Secure Health Data Exchange: Hurdles to Overcome

A number of short-term and long-term hurdles, including technology and policy issues, stand in the way of achieving secure, interoperable, nationwide health information exchange, says David Kibbe, M.D., president and CEO of DirectTrust.

DirectTrust is a nonprofit alliance that created and maintains the security and trust framework for using the Direct Project for secure e-mail in the healthcare sector. Direct Exchange email is one of the most common and least complex ways health data can be securely exchanged.

"In the short term, the weakest link with Direct Exchange is at the level of the electronic health record product" embracing secure email as a built-in function or feature, he says.

"This is a very similar to what we experienced with e-prescribing, because e-prescribing modules were integrated into electronic health records, six or seven years ago - just as information sharing and exchange modules are being integrated into electronic health records now," he notes in an interview with Information Security Media Group.

"Many of the EHR products are not well designed; they are not very usable," he contends. Currently, it's difficult for healthcare providers who buy EHR systems and other health IT products to assess in advance how easy they are to use and how well they support secure exchange of health data, he says.

Looking Ahead

In the longer term, he says, another hurdle is finding an answer to the question of "how do we move information in a more automated fashion between different providers' health IT systems?"

The Fast Health Interoperability Resources, or FHIR, application programming interface offers a query-based approach for more complex types of secure health data exchange and "looks very promising," Kibbe notes. "It also has lots of complexities that need to be worked out so that the authorizations and permissions and consent that are necessary to assure that information is going to the right person are fulfilled."

Addressing that long-term challenge will require systematic IT architectural changes, Kibbe says. And those changes will prove difficult to make unless hospitals and physicians are paid to exchange data in support of coordinated, quality patient care, he contends. "So, it all goes back to how information technology is enabling value-based purchasing and value-based reimbursement [for healthcare]. That's happening, but that's happening slowly."

In the interview (see link to audio below photo), Kibbe also discusses:

• What he likes and dislikes about the privacy and security provisions in the Department of Health and Human Services' recently released final rules for the HITECH Act meaningful use financial incentive program for EHRs, and the related 2015 edition of software certification requirements;
• His assessment of HHS' recently released 10-year interoperability roadmap for secure health data exchange;
• The status DirectTrust's plan to support Direct-based text and chat next year.

Kibbe, a physician, is founding president and CEO of DirectTrust. He is also senior adviser to the American Academy of Family Physicians. Kibbe in 2014 was named a top 10 Healthcare Information Security influencer, by Information Security Media Group.