I have recently been approached by several policy people who are interested in ensuring that the consumer/patient is at the center of the coming Health Internet.

Through my work at the Cautious Patient Foundation, I have become pretty obsessed about only working on patient-centered and patient-empowering technologies. I often work on software for doctors, but only when it happens to also empower patients.

For that reason, I have chosen to donate time to the Direct Project. I was one of the more active members of the Security and Trust working group, and what I am about to describe relies heavily on the trust model that I advocated for (along with Sean Nolan, from Microsoft... strange bedfellows... I know...).

I believe that any consumer advocate should be helping to ensure that state and regional HIE efforts, as well as the RECs are fully informed about the basic implications of the Direct Project. They need to understand what their role is... or more precisely what their role is not.

I argue that the Direct exchange model is fundamentally empowering in a way that the IHE model is not... yet. To understand why you have to look carefully at the basic routing models of the two systems. Lets imagine that I change doctors from current doctor, in Houston, to a new doctor in Arizona. If I were to transfer my files using the IHE NW-HIN this is how it would look:

Each little blue hexagon is an organization that believes that it is determining the trust, privacy and interoperability policies for its constituent members.

See the problem? In order for there to be a path between health provider A and health provider B a pretty large number of trust relationships will need to be in place, and everyone has to agree. In the short term, that is a pipe-dream. IHE requires complex routing with lots of very specific decisions at each "blue" point. The organizations that are in charge of making these decisions currently have no idea how to implement their policies in either IHE or Direct protocols. For the most part, the deciders just dribble on about trust relationships and policy decisions without any clear understanding of the technologies that will implement those features. Further, the IHE technology is a complex protocol, and sometimes complex routing decisions will not be possible in initial generations of the technology and/or protocol.

There are good reasons for this architecture. It can work, entirely in the background, without the patient (you) having to initiate are request. This is pretty good if you are showing up unconscious in the new city... Your records will just magically appear in the ER from the network. But what happens when Planned Parenthood has records for your and a Catholic Charity Clinic is making a data request to the network for you? Those kinds of tremendously complex issues are all handled -inside- the IHE protocol and its open source implementation the CONNECT project.

Now lets consider how this health record process would occur on the Direct Exchange:

Ok its worth taking some time to explain this. The Direct project is specifically designed to handle point-to-point trust relationships for Health Information exchange. From the Direct Project Security Overview (I actually wrote this part):

In the same way that clinicians currently do not assume that it is safe  to fax protected health information to anyone with a fax number, or mail  PHI to anyone with a post office address, Direct Project users should  not assume that it is safe to send messages to any Direct Project  address. Direct Project users will need to establish real-world trust  relationships with other Direct Project users on their own terms, but  once they have established this real-world trust, they can be sure that a  Direct Project network will securely deliver Direct Project messages to  the trusted Direct Project user.

So the "old doctor" needs to configure his EHR to trust my PHR. I need to configure my PHR to trust his EHR. Once that trust has been established, I can securely receive a copy of my records knowing that there are no untrusted intermediaries. The "privacy and security" policies need to be agreed upon only by me and my doctor.

Similarly the "new doctor" and I need to establish a trust relationship. Once this happens I can forward a copy of my records.

So what does this have to do with patient empowerment and consumer-focus? In my mind, everything.

1. No one but me and my doctor need to agree regarding privacy and trust. Once the doctor is sure I am really "Fred Trotter" he can transfer anything he wants directly to me.
2. The old doctor and the new doctor do not need to trust each other. The both need to trust me.
3. I do not need any third-party permission to send data to and from my doctor. If I want to setup my withings scale to pump my daily weight measurements into my doctors EHR... I can do that.
4. My PHR is a peer on the Direct Exchange network. The model is PHR-centric and is therefore patient-centric.

In the Direct Model, the patient can literally the center of the transfer. If the "old doctor" and the "new doctor" have a trust relationship, they can directly exchange information about me. But they do not -need- to have a trust relationship for the network to function.

Eventually, the IHE-based Health Internet will support patients as equals on the Health Internet. Eventually, the routing between different IHE nodes will be more direct, and then the benefits of IHE might begin to outweigh the benefits of the simple Direct Exchange.But for now, the Direct model empowers the patient in ways the IHE model could never hope to.

So what does that mean for policy makers? For whatever reason, every time I study a local, regional or state HIE effort, they all seem to be pushing the top-down HIE model. There are many things that a local HIE exchange could do to facilitate a Direct Exchange model, but for whatever reason, I do not see Direct being discussed by the RECs or by the local exchanges. I can understand why. In the Direct model, the task of a local exchange is to facilitate trust relationships and then get out of the way. The local exchange never gets to have a local copy of the patient data or even to see the patient record go by on its way somewhere else. They are much much less important under the Direct exchange model, and in fact, a Direct Exchange can happen without the cooperation or facilitation of any "HIE organization" or REC. This is much much closer to the distributed peer-to-peer nature of the Internet, and those involved with the Direct Project believe that in the end, it will be substantively easier for organizations to use than a IHE-based local HIE.

The Direct project is backed heavily by Microsoft Healthvault and members of the Google Health team are now participating as well. Those are the two dominant commercial PHR systems available. I believe both of them are just waiting for something like the Direct Protocol to blossom into really useful tools. Both of these tools have solid consumer-facing options available today.

At every level, organizations are deciding whether to invest in Direct or IHE-based exchange. At this point, I believe the only viable option is for a local exchange to either support Direct only, or both Direct and IHE. IHE is simply going to be too heavy weight for early adoption. Eventually, IHE may become dominate but for now Direct is much simpler, and puts the patient right in the center of everything. If you are a policy maker, you should be asking anyone involved with an HIE process to detail what their Direct-strategy is. If any effort is ignoring Direct and going with IHE-only I would lay odds that they will be broke and defunct before the decade is out.

Moreover, an IHE-only strategy is going to exclude direct participation from patients at this stage. If you care about patient empowerment, I recommend that you advocate for the Direct project at every level, including in your local HIE and REC.

Regards,

Fred Trotter

(Update 2-16-2011) Keith Boone, a collaborator of mine on the Direct  Security and Trust working group, and one of the architects of IHE  points out in the comments below that there is nothing in the IHE  protocol itself that dictates that it should be used in this fashion. He  is partly correct about that. The protocol itself indeed has nothing  inside of it that dictates this design over another. However, the  inherent complexity of the protocol does means that when IHE happens, it  will happen in a "centralized" manner. There is no other way for any  given community to accomplish IHE, other than to pool resources. That  pooling of resources ends up meaning that the IHE chart I drew is inevitable  initially, but as IHE competence spreads it might become more peer to  peer. In any case it hardly matters 'why' the tree structure I diagrammed is happening... it -is- happening. Every HIE I am aware of, other than Direct-based efforts, are presuming this tree model. It is certainly what is happening in Texas.