With all the portal solutions and networks used in healthcare today, the focus of the "Security & Privacy Sub WG" of the "Southeast Michigan Healthcare Information Exchange", (SEM/HIE) is to agree on how to share data and run applications across networks. "Data Sharing" is the essential problem. The majority of solutions for HIEs has been to select a portal solution. However, since most of the hospitals in SE Michigan have a portal, SE Michigan decided that building yet another makes little sense. Instead, it made the HIE a neutral site with an SOA architecture and infrastructure to process multiple solutions from the front end (credential presentation in digitized form) to the back end (claim and payment processes).
This model of an electronic, Web-enabled transaction cuts across networks, domains, silos and multiple vendors, providing services and representing the business associates, trading partners, and suppliers of the healthcare services industry. Common data and services are at the center of current discussions. This is a departure from current infrastructure which reflects the fragmented and diverse nature of healthcare and highlights the need to understand the business process models of the healthcare industry and the multiple data formats and messaging systems at different transaction points. The model illustrates that no one vendor or solution can support interoperability and support electronic transactions end-to-end, which is the first step to integration. The level of understanding, skill, and development to support such an extensive set of solutions overwhelms the capabilities of most vendors or "lead contractors".
Thus the view of "SEM/HIE" is that since security and privacy is an important "pre-condition" and no longer something to "be added later", a more collaborative environment, involving the stakeholders and participants representing the public and private sectors should be encouraged. In particular, the business level people should be engaged with the technical staff of each of the stakeholders to determine an initial set of deployable policies that are agreed upon, articulated, understood and enforced, with sanctions, within an overall governance framework.
Mick Talley SEM/HIE
Action Item: Technical solutions are available to begin building comprehensive information management systems and should be tested based on agreed policies before deployment, and the recognition that no one vendor or technology can cover the end-to-end nature in the healthcare transaction, should be established and noted.
Footnotes: