Just a few short decades ago, when the Internet was first forming, the community of people using this new network quickly settled on some standard ways to share documents, images, and other information over the web.

The Transmission Control Protocol / Internet Protocol (TCP/IP) was a reliable way to handle the lower level communications over packet switched networks.  Very quickly, some application layer protocol standards like FTP for exchanging files, HTTP for hypertext documents, and SMTP for e-mail became widely adopted standards allowing for the massive interoperability that exists over the Internet today.  Thanks in large part to these standards, it is now surprisingly easy to share all kinds of data over the Web.

So what about our health data like our allergies, the medications we’re currently taking, and the notes our healthcare providers wrote the last time we went to the doctor?  What about our X-rays, previous conditions, and lab results?  Medical data is special.  Our health data has additional requirements surrounding security, privacy, and consent to be met.  Many of these additional requirements are established as our right in laws like HIPAA and the Privacy Act.

Clearly, the protocols that govern computers sharing completely public Web pages are not enough.  However, we bank online.  Our financial data and monetary transactions certainly have additional security, privacy, and consent requirements as well as additional rules from law.

And while nothing’s perfect, most of us feel reasonably comfortable with financial transactions online.  I don’t know about you, but I’m even more concerned about somebody stealing my money than I am about somebody stealing my medical records.  I believe the success of banking online is proof that our medical data and health information can successfully be made available over the Web as well.

So why, when I step on a nail, is it still incumbent upon me to remember the date of my last tetanus shot?  Why is time and money still wasted repeating lab tests?  Why do clinicians still have to make diagnoses without being able to view all of the information that they might possibly want on the patient, assuming patient consent?

And what might a solution that really works look like?  Would it look like a secure giant repository in the sky?  Would it look like a distributed network of secure Web servers at every hospital or data source?  Would it perhaps be a card with a memory chip that patients carry around in their wallets?

The community is currently moving towards the distributed secure network of servers, specifically, the NHIN and the CONNECT open source project.  This is a reasonable approach, but it still feels like early days.  In its current form, it is difficult to work with and some of the specifications are a little ambiguous. It needs to be easy for the providers’ organizations to use.  Complex, difficult server software is not likely to be deployed effectively everywhere.

Software vendors can help tremendously, but the standards adopted will need to be easy to work with to allow rapid and reliable adoption.  Difficult, unclear, or ambiguous standards do not promote interoperability. In fact, they create confusion, differing implementations, and mistakes.  

For it to really work, I think the data types and data structures need to be as simple and clear as possible.  CONNECT currently requires the developer to build HITSP C32 documents. No schema exists to verify a document is a valid HITSP C32 (although it can be validated as HL7 CDA) and some of the data types seem ambiguous, or at least abstract enough to be less than obvious. As a result, it seems that different developers in different organizations could interpret things differently and end up with documents that do not interoperate.

An open source project that handles the special requirements and standards is a good approach for connecting and sharing healthcare data.  It could play a similar role to that of Apache Web Server in bringing the Internet to life.  But it needs to be simple and clear enough to work with such that Joe Average computer scientist can get it working on the NHIN.  In fact, given its purpose, it is required to be so clear that two computer scientists implementing separate nodes on the NHIN would have a good chance at interoperating without ever having to talk to one another.

So what would a health information exchange that actually works look like?  A lot like where we’re currently headed but with a little dose of the KISS principle (Keep It Simple and Stupid).
 
Daniel Wayland is director of software at Ellumen Inc. (formerly CPS Healthcare) in Arlington, Va. Wayland and his team have been responsible for a wide variety of projects that allow for sharing of medical data of many different types between hundreds of medical facilities including commercial, Veteran’s Affairs, Indian Health Services, and Department of Defense medical information systems.