There are many definitions to certain common terms associated with healthcare information exchange. These are definitions that I am using in preparing the “simple interop” series of posts. These definitions will not necessarily be suitable for other purposes and are not necessarily consistent with the other sources, including Gartner research notes.
Health domain name a regular Internet domain name, propagated through the regular domain name service. There are only a few things that make it special: (1) it is listed in a special directory of domain names associated with the US Health Internet; and (2) the organization that owns a healthcare domain name will not use it unless it maintains a current valid digital certificate that can be used to authenticate TLS connections. Healthcare organizations will typically have two domain names a regular domain name and a health domain name.
Health email address a standard email address in which the domain name is a health domain name. As with all Internet email addresses the user names are managed locally by the organization associated with the domain name or a third party operating on its behalf. The user name has no meaning except in the context of the domain name.
Depending on the mission of organization that has the health domain name the user names may refer to specific staff members, healthcare consumers, or things such as the input queue for an order processing information system or the workflow queue for the people that are processing referral requests.
Health information exchange a service offering that supports the interconnection of multiple, often competing healthcare organizations using a governance model adequate to enable full interchange of healthcare information among the members of a community.
The community need not be defined geographically although, to date virtually all HIEs are scoped by political jurisdictions or healthcare catchment areas. This is, in part, because “most healthcare is local” and in part because building the trust necessary for one healthcare organization to look up data about its patients is easier when the total community is smaller and the participants are generally familiar with one another.
Our definition avoids creating a list of services provided by an HIE, but the trust issues included in the definition and the lack of a national ID for a healthcare consumer implies that the services will likely include:
- Community-based master-patient index services to assist the recipients in filing incoming information by patient.
- Assistance to HIE users in finding the sources of information about patients in a way that is consistent with local and national policy
- “Mapping” services so that data sources can send or receive non-standard structured documents and yet communicate with recipients that expect standards to be followed.
There are other services that are commonly associated with HIEs although they are not essential to the definition here.
- Providing the ability to look up information for a Web portal to be used in situations where the user does not have an EHR.
- Creating repositories of information to support information lookup and secondary use of data. HIEs may have a single central repository or use various “virtual repository” architectures.
Health Internet client an IT system associated with a healthcare domain name. These systems are the clients that use the servers of healthcare internet nodes. Some organizations may operate healthcare clients but not operate servers. Many small practices would fall into this category.
The organization that uses health Internet clients has a health domain name but it does not operate a health Internet node. That would be maintained by a third-party organization. A wide variety of organizations may operate health Internet nodes on behalf of other organizations. For example, vendors of EHRs targeted at small practices may operate a health internet node on behalf of their clients, where each client has its own health domain name.
Health Internet node a set of one or more servers operated by a single organization under a healthcare domain name. (The servers we refer to here include plain-old Internet servers, such as SMTP servers or HTTP servers.) An organization that operates a health Internet node agrees to configure them to certain levels of security. The levels of security that an organization agrees to in order to operate a health internet node include the following:
- It won’t accept connections from outside its security perimeter that are not mutually authenticated and encrypted using TLS and digital certificates.
- It will check that the digital certificate of the connecting client remains valid.
- It won’t accept such connections that don’t offer a cybersuite that is sufficiently secure by standards set by ONC. (A cybersuite is defined in the TSL Internet RFC as the combination of cryptographic and hashing algorithms used to establish secure communications.
- It will accept such connections using at least one cybersuite that has been established by ONC.
Health Internet registrar any organization that has been accredited by the US government to accept registered domain names, validate that the organization registering the domain name exists and has a valid digital certificate.
Personal health record (PHR) an electronic record of personally identifiable health information on an individual that can be drawn from multiple sources and that is managed, shared, and controlled by or primarily for the individual. This is essentially the definition from the American Recovery and Reinvestment Act of 2009.
Note: this definition will please almost no one, because it is so broad. In discussing the PHR many people want to define the term to include functions that can be created over such a record. Some would prefer to use the term PHR exclusively to describe the overlying applications and refer to their implementation of a record itself as the “ecosystem for PHRs.” Others avoid the term PHR altogether and choose the term “health record bank” In choosing to define the term this way we rely on two points: (1) the “R” in PHR stands for “record”; and, (2) this is the definition in the law.
Nationwide Health Information Network (NHIN) is a collection of standards, protocols, legal agreements, specifications, and services that enables the secure exchange of health information over the Internet (source: HealthIT.hhs.gov site, retrieved 28 December 2009).
Some wonderful work has been done under the NHIN rubric, focusing achieving high-trust interoperability among and between HIEs and large-scale healthcare organizations. Although it may seem trivial outside the beltway one of the most important accomplishments has been to convene the right players and develop agreements and governance process for healthcare information exchange between federal agencies and private healthcare organizations.
We do not desire or expect that this work will fall into disuse or fail to achieve wider adoption for high-trust connection of large-scale organizations that have the resources to follow the protocols, assure their security and participate in the governance. At the same time we don’t believe that all national exchange of healthcare information should flow through the high-end machinery defined by this work. Accordingly we interpret the definition from HealthIT.HHS.Gov as being broader than the former view of a “network of networks.” The NHIN intellectual property and any associated regulations should define a broad framework for many different uses of the Internet for health information exchange.
[This post was revised on 31 December.]
Category: healthcare-providers interoperability vertical-industries
Tags: arra ehr emr health-information-exchange health-internet health-it health-record-bank healthcare-interoperability hie hrb nhin stimulus
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.