Sorry, you need to enable JavaScript to visit this website.
Digital Health Services/Securing the Health IT Ecosystem September 29, 2014

A health Information Technology (IT) ecosystem is emerging, founded on Digital Health Services that are transforming the way health IT data is created, digitized, collected, exchanged, analyzed, used and reported. The primary purpose of Digital Health Services is to improve the quality, accuracy, privacy, usefulness and security of basic healthcare information. The goal of the initiative is to create a more patient-centered, less wasteful, and higher quality information system that produces better health outcomes.

Digital Health Services are a response to the digital transformation of healthcare data, as analog videos and voice messages are converted into digital format. Information-driven services such as healthcare are on the leading edge of this transformation which is being driven by technology innovation and changing patient expectations and behavior. Legislation is spurring the collection and consolidation of healthcare data, and digitization of that data. The Health Information Technology for Economic and Clinical Health Act (HITECH), with its emphasis on Electronic Health Records (EHRs), and the Health Insurance Portability and Accountability Act (HIPAA) with its specification of “Meaningful Use” metrics have led to an increased amount of electronic clinical data available to clinicians and health-care organizations.

The Department of Veterans Affairs (VA) has already been deeply affected by these forces, as seen in its ground-breaking telehealth program that delivers Digital Health Services to Veterans. VA is also partnering with Microsoft in building a digitized population health management system, e.g., the Corporate Data Warehouse.[1] VA is the largest integrated health care system with over 1,700 care sites, serving 8.76 million Veterans each year.[2] VA is working with the Office of the National Coordinator (ONC) for Health IT on a pilot to demonstrate the functionality and security features of web-specific new architectural styles, e.g., Representational State Transfer (REST).  Using Fast Healthcare Interoperability (FHIR), VHA is testing RESTful protocols for authorization, e.g., OAuth2; access control, e.g., User Managed Access (UMA); and user authentication, e.g., OpenID Connect. The three use cases for the test scenario are entitled:  Consent Directives on FHIR (pronounced “Fire”), Health Information Exchange (HIE) on FHIR, and Apps on FHIR (for mobility).[3]

The digitized healthcare IT ecosystem is comprised of many entities, all of which interact with the patient, including pharmacies, clinicians, payers, insurance, caregivers/family/friends, laboratories, data repositories, researchers, etc.  All of these entities need to be connected to a secure IT infrastructure that provides technical and semantic interoperability and guarantees trust across healthcare environments. As healthcare data traverses the healthcare environment, it is necessary to track its provenance, e.g., origin, across the continuum of care and lifespan of the data. An ONC Standards and Interoperability (S&I) initiative is working on data provenance.[4]

There are a number of on-going government and industry initiatives to create an interoperable, standardized digital services infrastructure. These include the ONC S&I Initiatives, such as data provenance, Data Segmentation for Privacy; NIST/NSTIC/IDESG-funded pilots;; FICAM/Trust Framework Solutions; FCCX; and on-going standardization projects in the Kantara Initiative, Health Level 7 (HL7), OASIS, ISO, ITU, IEEE, etc. HL7 standards activities have contributed towards the goal of creating standardized digital services infrastructure by providing an information model, metadata and security and privacy mechanisms, e.g., the Security Labeling Service and Privacy Protective Service, all of which the Veterans Health Administration (VHA) has adopted and incorporated into its health IT security and privacy architecture (VHA-SPA). The VHA-SPA was developed and is maintained by Electrosoft under a Blanket Purchase Agreement with VHA.

Most of these standardization efforts are generic in nature, although they can be leveraged to create the specialized digital medical infrastructure that two recent policy reports call for:  the 2010 PCAST “Path Forward” Report” and the 2014 AHRQ JASON report, “A Robust Health Data Infrastructure.”

1-The “Path Forward” spurred the use of metadata as one approach to development of a ‘universal exchange language’ for sharing of health IT information across institutions. It accelerated efforts to develop the U.S. health-data infrastructure that would enable combining patient data from different institutions and sources.[5]

2-The 2014 JASON report, “A Robust Health Data Infrastructure[6],” presents a health IT architecture model. Its approach is to encourage vendors to create and publish APIs for medical-records data that would enable their EHRs to be exchanged across the healthcare environment. The 2014 JASON Report also argued for fine-grained consent directives, which are part of the VHA/ONC pilot.

The key to the success of the Digital Health Service(s) is the development of terminology and vocabulary, content and format, transport, and security core components that will enable semantic and technical interoperability across all healthcare environments and transitions of care. ONC's 2014 interoperability strategy report, entitled, Connecting Health and Care for the Nation: A 10-Year Vision to Achieve an Interoperable Health IT Infrastructure,[7] identifies some of the core components or building blocks of the interoperable digital health service that ONC is supporting through its S&I Initiatives, in conjunction with government, industry and the public. These include: “creating methods to accurately match individuals, providers and their information across data sources; for authorizing users to access data from the data sources; for authenticating users when they want to access data from data sources; for securing the data when it is stored or maintained in the data sources and in transit;  for representing data at a granular level to enable reuse, and for handling information from varied information sources in both structured and unstructured formats; addressing issues such as data provenance, data quality and reliability, and patient identity matching to improve the quality of interoperability, and thereby facilitate an increased quantity of information movement.[8]” Some pieces of VHA’s healthcare IT ecosystem and architecture are still being scoped or are under development, such as the web-friendly, specialized RESTful protocols which VHA is piloting in conjunction with ONC and others government and industry players. Others are already in place, such as the VA Corporate Data Warehouse and the VHA’s telehealth program.

-Judy Fincher

Key References:

JASON. “A Robust Health Data Infrastructure,” prepared for the Agency for Health Care Research and Quality, AHRQ publication number 14-0041-EF, Rockville, MD, 2014.

ONC, Connecting Health and Care for the Nation: A 10-Year Vision to Achieve an Interoperable Health IT Infrastructure,

PCAST, REPORT TO THE PRESIDENT: BETTER HEALTH CARE AND LOWER COSTS: ACCELERATING IMPROVEMENT THROUGH SYSTEMS ENGINEERING, Executive Office of the President, President’s Council of Advisors on Science and Technology, May 2014.

PCAST, President's Council of Advisors on Science and Technology. Report to the President- Realizing the Full Potential of Health Information Technology to Improve Healthcare for Americans: The Path Forward. The White House, December 2010.



[2]   (Home Page)

[3] Electrosoft is monitoring the development of the VHA pilot and participates in their meetings. Please direct any questions to the author of this blog. A future blog will describe the pilot in more detail, when it is completed.





[8] Ibid.

Return to Electroblog