BOSTON — Interoperability is key to the success of electronic health records, but there are barriers to sharing data between systems, said David Brailer, M.D., national coordinator for health information technology.
The major challenges include standards harmonization, unclear data control policies, a lack of uniform security practices, the inability to ensure that products perform as advertised, and the lack of a business model around interoperability, he said.
“At the very basis of this—kind of the DNA of the interoperable electronic health record—is the emergence of harmonized standards,” Dr. Brailer said at a congress sponsored by the American Medical Informatics Association.
Many organizations are involved in developing standards, but there isn't a process yet for harmonizing two conflicting standards. Nor is there a unified release schedule for standards so that the industry can build investment plans, he said.
Also missing is a way to provide input into the standards process. There is no mechanism for taking a problem in health care and distilling that into requirements that could be used by organizations that develop standards. “Problems don't come well packaged into a standard,” Dr. Brailer observed.
Even with standards, many other factors influence interoperability. One less well-known obstacle is that health care lacks even a vocabulary to talk about the control of data. Deciding on a set of terms and their meanings will be essential to figuring out who decides if information flows from point A to point B, in what way, and who will be notified.
Security standards pose another barrier. Currently, two health care organizations can be compliant with the Health Insurance Portability and Accountability Act of 1996, yet have security practices that prevent them from sharing data. For example, one organization may adopt user names and passwords for authentication, while another uses a biometric thumbprint.
To address this, security brokers or other third parties could navigate between two systems. Some states have talked about creating more requirements for uniformity of security practices. “This is a profound barrier to our ability to be interoperable, and standards won't address it,” Dr. Brailer said.
Physicians also need to be able to know if the system they purchase will deliver on the vendor's promises of interoperability. The industry took a step in that direction with the formation last year of the Certification Commission for Healthcare Information Technology, which will certify that EHRs and other products meet minimum standards. This work will help EHRs become “plug and play” technology in the future, and will take some of the risk out of the marketplace, he said.