Patient Centered Health Internet

I have recently been approached by several policy people who are interested in ensuring that the consumer/patient is at the center of the coming Health Internet.

Through my work at the Cautious Patient Foundation, I have become pretty obsessed about only working on patient-centered and patient-empowering technologies. I often work on software for doctors, but only when it happens to also empower patients.

For that reason, I have chosen to donate time to the Direct Project. I was one of the more active members of the Security and Trust working group, and what I am about to describe relies heavily on the trust model that I advocated for (along with Sean Nolan, from Microsoft… strange bedfellows… I know…).

I believe that any consumer advocate should be helping to ensure that state and regional HIE efforts, as well as the RECs are fully informed about the basic implications of the Direct Project. They need to understand what their role is… or more precisely what their role is not.

I argue that the Direct exchange model is fundamentally empowering in a way that the IHE model is not… yet. To understand why you have to look carefully at the basic routing models of the two systems. Lets imagine that I change doctors from current doctor, in Houston, to a new doctor in Arizona. If I were to transfer my files using the IHE NW-HIN this is how it would look:

How health documents travel over the IHE NW-HIN
How health documents travel over the IHE NW-HIN

Each little blue hexagon is an organization that believes that it is determining the trust, privacy and interoperability policies for its constituent members.

See the problem? In order for there to be a path between health provider A and health provider B a pretty large number of trust relationships will need to be in place, and everyone has to agree. In the short term, that is a pipe-dream. IHE requires complex routing with lots of very specific decisions at each “blue” point. The organizations that are in charge of making these decisions currently have no idea how to implement their policies in either IHE or Direct protocols. For the most part, the deciders just dribble on about trust relationships and policy decisions without any clear understanding of the technologies that will implement those features. Further, the IHE technology is a complex protocol, and sometimes complex routing decisions will not be possible in initial generations of the technology and/or protocol.

There are good reasons for this architecture. It can work, entirely in the background, without the patient (you) having to initiate are request. This is pretty good if you are showing up unconscious in the new city… Your records will just magically appear in the ER from the network. But what happens when Planned Parenthood has records for your and a Catholic Charity Clinic is making a data request to the network for you? Those kinds of tremendously complex issues are all handled -inside- the IHE protocol and its open source implementation the CONNECT project.

Now lets consider how this health record process would occur on the Direct Exchange:

How a health record moves across the Direct Exchange
How a health record moves across the Direct Exchange

Ok its worth taking some time to explain this. The Direct project is specifically designed to handle point-to-point trust relationships for Health Information exchange. From the Direct Project Security Overview (I actually wrote this part):

In the same way that clinicians currently do not assume that it is safe to fax protected health information to anyone with a fax number, or mail PHI to anyone with a post office address, Direct Project users should not assume that it is safe to send messages to any Direct Project address. Direct Project users will need to establish real-world trust relationships with other Direct Project users on their own terms, but once they have established this real-world trust, they can be sure that a Direct Project network will securely deliver Direct Project messages to the trusted Direct Project user.

So the “old doctor” needs to configure his EHR to trust my PHR. I need to configure my PHR to trust his EHR. Once that trust has been established, I can securely receive a copy of my records knowing that there are no untrusted intermediaries. The “privacy and security” policies need to be agreed upon only by me and my doctor.

Similarly the “new doctor” and I need to establish a trust relationship. Once this happens I can forward a copy of my records.

So what does this have to do with patient empowerment and consumer-focus? In my mind, everything.

  1. No one but me and my doctor need to agree regarding privacy and trust. Once the doctor is sure I am really “Fred Trotter” he can transfer anything he wants directly to me.
  2. The old doctor and the new doctor do not need to trust each other. The both need to trust me.
  3. I do not need any third-party permission to send data to and from my doctor. If I want to setup my withings scale to pump my daily weight measurements into my doctors EHR… I can do that.
  4. My PHR is a peer on the Direct Exchange network. The model is PHR-centric and is therefore patient-centric.

In the Direct Model, the patient can literally the center of the transfer. If the “old doctor” and the “new doctor” have a trust relationship, they can directly exchange information about me. But they do not -need- to have a trust relationship for the network to function.

Eventually, the IHE-based Health Internet will support patients as equals on the Health Internet. Eventually, the routing between different IHE nodes will be more direct, and then the benefits of IHE might begin to outweigh the benefits of the simple Direct Exchange.But for now, the Direct model empowers the patient in ways the IHE model could never hope to.

So what does that mean for policy makers? For whatever reason, every time I study a local, regional or state HIE effort, they all seem to be pushing the top-down HIE model. There are many things that a local HIE exchange could do to facilitate a Direct Exchange model, but for whatever reason, I do not see Direct being discussed by the RECs or by the local exchanges. I can understand why. In the Direct model, the task of a local exchange is to facilitate trust relationships and then get out of the way. The local exchange never gets to have a local copy of the patient data or even to see the patient record go by on its way somewhere else. They are much much less important under the Direct exchange model, and in fact, a Direct Exchange can happen without the cooperation or facilitation of any “HIE organization” or REC. This is much much closer to the distributed peer-to-peer nature of the Internet, and those involved with the Direct Project believe that in the end, it will be substantively easier for organizations to use than a IHE-based local HIE.

The Direct project is backed heavily by Microsoft Healthvault and members of the Google Health team are now participating as well. Those are the two dominant commercial PHR systems available. I believe both of them are just waiting for something like the Direct Protocol to blossom into really useful tools. Both of these tools have solid consumer-facing options available today.

At every level, organizations are deciding whether to invest in Direct or IHE-based exchange. At this point, I believe the only viable option is for a local exchange to either support Direct only, or both Direct and IHE. IHE is simply going to be too heavy weight for early adoption. Eventually, IHE may become dominate but for now Direct is much simpler, and puts the patient right in the center of everything. If you are a policy maker, you should be asking anyone involved with an HIE process to detail what their Direct-strategy is. If any effort is ignoring Direct and going with IHE-only I would lay odds that they will be broke and defunct before the decade is out.

Moreover, an IHE-only strategy is going to exclude direct participation from patients at this stage. If you care about patient empowerment, I recommend that you advocate for the Direct project at every level, including in your local HIE and REC.


Fred Trotter

(Update 2-16-2011) Keith Boone, a collaborator of mine on the Direct Security and Trust working group, and one of the architects of IHE points out in the comments below that there is nothing in the IHE protocol itself that dictates that it should be used in this fashion. He is partly correct about that. The protocol itself indeed has nothing inside of it that dictates this design over another. However, the inherent complexity of the protocol does means that when IHE happens, it will happen in a “centralized” manner. There is no other way for any given community to accomplish IHE, other than to pool resources. That pooling of resources ends up meaning that the IHE chart I drew is inevitable initially, but as IHE competence spreads it might become more peer to peer. In any case it hardly matters ‘why’ the tree structure I diagrammed is happening… it -is- happening. Every HIE I am aware of, other than Direct-based efforts, are presuming this tree model. It is certainly what is happening in Texas.

7 thoughts on “Patient Centered Health Internet

  1. I appreciate your emphasis on keeping the patient at the center. Keeping patients informed and ensuring they are partners in their own healthcare is key to improving the quality of care and lowering costs. Although there are some states that are incorporating the Direct Project into their planning (like in Oregon where we have specifically mentioned the Direct Project in our Strategic and Operational plans for HIE, there is little doubt that more attention needs to be brought to this important project.

    I like the simple model you depict of how a directed exchange would take place, and in a perfect world where all patients have PHRs this would work well. Unfortunately, currently not many patients actually make use of a PHR. This why having secure point-to-point direct messaging between providers (with appropriate patient consent of course) and between health information exchange organizations will often need to occur without the PHR as a conduit.

    I expect that the next few years will see a rapid expansion in the use of PHRs and this will help drive your vision forward. Thank you for all your work on this and your dedication to the most important part of healthcare ~ the patient!

  2. I guess you could say that the direct model is the patient centric model. Although, one could easily argue that the direct model doesn’t have the patient as the center of the model, but instead is a PHR centric model. So, the direct model will be a patient centered model only as much as the PHR software allows the patient to be involved.

    Thus, your paragraph about Microsoft HealthVault and Google Health being involved is dead on. Of course, they want to be involved in a project that puts them at the center of the communication.

    Of course, the real question even with the direct model is what incentive do the various PHR vendors have to make this interaction happen? What will be the “cost” that PHR vendors pass on to consumers and/or doctors that use the PHR centric model? Basically, what’s the business model of the PHR vendors?

    Unless we can find a PHR centric business model that works for the PHR vendor while still empowering the patient, even the direct model will fail or have adverse outcomes.

  3. Not only does this show promise for patient centering, it also provides patients with a way to offload their primary care physician’s record keeping duties. A. Patrick Jonas, MD and I have been working on a Human Centered Health Home model that not only addresses patient’s needs but works to attract and retain family doctors. Both patient and the primary care physicians need to be protected from the medical industrial complex if the desired gains in care quality and reductions in care cost are to be realized.

  4. Fred, I love the simplicity of the direct model but Brian has a good point. To solve this, can the government adopt a policy of providing incentives for consumers/patients to use a “certified” PHR? They could then mandate that folks implementing the PHRs submit patient data to the appropriate public health agency.

  5. Fred, your model is not what IHE proposes at all, but it may be the way that some have thought the Nationwide Health Information Network should be designed. IHE develops interoperability specifications that support distributed communities of care as well as direct communications to and from providers and patients. The IHE profile upon which the HITSP C32 specification is based is called the “Exchange of Personal Health Records” profile and is designed for exactly that which you show. The IHE XDM profile supports the exchange over e-mail, in NHIN Direct. Please stop confusing complexity that others have imposed on use of the guides with what those of us who developed the guides intended.

  6. Im very optimistic about the Direct Project. There is now a growing ecosystem of applications for Personal Health Records platforms. PHRs have historically had a hard time gaining traction in the past because you couldn’t do anything meaningful with the data. Now there are mobile applications, glucose monitors, and peripherals that allow you to track and improve your health using data from your PHR. Application developers have created a layer of intelligence on top of, what in the past, was just a way to make your health info portable.

    Practice Fusion recently held a contest where teams could develop PHR applications using their EHR API, finally bring the opendata ethos of the internet to healthcare. Something that is badly needed in HealthcareIT.

    I personally think personal health records is at a stage simiilar to where personal finance was 10 years ago. It will follow the same trajectory but the key is to create actual value for having your health info online.

  7. Pingback: Quora

Comments are closed.