We have never been more connected to the information our body can provide about its health, and that information has never been easier to share with those who can use it to improve patient outcomes and vitality.
But how do we ensure use cases are compliant with FHIR and HIPAA Interoperability and effectively mitigate the risks of information sharing?
We live in a world where we can track our dinner delivery on a live map as it moves, with estimated arrival time, make and model of the car, and a personal photo of the driver. We may naturally expect this type of technology to extend to other areas of our lives, like our personal health records. The timely, seamless delivery of our personal health records, when we desire and to whom we choose, is already a reality for many.
But personal health records are personal. How are these interactions secured to prevent data from being sent to unintended recipients or attributed to the incorrect patient?
The Limitations of HIPPA
Interoperability of health records, particularly patient health records, has been a focus area for government organizations administering healthcare policy in America for more than a decade. The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
outlined national standards to protect sensitive patient health information.
While HIPAA called for a unique patient identifier (UPI) for health care purposes, in part to avoid inadvertent commingling of health records between individuals, this identifier never got traction due to privacy concerns. In addition, HIPAA’s patient data protections did not extend to data shared with non-HIPAA-covered third parties.Instances of incorrect patient data grouping and nefarious data collection and correlation still managed to occur. If a person’s records cannot be collected and organized in a safe, reliable, and meaningful way, interoperability really can’t work.
Many in the healthcare industry understand the potential benefits as well as the risks that come with interoperability of personal health records. The position in which we find ourselves wanting the ability to share highly sensitive personal health data at the click of a button, but into a largely unregulated third-party ecosystem—showcases our competing desires for privacy and ease of access to information.
Fast Healthcare Interoperability Records (FHIR)
Health insurance companies and large healthcare providers have made meaningful investments and progress toward making personal health records available for data sharing in a standardized format. A data sharing standard named Fast Healthcare Interoperability Records, or FHIR
(pronounced “fire”), has emerged as a favorite.
In late 2020, the U.S. Centers for Medicare & Medicaid Services (CMS) announced that big government-funded insurance programs and health plans would be required to support FHIR by 2021. Interoperability through application programming interfaces enabled by FHIR, and the heightened support around expanding access to patient health records, has dramatically increased the ease, speed, and extent to which sensitive health data can be shared with third parties.
Disruptive and transformational experiences are not just possible, they are here.
Never leave a paper trail
Health data privacy isn’t an expectation.
It’s a requirement.
Disruptive and transformational experiences are not just possible, they are here. However, data sent using interoperability standards is not protected by the same strong regulations. It is imperative we understand and leverage technology to address any gaps, and continually improve outcomes and experiences for healthcare patients and providers alike.
Partnerships between private companies, healthcare providers, insurers, and entrepreneurs will be required to navigate this complex space and innovate responsibly for the betterment of mankind. Discrete application of technology, such as confidential computing and secure data sharing, can form a blueprint for zero trust interoperability.