Wes Rishel

A member of the Gartner Blog Network

Wes Rishel
VP Distinguished Analyst
12 years at Gartner
45 years IT industry

Wes Rishel is a vice president and distinguished analyst in Gartner's healthcare provider research practice. He covers electronic medical records, interoperability, health information exchanges and the underlying technologies of healthcare IT, including application integration and standards. Read Full Bio

Coverage Areas:

The PHR As a Model for Common Enrollment

by Wes Rishel  |  June 1, 2010  |  5 Comments

In Can IT Help Government Be Less Bureaucratic? I waxed optimistic about a government IT program that could significantly reduce the burden on constituents applying for government social services programs and opined that the same approach could be used for other interactions between people, businesses and the government. I spun this vision by extrapolating the consequences of a simple, short-term assignment for the Secretary of HHS, to recommend enrollment standards. The vision, should it arise, will not be derived from a narrow view of the task and may not be possible in the four months that remain. As I discussed in my blog it is important that this important opportunities not get the short shrift due to tight Congressional deadlines.

The committees will certainly create an inventory of places where common enrollment has been achieved and the specifications that were used. They can survey standards that are available. For example they will certainly examine the ASC X12 834 Benefit Enrollment and Maintenance standard. Although it is identified under HIPAA they will find is little used and narrowly defined for healthcare coverage. They should also examine the National Information Exchange Model (NIEM), which has been effective at creating interoperability in a green-field area (law enforcement and anti-terrorist information sharing). They should examine the NIEM experience in terms of the time frame and level of economic support that was necessary to achieve functional interoperability and whether the potential availability of existing standards accelerates or impairs the NEIM process.

Business Architectural Considerations
The ultimate standards approach depends on the business architecture and interact with governance. Will information that is shared among agencies within a state, across states and between states and the federal government be mediated by consumers using personal repositories, by a spider-web of reciprocal agreements among these agencies or by a uniform governance agreement comparable to the Data Use and Reciprocal Support Agreement (DURSA) created in support of the U.S. Nationwide Health Information Network artifacts. The spider web is exponentially impossible. It took about three years to conceptualize and complete the DURSA and that effort was arguably much easier than creating a similar agreement among 50 states, some territories and a few large city-states that operate their own social service programs.

The committees should consider standards that support a constituent-mediated approach comparable to the popular conception of the personal health record (PHR). Will each government agency have only two connections to consider:

  • sending data to the constituent or the constituent’s representative
  • receiving data from the constituent/representative.

The direct involvement of the constituent significantly eases governance and authentication in healthcare. The argument that it provides similar simplification for government data is less clear, but I believe the underlying principle is the same. Complex policy issues arise when a keeper of data (health data or other data) sends it to another agency on behalf of the constituent. The requirement to ascertain that the two agencies have identified the same actual person is difficult and they must exercise their obligations to be good steward of the data provided them by the constituent. On the other hand, when the data is managed by the constituent, that person identified himself to both the source and recipient using on-line authentication methods that already exist.

In this model the data repository software that constituents would probably be vendors and agencies that offer on-line storage mediated through the Web, just as TurboTax does now.

It is natural to ask whether the constituents in most need of government services are capable of serving as an intermediary through a Web. Many people, probably a majority are or will be particularly if the required personal technology is limited to a smart phone. Those that aren’t may rely on advocate organizations to assist them. Being an advocate for such constituents requires more than technology; the people who are functioning as advocates will be able to operate the technology.

As always, the standards – however challenging – will be the easy part of realizing a new vision for facilitating interactions with the government. Although the law creates a narrow charter for these committees and a tight deadline, it is important that they at least consider the broader context so that the standards they choose enable the support of the Internet culture that is upon us.

5 Comments »

Category: Healthcare Providers Interoperability Vertical Industries     Tags: , , ,

5 responses so far ↓

  • 1 Jan Root   June 1, 2010 at 10:47 am

    Wes,
    Thanks for writing this stimulating blog. Good food for thought. We are very early in this discussion and you raise some great questions.

    In the spirit of “If you don’t disagree with me, how will I know I’m right?” I have some issues with your piece:

    **The direct involvement of the constituent significantly eases governance and authentication in healthcare. The argument that it provides similar simplification for government data is less clear, but I believe the underlying principle is the same. Complex policy issues arise when a keeper of data (health data or other data) sends it to another agency on behalf of the constituent. The requirement to ascertain that the two agencies have identified the same actual person is difficult and they must exercise their obligations to be good steward of the data provided them by the constituent. On the other hand, when the data is managed by the constituent, that person identified himself to both the source and recipient using on-line authentication methods that already exist.**

    One:
    I don’t believe that the direct involvement of the constitute in information that is being shared with the government will make it any easier to identify a person over the internet for all the myriad of entities that need to accomplish that task. Perhaps my skepticism is colored by living in a state where government activity is viewed with doubt at best and often with outright hostility, but the concept of relying upon the individual to assure that their data is managed correctly seems overly optimistic.

    Two:
    There are some types of data, e.g., public health reporting, certain types of law enforcement data, etc. wherein the consumer has no choice regarding whether it gets reported to the state and where, in fact, the consumer may have a strong reason to NOT report it to the government.

    Three:
    Sometimes people have excellent motives to game the system. In other words, on what basis could a government entity trust that the data in the PHR (or being controlled by the PHR) has not been tampered with? Would they want to go back to ‘the source” to confirm the data? This has been the approach that has typically been taken in the past. So, you’re back to sharing data with the original data source and back to the problem you’re trying to solve.

    Four:
    Until we really have a ‘big brother’ type of identity data base (which I am not advocating), there will always be a question of ‘who is this particular John Doe?”. For one, even if John Doe controls ‘his’ data, most of that data will be derived from other data sources (e.g., hospitals, clinics) who will be tasked with getting John Doe his correct data. Chances are good that at least some John Does will have multiple “PHRs” (some people are forgetful, some people are devious, some people don’t want a PHR, etc). So the issue of “is this the correct John Doe” does not go away.

    So, as much as I like the idea of allowing people to control their own information, and using that to solve the ‘who is John Doe” problem, I don’t think it will actually be that simple.

    I’d like to write more but I’ve run out of time.

    Thanks!

    j

  • 2 Frank Petrus   June 1, 2010 at 2:43 pm

    You have captured very well the vision and challenges regarding Section 1561 – nice summary of issues.

    I appreciated your point regarding the “wired” (internet savvy) capabilities of safety net clients – and how advocacy groups (501 (c) (3)) organizations will need to step up and work with their constituency.

    This wired capability, for an integrated approach to eligibility, will vary by program area – Unemployment, CHIP, WIC and Child Support clients may be more wired than many Medicaid, TANF (public welfare) and SNAP clients – though, I would say half of the later probably are wired.

    As well as looking at other standards/models – the Committee will be well served to look at the Integrated Eligibility Systems that are currently in place – such as Michigan, Texas and other states– there are lessons learned there about what works and what doesn’t – especially around the model of practice for intake, assessment, determination and service delivery.

  • 3 Wes Rishel   June 1, 2010 at 4:09 pm

    Absolutely! This has to be step 1.

  • 4 Vince Kuraitis   June 1, 2010 at 7:49 pm

    Wes,

    While conceptually appealing at the surface, there are a million devil-in-the-details issues around consumer consent and health records.

    Deven McGraw of the Center for Democracy and Technology has written extensively about this and has proposed potential solutions.

    See, e.g.,Rethinking the Role of Consent in Protecting Health Information Privacy, http://www.cdt.org/pr_statement/rethinking-role-consent-protecting-health-information-privacy.

  • 5 Don Simborg   June 7, 2010 at 4:50 pm

    Wes, I guess I see the beauty of a simple front-end to avoid the many agencies from having to do some kind of interoperability or integration or even cooperation, but it is the PHR model that escaped me. I simply don’t see that as a proven model for anything unless your phrase “comparable to the popular perception of the Personal Health Record” implies that you are modeling the “perception” and not the reality.