There were several things that caught my eye lately that I found interesting and made me go hmmmm. We’re constantly being barraged with new innovations in healthcare IT, and new legislative proclamations, so it’s nice to stop and ponder a few topics now and then.
First, earlier this month it was reported by many sources that Cerner experienced a computer outage on July 23 that affected EHRs used by hospitals like the 14-hospital Roseville, Calif.-based Adventist Health, and St. Jude Children’s Research Hospital (Memphis, Tenn.). Cerner attributed the outage to "human error”. Many physicians interviewed by the Memphis, Tenn. Commercial Appeal said that they resorted to their old paper process during the downtime, while Sharp HealthCare in the San Diego area was spared from the outage because Sharp runs its own data center.
These publicized outages remind me of on when I interviewed Larry Ponemon, Ph.D., chairman and founder of the Ponemon Institute, about a national report on data center downtime. In that report, the healthcare sector scored the highest frequency of data center downtime, with an average of three outages over the past two years (2008-10), as opposed to the financial industry, which reported the lowest frequency of downtime, with 1.8 outages in the same time period.
The main challenge for CIOs to combat data center outages is one of resources, Ponemon said. “This could be attributed to a few things, including budgets that don’t align with the goal of providing a high-availability infrastructure,” he said. “If CIOs and other senior management do not truly understand the cost of downtime in the data center, they likely haven’t allocated the appropriate budget for preventing and responding to outages.”
Having iron-clad business continuity practices or mirror data centers to prepare for unexpected outages is tantamount in healthcare; but do organizations have their organizational priorities and budget in order? Healthcare Informatics will be covering the topic more in depth in next month’s issue, so stay tuned.
Patient Consent in HIEs
The issue of patient consent in HIEs was another topic that piqued my interest this week. David Trachtenbarg, the CMIO for Central Illinois Health Information Exchange and the medical director for the Diabetes Care Center at the Methodist Medical Center in Peoria, Ill. noted in a HIMSS news item that potential regulations such as a requirement that patients opt-in to participate in a HIE could greatly reduce likelihood clinicians will use HIEs.
John Halamka in his “Life as a Healthcare CIO” blog shared an interesting way that organizations can overcome the challenges of centralized consent repositories and record locator services. He said Beth Israel Deaconess Medical Center has created a query/response data exchange model with the Social Security Administration that requires no centralized infrastructure to “solve the unconscious in the Emergency Department problem”.
“Social Security identifies themselves via a secure certificate and is considered a trusted partner. Then, Social Security computers send a secure SOAP request, including a scan of the patient's signed medical record release document and patient identifiers to servers at BIDMC. We store the patient release document in our logs. We look up the patient in our system and if we can reliably match the patient using multiple identifiers, we create a CCD/C32 (Summary of Care document) and return that to the Social Security computers via the secure SOAP response.” —John Halamka
I think query models are the wave of the future. In an article in the September issue, I interviewed several of leaders of the Query Health Pilots to learn how they are answering population health’s unanswered questions and developing standards for distributed population queries without getting mired in data ownership and consent issues. Granted this project uses aggregated de-identified data to deliver insights for local and regional quality improvement, but I think this query model of sending and receiving specific data, rather than comingling data is where most provider organizations will feel comfortable with. I have a feeling this is why many HIEs now are pushing Direct secure messaging.