- Ten Things to Ask Your SAAS Vendor Before Entering the Cloud
- The VNA Strategy: Balancing Workflow and Enterprise Imaging Management
- HIPAA Compliant Hosting
- Best Practices for Monitoring Data Quality: Improve Database Effectiveness with Accurate Data
- Saving Lives Virtually – A Day in the Life of Today’s Physician
While the Direct protocol is coming to increasing use for submission of data from providers to public health, a more sophisticated technology – web services – is becoming popular as well.
Even though Stage 1 Meaningful Use (MU) only requires uni-directional interfaces to public health, some programs (especially Immunization Information Systems, or IIS) anticipate that bi-directional interoperability will soon be the norm (and may be incorporated into Stage 3 MU). Using web-services, XML-based system-to-system transactions can be constructed relatively easily.
[Previously: Public Health and HIE – cloud-based services.]
But public health systems have historically interacted directly with provider systems. What role can and should an HIE have in these interactions? I see the potential strategies falling along a continuum of less sophisticated to more sophisticated possibilities:
Under the first, or Direct, option, providers address a web service exposed by public health with no involvement by the HIE at all. This is largely the way things are done now. Public health continues to maintain a direct data exchange relationship with providers and also maintains the responsibility to distribute and manage credentials that might be necessary to authorize and secure the web services transactions (usually a username and password embedded in the transaction, though additional security can be supported by web services).
The second, or “pass through” option, allows HIEs to accept a web services transaction on behalf of public health and then pass that transaction through to a public health system without touching it, and passing the response (if there is one) back to the provider. The public health agency continues to manage the credentials, though some additional authentication and/or authorization could be implemented by the HIE.
[Also by Noam Artz in this series: Public health and PHRs: Don't be left out.]
In the third, or intermediated, option, the HIE accepts a web services query from the provider but repackages that query before sending it on to public health (or in another variation, the HIE initiates the web services transaction itself on behalf of a provider). In this case, public health sees a single HIE user as the initiator of the transaction and does not manage credentials for individual providers. One good example of this third strategy is an HIE portal which queries an IIS on behalf of a provider when the provider asks to retrieve a patient’s record through the portal.
HIEs and public health agencies need to examine these options and discover which one is the best fit for their setting, technical architectures and capability, and security model. In some cases, an HIE can facilitate these transactions by building upon existing initiatives and technical deployments to simplify the provider’s interfaces. In other cases, a less sophisticated approach may be necessary, especially when data submission to public health is involved, to ensure that data quality is maintained through proper accountability between public health and the provider.
And these interfaces can evolve over time – starting out with little HIE involvement, and changing to rely more on the HIE’s infrastructure as it matures.
Noam H. Arzt, PhD, FHIMSS, is president and founder of HLN Consulting, LLC, San Diego, and does consulting in healthcare systems integration, especially in public health. This article originally published on the HIMSS.org News page.