Halamka: Open standards are 'key to interoperability'
“We run a data center with a couple of petabytes of healthcare data for three million patients and the entire infrastructure is run on Red Hat technologies,” Halamka said. “We have multiple data centers, multiple clusters of Linux servers and we haven’t had downtime in a couple of years. No CIO in healthcare is afraid of open source. In fact, the movement to Linux clusters that are highly reliable for healthcare is the way the back end in most healthcare data centers seem to be going.
Part of the stimulus bill grants $564 million to state entities to promote HIE best practices: “Exchanging healthcare data requires that we standardize the information that’s being recorded in healthcare electronic records and send it from place to place using standards, protect privacy using standards, and all these standards are open consensus standards; they’re not proprietary," Halamka said.
"There’s a huge move in this country to get all stakeholders…to use open standards to record and transmit healthcare data, but we need to figure out how to do that,” he adds.
At the federal level, the Interim Final Rule stipulates open source standards for electronic content, standardized vocabulary for that information, transmission and privacy/security. Examples of opens source content standards include XML-construct Continuity of Care Record (CCR) and Continuity of Care Document (CCD), which will converge to one standard by 2013, said Halamka. For vocabulary, problem lists will eventually be standardized on ICD10/SNOMED. The RxNorm open source database for medicine will map generic, trade names, designations, etc.
By 2013, the FDA’s Universal Ingredient Identifier (UNII) will be used to describe substance, food and environmental allergies, he said. HL7 Clinical Document Architecture will be the standard for describing vital signs by 2013. The IFR will standardize units of measure to the Unified Code for Units of Measure (UCUM). “Right now, we don’t have any standards units of measure. I could report a lab in milligrams per deciliter or furlongs per fortnight,” said Halamka.
The National Council for Prescription Drug Programs’ NCPDP standard will apply to eprescribing, and eprescription will extend to controlled substances. “The [Drug Enforcement Administration] has previously prohibited controlled substances to be e-prescribed, which means I could use open-source standards in an end-to-end, fully encrypted XML construct for Lipitor, but for Oxycontin or morphine, I use a pen and paper,” Halamka said. “The DEA has issued an IFR saying doctors can eprescribe controlled substances if they use two-factor authentication and that can be biometric or hard token.”
The healthcare reform act standardizes how data gets from the physician’s office to the payor; it’s XD4010 now but XD5010 will be required.
“We want to make sure we have as a country the capacity to exchange data for the public good. All of this is only going to be possible if patients trust that this is going to be done with their consent and if there’s integrity within the organization. I spend $1 million a year in intrusion detection/protection, white hat hacking teams, anti-virus software, malware detection, various types of proxy servers to keep the evils of the internet away from my healthcare data. That’s the only way to build public trust,” he said.
“It is a cold war. [But] there are many eyes on open-source products and we have tended to see good security and good reliability because there is such a community of folks looking at, testing, and improving open source products.”
The 2011 federal regulations for health IT require set of open standards that will evolve to even more specificity in 2013, according to Halamka. “Open standards are key to interoperability. Only by working together, not in silos or in a vacuum, can we achieve the healthcare we all want at the right time and the right cost,” he said.