint hardware environment.
There are several interesting ways that biometrics could be used in healthcare:
1. As an alternative authentication method for clinicians instead of having to constantly type a username and password. BIO-key provides a web-enabled fingerprint scanning authentication method that interfaces seamlessly between web applications and an enrollee database or Active Directory. Every authentication, from connecting initially to a secure Wi-Fi hub, to authenticating to Active Directory, to authenticating to web-based or thick client applications, can be done using a finger scan.
2. As a two factor authentication mechanism for secure remote access to sensitive data - instead of a token, you carry your finger with you wherever you go. Note that modern fingerprint scanners include measurement of living tissue, so your finger cannot be stolen and used as an authenticator.
3. As a way to protect patients from identity theft or mis-identification. The first time you register for care, you present your passport and your finger for scanning. On every successive visit, your fingerprint scan is used to verify your identity, without the need to hand-check the paper credentials again.
Some people may think that fingerprints are used to identify criminals and thus be reluctant to use a fingerprint scanner. As noted above, we're not using the fingerprint itself - this is not an FBI comparison to a stored library of fingerprints. Instead, it's comparing the scan of finger to specific computations made on earlier scans of the finger when the patient first registered. Hopefully, this will make patients accept scanning as a positive way to protect their identity instead of a negative "police-like" search of their past.
If you'd like to try this yourself, just get a USB fingerprint scanner or use a laptop with a built in fingerprint swipe reader such as HP, Lenovo, or Dell. Go to http://www.bio-key.com/hitdemo.asp and follow the instructions to download the web client and test the fingerprint enabled applications. Note that it only works in Windows at this time.
A simple way to prevent identity theft and to authenticate web applications using your finger. That's cool!
Using biometrics to verify identity seems like a good idea, so I met with Jim Sullivan from BIO-key, a leading provider of biometric solutions.
In the past, I've been reluctant to adopt biometrics because of the expense of buying fingerprint or Iris scanners for each of my 8000 client devices.
However, now that many laptops and hospital ready tablets include embedded fingerprint swipe scanners and that the price of USB fingerprint scanners has dropped significantly, it is realistic to consider biometrics.
BIO-key has developed a next-generation algorithm that reduces the fingerprint to set of calculated unique identifiers. A person’s fingerprint graphic is not the credential; their finger is. BIO-key ensures that only a real finger is being scanned to produce these unique identifiers, making a stolen fingerprint graphic useless to a potential imposter. It's the computed values that are stored when the user's finger is scanned at enrollment, and is later used for comparison with future scans. To me, it's similar to the way NTLM authentication works - there is no need to store or exchange the actual password, it's a mathematical hash of the password that is compared to a stored mathematical hash of the original password. BIO-key allows you to enroll and identify on most of the different fingerprint scanners in the market, allowing an open, heterogeneous fingerprint hardware environment.
There are several interesting ways that biometrics could be used in healthcare:
1. As an alternative authentication method for clinicians instead of having to constantly type a username and password. BIO-key provides a web-enabled fingerprint scanning authentication method that interfaces seamlessly between web applications and an enrollee database or Active Directory. Every authentication, from connecting initially to a secure Wi-Fi hub, to authenticating to Active Directory, to authenticating to web-based or thick client applications, can be done using a finger scan.
2. As a two factor authentication mechanism for secure remote access to sensitive data - instead of a token, you carry your finger with you wherever you go. Note that modern fingerprint scanners include measurement of living tissue, so your finger cannot be stolen and used as an authenticator.
3. As a way to protect patients from identity theft or mis-identification. The first time you register for care, you present your passport and your finger for scanning. On every successive visit, your fingerprint scan is used to verify your identity, without the need to hand-check the paper credentials again.
Some people may think that fingerprints are used to identify criminals and thus be reluctant to use a fingerprint scanner. As noted above, we're not using the fingerprint itself - this is not an FBI comparison to a stored library of fingerprints. Instead, it's comparing the scan of finger to specific computations made on earlier scans of the finger when the patient first registered. Hopefully, this will make patients accept scanning as a positive way to protect their identity instead of a negative "police-like" search of their past.
If you'd like to try this yourself, just get a USB fingerprint scanner or use a laptop with a built in fingerprint swipe reader such as HP, Lenovo, or Dell. Go to http://www.bio-key.com/hitdemo.asp and follow the instructions to download the web client and test the fingerprint enabled applications. Note that it only works in Windows at this time.
A simple way to prevent identity theft and to authenticate web applications using your finger. That's cool!
Subscribe to:
Posts (Atom)
