Since Simple Interop: The Health Internet Node was posted there has been a very thoughtful thread on the notion of having a top level domain (TLD) for healthcare. In the original post I thought I was pretty clear that we did not think this is a good idea, but in a separate posting I can give the topic more space.
- Our primary goal in the “simple interop” thread has been to do something that could start to give functionality quickly and yet serve as a basis for extended functionality in the future. I am wondering how much time is required to establish a new TLD, but I’ll bet it is measured in years.
- Getting started quickly is particularly important in light of the U.S. legislative mandate to accelerate the adoption of interoperable EHRs (see the soapbox below on the EHR term). It would be bad policy and an affront to other countries to attempt to create a U.S.-only TLD.
- On the other hand, it would be really complex to create an international TLD. Healthcare is regulated nationally, when it is not regulated in more granular jurisdictions. For example, the European Union specifically delegates the regulation of healthcare to the member countries. It is difficult to conceive of the establishment of an international authority for issuing domains in a healthcare TLD that would be trusted by all countries.
- Irrespective of process issues in standards and governments, it would not be good security practice to impute any level assurance about the eligibility of a domain-name holder to anything in syntax of the domain name. Current security status should be verified through digital certificates issued by a trusted certificate authority that must be renewed from time to time and can be revoked.
- It would not be a good idea to create the illusion that the domain name itself carries assurance about the legitimacy of a healthcare organization. People will build software that depends on the illusion despite all the disclaimers in the fine print of the protocol documents. People will also make personal decisions to share information on that basis where they should not.
For these reasons our proposal is intended to depend on CAs to maintain current information on the eligibility of an organization that holds a domain to participate in healthcare exchange. A single healthcare domain name could be certified by one or more CAs. Then perhaps each country could then select those CAs it trusts to administer its policy. (The reliance on CAs in our approach was not clear; we will update the approach to make it clear.)
It should be noted that we are attempting to avoid bottlenecks in governance. A government can approve multiple CAs if it so chooses, avoiding the creation of a “healthcare CA monopoly.”
If a group of countries want to agree on a common set of policies and a common set of CAs that would be great. But we don’t want to make any one country wait for that process to play out.
We are aware that the notion of multiple governments certifying the domain name may not work, because they may not agree on a common set of policies. We are also aware that technologies and standards have been proposed and demonstrated for dynamic assertions of policy to be reconciled by “policy engines” operating in front of other services. Those approaches have a long way to go before they can be thought of as proven, ubiquitous Internet facilities. We are really hoping to avoid the roll out of such approaches being a bottleneck to the use of the Internet to improve healthcare.
For this reason we propose an approach specific to the U.S. for now and don’t assume that it will or won’t be adequate to other countries’ needs. As various countries develop and approve their approaches to governance we hope that the joint experience will lead to future proposals for common mechanisms for governance and, maybe some day, common governance.
Soap Box: The Term “Electronic Health Record”
Should anyone need a demonstration of the difficulties that delay reaching global agreements, consider that the term “EHR” has an idiosyncratic definition in the U.S. when compared to most of the world. In the U.S. the term refers to the record of patient information that is kept by an individual care delivery organization (CDO), with the proviso that there be some degree of interoperability. In most other countries that use the term it refers to some specific sharing of information that may be sourced from many places including but not limited to the electronic patient records of individual CDOs. In the U.S. it would literally take an “act of Congress” to change this and the same may be true in other countries. When thinking of urgent issues such as world hunger, nuclear arms, climate change, regulating financial institutions and whether my district gets potholes fixed I would rather my legislators spend their time on something other than clarifying the fine points of the term.
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.