HEALTH IT: Markle's Carol Diamond on Making the Connections (Part 2)

Yesterday we posted the first part of our conversation with Carol Diamond, M.D., M.P.H., the Managing Director of the Health Program at the Markle Foundation in New York. She spoke about the potential of health information technology to improve the quality and restrain the costs of our care, as well as the research benefits. Today, in the second and final installment, she discusses some of the barriers to bringing 21st century tools to a paper-based health system, and the path to overcome them.

Q: What are the challenges to a national health information technology system?

A: There can't be one information technology "system." We start with a vast, highly fragmented and very diverse health care delivery model that is not centrally controlled or run. The only practical way forward is to acknowledge existing networks, and let them grow incrementally under a basic, common sense set of policies and standards. That's how the Internet grew.

The health care sector has a set of unique challenges that need to be overcome—and some have nothing to do with technology.

The first critical challenge is trust. Without it, patients and physicians will not be willing to use new technologies due to fear of privacy breach or the misuse of personal health information. Broad use of information technology, and the transformation it can bring to health care, will only occur with widespread participation and trust from consumers. Consumer trust will be dependent upon their willingness to participate and their confidence that their information will be protected. This assurance can only be established if we have strong information policies that guide the development and use of new electronic tools—something we in Connecting for Health consider part of a "Common Framework."

A second challenge is financial. In the current model, the providers who invest in IT contribute to the improvements in care, but they do not always directly reap the benefits. Current payment models are often heavily based on paying for visits or procedures and therefore do not establish the necessary incentives for investing in information technologies that will potentially improve quality or reduce unnecessary or repeated services. This misalignment of incentives means that many providers are reluctant to invest in these tools. To create incentives for information sharing, we must focus on a new approach that rewards quality of care and not just the quantity of care.

Clearly, these are interrelated. An environment that has the necessary policies to assure that personal health information is kept secure and protected will also create opportunities for new business models that reward innovation and creative uses of technology that can radically improve the quality and safety of care.

Q. How has Markle attempted to reduce these barriers?

A: When we started Connecting for Health we knew that protecting privacy and security was critical. We made this a cornerstone of our efforts and set out to find areas of agreement so that we could articulate a practical way forward agreed to by many diverse sectors within health care.

Current public concerns about identity theft and the broader dangers of breaches could lead to inadequate participation in HIT, which in turn would be a setback to our window of opportunity to transform health care. To accelerate progress, it's essential to form a common set of rules for sharing information electronically while keeping it private and secure. For example, when you look at something like the ATM network, you probably don't consider the policies and practices that make it secure and broadly implemented. Yet, ATMs do operate under some common policies and technologies that have evolved to enable a network through which vast sums of money and transactions pass each day.

To support a similar evolution, we anticipate and deal with questions like: What protections must be in place for information to be shared with authorized parties? How should access to the information be provided electronically and what safeguards must be in place? What are the rules that apply to the shared information and what measures must be in place in the event of a breach? Our balanced approach to addressing these issues has allowed us to find areas of broad agreement on many challenging issues that have been divisive or difficult to tackle in the past.

The Connecting for Health Common Framework is a set of policy and technical standards for information sharing. These standards highlight the importance of considering both policy and technology choices and decisions upfront in a coordinated way. All too often we see technology choices being made without policies or policies being made without the technology to support them. When either area is addressed late in the game, either the technology needs to be retrofitted to accommodate the policies or the policies are weakened due to the inability to implement them in existing technologies. Rather, at the highest level, the Connecting for Health Common Framework contemplates three key attributes together:

1. Core Privacy Principles—These principles define a set of desired privacy policies to ensure personal health information is protected. Our approach to these principles is rooted in the U.S. Fair Information Practices, which were established more than three decades ago.
2. Sound Network Design—HIT must be developed in a way that adopts sound network design characteristics that enable interoperability and safeguard information. The network should be distributed and decentralized to minimize the risks of large-scale privacy spills.
3. Accountability and Oversight Mechanisms—Information policies cannot be meaningful unless they are fully implemented and adhered to. Implementation of health IT initiatives should include the appropriate oversight and accountability levers needed to assure that the entire set of attributes and information safeguards are achieved and adhered to.

These three high-level attributes are meant to be broadly applicable. We have found them to be an invaluable framework for doing the detailed work of specifying exactly what is needed to protect privacy and security. Over the last two years we have created very detailed specifications for two HIT applications in particular, health information exchange (HIE) efforts across communities of providers and additionally, for the personal health services offered directly to consumers—that have captured the attention of government agencies, technology vendors, and global internet brands.

When it comes to Health Information Exchange, communities or state-based efforts have used the Common Framework as a starting point for planning their own HIT initiatives. For many, the Common Framework provides assurance that the hard work of identifying key issues has already been done—and it has been vetted and tested by leaders in the field. We are told time and time again that the Framework greatly helps organizations or states to create their own roadmaps for HIT initiatives and facilitates decision-making across diverse groups of people needed to move these initiatives forward.

When it comes to using the Connecting for Health Common Framework for establishing a way to navigate the new world of personal health services, our collective efforts with many organizations to create the detailed and necessary policies and practices has been ground-breaking. Our work has enabled traditional health care providers and global Internet companies to work together in spite of an uneven regulatory and legal environment to agree on a set of 15 specific policies and practice areas to protect privacy and security.

While there are significant barriers and challenges ahead, there is also a tremendous amount of energy, enthusiasm and commitment. We have been amazed at the level of dedication and earnest hard work that has gone into working through some of these challenges in our Connecting for Health efforts. I think more so today than ever before people recognize that health IT can only take hold if we establish trust that is rooted in reasonable and practical standards and policy-setting. That's what it's going to take to help improve care and help people live healthier lives.