Blockchain Enables Healthcare Interoperability
White Paper - Executive Summary
The CDC’s newly created public health interoperability center offers a positive step toward unlocking the value of shared healthcare data for noble pursuits like disease modeling and prediction. Yet securely connecting data from multiple sources and formats remains a barrier toward achieving true interoperability. Read on for our take on what is needed to provide public health officials with the information they need to mitigate disease threats.
New CDC Health Interoperability Center
The goal of the Centers for Disease Control and Prevention (CDC) newly created public health interoperability center - the Center for Forecasting and Outbreak Analytics - is ensuring electronic health information is shared appropriately between healthcare and public health partners in the right format, through the right channel, at the right time. Specifically, the Center wants to provide public health officials with information they need to mitigate effects of disease threats with a focus on three key functions – 1) connection, 2) prediction and 3) information.
This new Center is good news, because lack of health data interoperability has long been a barrier to doing more meaningful things with health data like disease modeling and predictions. So, while an admirable goal, what are the practicalities of actually achieving interoperability? Because before you can realize prediction and information, we must first have connection.
The Nature of Healthcare Data – Today and Tomorrow
To have viable interoperability, we must first recognize the nature of healthcare data. Healthcare data comes from many systems, in many shapes and sizes and from many places; always has and always will (at least in the foreseeable future).
The heterogenous nature of healthcare data is because healthcare applications serve very specific operational purposes; an application managing drugs is much different from one monitoring your heart rate. Electronic Medical Record (EMR), for example, provide digital versions of information typically found in a care provider’s paper charts for a patient’s medical history like diagnoses, medications, immunization dates, allergies, lab results and doctor's notes. Rarely does a patient’s complete medical history reside in one EMR system, because healthcare services are provided by different providers with their own systems that effectively create data silos. These data silos exist even within one healthcare provider.
Now, with every system and device (like wearables) online, more data silos are created every time a new healthcare system or application is adopted. Interoperability must support the heterogenous nature of healthcare data, because the sum of all this data from many systems and in many formats is a better representation of a person’s health and wellness.
To achieve broad data integration and interoperability, we need to embrace the reality that companies have and will continue to invest a lot of resources into their operational systems, and it is not financially nor operationally viable to abandon or upgrade all these different systems into one monolithic system to achieve interoperability. This approach would also hamper adoption of new and innovative solutions.
For interoperability, we must instead take a data-centric approach to healthcare rather than a traditional system-centric one. A data-centric approach is aligned with a patient-centric focus and is not constrained by specific systems and their very specific ways that data must be represented, stored, and used in those systems.
emTRUTH takes a data-centric approach. With one API (application programming interface), we enable fast and secure integration and interoperability of data of any size, in any format from anywhere; in days, not months – all while maintaining rightful data ownership and control. With this approach, healthcare systems can continue to address specific functional needs while distributed data is supported and managed on one platform of immutable truth.
Data Sharing: Right format, Right Channel, Right Time
Interoperability is a key component of meaningful data sharing. Because health data is private and privileged, it is also important to not only share data in a usable way with another party, but also control whether this other party has a right to access and use this data in context.
One common challenge for most health systems and providers is integrating data from many EMR systems. It not unusual to have 20 or more different EMR systems within a single health system. Data integration and interoperability would make many EMR systems look like one for coordinated patient care that improves outcomes as well as lower costs (e.g., reducing redundant tests and appointments, etc.)
Another example for sharing data in context is moving beyond ADT (Admit, Discharge, Transfer) messages to also provide vertically integrated patient data around an episode like a heart attack. Heart attack data for this patient is shared as a patient progresses from an ambulance to an emergency room, to surgery, to hospitalization and to continued outpatient cardiac rehabilitation, even if these healthcare services are from different providers.
An additional example of contextual sharing is hospital bed availability during times of emergency. Some hospitals treat details about hospital beds like capacity and capability as private and strategic. However, during times of emergency, it is critical that such information is readily shared with first responders and public health stakeholders. With emTRUTH, public health officials with recognized authority can trigger an emergency event and hospitals can automatically share hospital bed data for the duration of an emergency. Once an emergency is over, sharing of hospital bed details can be automatically rescinded and remain private to each respective hospital who continue to own and control their bed data.
Right Format: Data Standards and Systems Agnostic
Data standards, especially if widely adopted, are very helpful in realizing interoperability. Fast Healthcare Interoperability Resources (FHIR) is one such standard promoted by the U.S. Centers for Medicare & Medicaid Services (CMS). FHIR builds on previous data format standards from HL7. Other standards include Observational Medical Outcomes Partnership (OMOP) and OpenEMR with their own common data models respectively. These standards address structured data or data that can be encapsulated in a centralized database and primarily EMR data. There is also a myriad of commercially available EMR systems, with their own data models, as healthcare is a very fragmented market.
It is important to note that these data standards do not cover other health data from other important healthcare systems, especially unstructured data like MRI images, dictated doctor voice notes or surgery videos. Unstructured data can make up to 70% or more of health data. With emTRUTH’s data-centric approach, any type of data of any size or format can be supported for integration and interoperability. Because once a JSON connector is built (in days), it can be readily shared as open source. This enables any other organization using the same data system to immediately make data from their systems interoperable within an emTRUTH-supported ecosystem. emTRUTH’s approach can now provide data in formats suitable for a specific type of use like training machine learning algorithms with MRI images for disease prediction.
Flexibility in supporting any data formats also allows data owners to slice and dice this data for re-use in other applications for true interoperability. A pharma sponsored drug trial, for example, may want to consider patients with hypertension and diabetes for a clinical trial, including review of historical measurements like blood pressure and sugar levels.
Right Channel: Anonymized or Identified
Health data is not one size fits all and neither is access to this data. Access to data spans a spectrum from anonymized data that is publicly accessible to identifiable and highly confidential data with access restricted to a select few. In addition to a commonly supported rules of data governance, including a patient’s bill of rights, interoperability must address the entire spectrum of access privileges.
With emTRUTH, very detailed access privileges, that can be bundled into easier to manage roles and permissions, are assigned to different combinations of data captured in more granular data blocks in blockchain. Another unique capability is linking different blockchains together for data aggregation and sharing on demand.
An example is a patient granting full custodial rights to their primary care provider. This provider can update and shared full patient data on a patient’s behalf for care of their health. If a patient decides to change providers, they can rescind custodial rights from their old provider and grant custodial rights to their new provider, all in compliance with HIPAA.
Another example is sharing only anonymized demographics (e.g., age, sex, ethnicity, comorbidities) with a pharma company as a potential clinical trial candidate. Because we can capture any data, including signed patient consent, and link it to anonymized demographic data, the right and approval to use this data for only a stated purpose accompanies the data itself. The patient can rescind approval and participation at any time, without IT intervention.
At emTRUTH, we believe that people should own and control their own data. emTRUTH does not aggregate nor monetize other people’s data. We are an enabling platform that simplifies the mechanics of heterogenous data, especially integration and interoperability, so that applications and people can do something actionable and useful with the data.
Healthcare Data Protection and Privacy
Underlying all healthcare interoperability should be a holistic approach to ensuring data protection and privacy. Data standards do not explicitly address data privacy or security at the data level and are not enough for broad interoperability participation.
FHIR, as an example, sits on top on HTTPS (transfer protocol for websites) that only addresses encryption (which provides data protection) in transit, when data is transferred from one system to another. It does not address encryption at rest, where data is stored, even temporarily.
Data security and protection should be holistic and designed in at every level. Instead of using blockchain for cryptocurrency, emTRUTH uses blockchain as an encryption technology at the lowest data level. A parent block of data is immutably and securely linked to a child block of data forming a chain, like DNA is passed from parent to child. Data cannot be edited or deleted, only appended in a new data block in a blockchain. emTRUTH is advancing blockchain technology for distributed data management. We can blockchain any data of any size. Data block size is limited to 10MB in Bitcoin, as an example. In healthcare where data can be large, like a video or image, emTRUTH technology has solved the data block size issue. emTRUTH technology is also designed to scale at enterprise performance levels. Bitcoin, for example, processes 4-7 transactions per second. emTRUTH can process 1000 transactions per second. These are some of the reasons why emTRUTH was chosen as the blockchain data platform for a NASA project. We can do what others cannot.
Full interoperability requires trust in every aspect of data. Many organizations are hesitant to send confidential patient data to a third-party aggregator as these third parties may use data without their consent for other purposes. emTRUTH does not aggregate or monetize other people’s data.
emTRUTH creates blockchains under each rightful data owner, like how domain names are registered to their rightful owners. Data owners have full control over their data. A compete log, also captured immutably in blockchain, shows who, what and when any data is accessed.
Data security and privacy is designed in with encryption at rest and in transit at every layer and every step. In addition to blockchain for atomic data level security, emTRUTH supports two factor authentication with both software standards like ones in Google Authenticator and hardware standards like ones in YubiKey. Even QR codes unique to each data grouping are both encrypted and contain security built into the code itself. A postman scanning a QR code for delivery, as an example, should not be able to access what type of drug is inside a package.
Blockchains can be hosted and managed by emTRUTH as a service. emTRUTH managed blockchains are hosted in either Amazon Web Services GovCloud or IBM HyperProtect, the securest regions of cloud services. Blockchains can also be hosted and managed by an organization in their virtual private cloud or on-premise, including compliance with GDPR and data sovereignty rules.
Right Time: Event-Triggered and Contextual Actions
Sharing and using data should be purpose-driven and in the context of a stated purpose. emTRUTH supports triggers and alerts so that actions fit the situation, including stakeholders to notify. Sharing data only during an emergency and only with public health stakeholders is an example of how to share the right data at the right time. Another example is communicating with potential impacted communities of upward trending disease prevalence and predictions of hospitalization.
Recent history has starkly illustrated how quickly and broadly disease can spread. Data is a critical tool in managing and minimizing impact.
Connecting is Key
The CDC center plans to promote interoperability across the healthcare industry for public health data exchange to achieve the following.
Support the use of open-source software and application programming interfaces (APIs) for public health through data exchange.
Predict upcoming public health threats through modeling and forecasting. The center will also predict public health threats through research and innovation in outbreak analytics and the establishment of appropriate forecasting horizons.
Inform healthcare stakeholders about public health outbreaks by translating and communicating outbreak forecasts. This is set to connect key decision-makers across sectors including government, businesses, and non-profits to support unified public communication efforts.
Enabling data first in a public health information exchange is critical path to unlocking data for improved patient and public health. emTRUTH strives to be part of the solution in ensuring electronic health information is shared appropriately between healthcare and public health partners in the right format, through the right channel, at the right time.
About the Author
Irene Woerner is CEO of emTRUTH, whose mission is to help healthcare companies unlock the full value of their data. emTRUTH makes it quick and easy for healthcare users (who are not IT experts) to securely combine and share data on demand, while they, and their patients, retain full ownership and control of their data. The company’s patent-pending technology offers fast and secure horizontal or vertical data integration and interoperability of any type of data. With one API. From anywhere. Using any standard. To any app. In days, not months. For less. For more information, visit www.emtruth.com.