Reproduction permitted for personal use only. For reprints and reprint permission, contact firstname.lastname@example.org.
For this special issue of Wisconsin Technology Network, we asked William Yasnoff, founder of the eHealthTrust initiative, why his system can foster the adoption of electronic health records that today are fractured and limited.Read part 1 of this interview.
Yasnoff is a speaker at the Digital Healthcare Conference 2006, where he will deliver a presentation titled "A New Patient-Centric and Sustainable Approach to Health Information Infrastructure."WTN: Let's recap what we discussed earlier.Yasnoff:
If and only if a provider has an electronic health record, they can submit this electronic record of an encounter report for each patient and receive $3 per patient. That creates a $10,000 to $20,000 per year income stream, which is more than enough to amortize the initial cost of the maintenance of an electronic health record system.
The business model for the eHealthTrust provides enough revenue from that $5 per month to pay for the per-enounter payment to physicians.WTN: If I'm paying my monthly fee to have my physician use electronic records, how do I know that will be useful if I end up in a hospital somewhere else?Yasnoff:
Exactly. That's a very, very important point, that if every doctor, hospital, clinic, emergency department, long-term care facility, urgent care facility, had complete, functional electronic health records today, that would not solve the problem of delivering complete patient information at every point of care, any more than if you give a bunch of people an ordinary telephone, that creates a communications network.WTN: You've got both public and private sector experience. What entity actually has the influence or the ability to get everybody using compatible systems?Yasnoff:
That's a good question. Let me frame this a little bit in terms of what problems you have to solve in order to create an eHealthTrust. First, you have to have all the information in one place. The information has to be electronic. So you have to have incentives, and we talked about that.
Second, you have to have a place where you can go to get the information, and although people are arguing for a system where you essentially electronically collect it on the fly, for a number of reasons that really can't work. You need to have the information actually in a repository.
Then you have three preconditions that support this repository. One is stakeholder cooperation, two is financial sustainability, which I alread talked about, and three is public trust.WTN: Who are the stakeholders here?Yasnoff:
By stakeholder, in this case, I mean people who have information about you. There are three ways to get stakeholder cooperation. One is voluntary. If you believe in voluntary cooperation I have some wetlands to sell you in Florida, because that's just not going to work. You could also pay the stakeholders to cooperate, but the question is where you're going to get the money for that. So really, you have to mandate cooperation.
The easiest way to mandate cooperation is to use an existing mandate, which is HIPAA. One of the things HIPAA says is that if a patient requests their information, and you have it, you must provide it. That's the other nice thing about this patient-centric model, where the patient is really the controller of the information, because the patient in the eHealthTrust model is the requestor of the information, and therefore all the people who have information must provide it under federal law.WTN: And the third condition?Yasnoff:
You also need to have public trust. To me there are three elements of public trust. One is having people control their own information. The second is, you have to have a trusted organization, because we're talking about essentially creating a repository in the community of everyone's medical record. Well, this is a pretty scary thing. So the question is, what institution can be trusted with such a valuable and potentially damaging resource. The best way available at the moment to do that is to create a community-owned non-profit that has balanced representation from all the different stakeholders, so no one stakeholder can either veto action or force action.
In addition, I recommend a separate, independent and continuous privacy and confidentiality auditing function. So it's similar to the financial auditing function that banks and others have to submit themselves to. Obviously if you're handing information properly you should welcome continuous scrutiny.
And finally, you have to have a technical architecture that is trustworthy. In the eHealthTrust model, the way that's accomplished is to have two separate servers. One is a research server, essentially where the entire database is available and can be searched for research purposes, for public health, for biosurveilance, but that system is not connected to anything. It has no phone lines, no Internet connections, it's obviously in a seriously secure location in a vault, and an electrified fence and a barbed wire fence and a bunch of former Delta Force guys with automatic weapons who are told to shoot first and ask questions later. And I'm not kidding about this. This information needs to be protected like nuclear secrets. It's very, very valuable and it has to be kept secure. So legitimate research queries would literally be walked into the room, the results would be determined and then walked out of the room.
Then there's a separate server, a clinical server, that provides access to the individual records. And obviously this does have to be connected to the Internet, because otherwise you can't have access to the records from anywhere. If it is penetrated, the worst that happens is one record is lost. You wouldn't be able to penetrate the system over and over again, because that pattern of use would be detected and you would be cut off.
The other thing you do, a standard technique in the computer security community, is you set up what's called a honeypot server. You set up a duplicate of your clinical server with dummy patient records, and you offer a large prize, say $100,000, to anyone who can break in and get the information. So then the hacker community has a choice: they can go after the real server, where they might get one record and risk jail, or they can go after the honeypot server, where if they get in they become a hero and they get $100,000.
It gives the message that you're very confident in your security.WTN: Going back to what you said about HIPAA and interoperability, how would requiring each patient to be able to request their data build interoperability? I could imaging each hospital having their own system for giving patients their records in human-readable format, but that doesn't mean the computer systems could work together.Yasnoff:
The issue of interoperability is complex, and there is nothing in this world that we can do immediately to create interoperability in a complete way. That just can't be done. But that has to be a process. In the eHealthTrust model, primarily what is needed from hospitals is the discharge information. At this point there is no standard, so that would just be text. The other information we need from hospitals is their lab data, and there are good standards for that already, and those are being used to transmit lab information, and also the imaging reports, and there are good standards for that.
We need standards for medications; those exist. And the other standard we need is the standard for physicians to send in reports for encounters. That standard has actually been proposed by the EHR vendors' association, and everyone will be asked to comply with that standard. And in fact, EHR systems will all be equipped to send information using that standard.
Even within that standard, there are many things that are text, and not easily processed. A good example is chief complaint. No one has developed a methodology, to date, to standardize chief complaint. So we can't ask people to encode their chief complaint because there's no system available to do that. Hopefully, soon, there will be such a system available. In the eHealthTrust model, we then have the ability to enforce this new encoding standard.
Let's say today somebody announces: here's how we encode chief complaints. We would then say to folks who are sending information to an eHealthTrust, well, this is the standard we're going to use to accept chief complaints, and starting in the year 2008, if you send us an encounter report that does not have an encoded chief complaint, we're not going to pay the $3.WTN: When do you think most Americans will be able access their own electronic health records?Yasnoff:
Well, it depends. But this system is actually being implemented now in Louisville, Kentucky. They have put out our RFP's, they are going to get proposals in May, they'll probably sign a contract later in the year, and it should be operating by next year. There are some other communities considering doing this. I think once it becomes clear that this model is successful and sustainable, many other communities will want to do it, so the question is how fast it can be implemented across the nation. My guess at this point is that it's a three to five year process. That's as far out on a limb as I want to go. In five years, there will be people who do not have this, and I'm not counting the people who have decided to opt out, but it won't be many, in my opinion.
WTN: Dr. Yasnoff, thanks for your time.Visit the Digital Healthcare Conference web site and attend the conference for more on this and other issues central to modern healthcare.