Personal Health Records

DoctorsSeems like everything is in the clouds or on the way to the clouds — our money, our music and pictures, our email, contacts and spreadsheets. What about our healthcare records?  Some say security is holding back electronic health records. I do not think so and I believe the vision is clear — that encrypted healthcare data that is authenticated and properly authorized for access will be safer than the millions of manilla folders currently guarding our sensitive information. Google.com/health made a bold move to provide a universal repository for storing health records. I was one of the early users and came to depend on it. When did I get the flu shot? What was my blood pressure at last year’s physical? What test results and medications are there?  All that and much more were provided for free by Google Health. Automatic updates were made by CVS, Medco, and Quest Diagnostics. Get a blood test and in a couple of days you can see a graph of how those results compared to the last time or to five years ago. A very nice service. The company announced last month that Google Health will be shut down permanently and all data will be deleted in 18 months.
Google says it’s shutting down the project because they got very little traction, but ReadWrite reported in Google Health: Why It’s Ending & What It Means, that Google Health may have been ahead of its time and did a poor job reaching out to a now growing ecosystem of developers.  They urge that rather than shut it down, Google should put it on slow life support until the momentum builds. Many tech executives believe, as I do, that patient-centric cloud-based electronic health records are a huge opportunity. An executive acquaintance at Microsoft (yes, there is at least one person at Microsoft who will speak to me after the OS/2 wars), tells me that the company sees the opportunity as large and is committed to HealthVault, an offering similar to Google Health. Even though I am not a fan of Microsoft offerings, I decided to give it a try. Step one at healthvault.com was to login using your Windows Live credentials. That almost stopped me in my tracks, but then I remembered that I had actually setup a Windows Live account back in 2003 to try out some other offering and my account is still good. Exporting all my health data from Google was a couple of clicks and importing it to HealthVault was a bit more complicated but not bad. Now that I have all my health data in HealthVault, what can I do with it. So far, nothing.
At Google Health, you can look at graphs of all your blood tests, print out an immunization card for travel purposes, and other handy things. The HealthVault strategy is to use business partners for the applications; Microsoft just stores the data. They have quite a few partners who offer personal health records. I tried several of them and could not get any of them to work. My data is securely in Microsoft’s vault and nobody can get access to it, including me! You have to setup a unique HealthVault email address and cross-authenticate, and, and, and. I spent an hour at it and finally gave up. I am sure they will make it easier and one day when I don’t have a doctoral paper due, I will try again. Our future health will revolve around personalized medicine and it in turn will revolve around our personal health records (PHR). The key question is who will provide the PHR service for us.
It is early in the game and there are many possibilities. First movers will not necessarily be the winners. Having Google or Microsoft provide a PHR service has certain advantages but there are disadvantages. How about if your health insurance provider decides to not share information with one of the big guys? Why would they decide that? Maybe because they want to be your PHR provider. Then there is your hospital. This is a very logical provider for a PHR service in the cloud, but will they have the resource and skills to launch a user-friendly, scalable, secure cloud-based service? And if you move, will your data be able to move with you? And if you decide to go on a medical vacation to China to get a heart transplant, will your hospital allow the Chinese hospital to have access to your PHR? And there is CVS and Walgreen and Walmart. They may all want to be your PHR provider as an integrated service with their pharmacy operations. And then there is Merck and Pfizer et al. Some chronically ill patients depend on certain medications and the manufacturer will be motivated to provide a PHR service tailored to monitor, sell, and communicate about their drugs. WebMd and the many other e-health sites are logical providers based on the wealth of medical information they provide access to. And what role will the government play?
There are many hurdles. A key element is standards. The Internet works exactly the same in every part of the world because it is built on globally agreed to standards. Health records have standards too. A lot of them! I have written a lot over the years about certificate authorities for authentication on the Internet (see Attitude LLC  category on PKI). In theory, there could be a single central certificate authority that would issue digital signatures that could make Internet email much more secure. In theory. I participated in meetings in Washington 15 years ago on the subject. When there were a few of us in the room we made a lot of progress but when the vendors, agencies, the military, etc. weighed in the whole process fell of its own weight. Likewise one central provider of PHRs could have many advantages, but I don’t believe consensus could be reached on how to do it. I am betting on hospital systems and networks. They may not be able to provide national solutions but they certainly can provide regional solutions through use of their health information exchanges (HIE) and HIEs in turn will ultimately follow standards that will allow them to exchange data on a secure basis. Stay tuned. There will be many developments on this subject in the months ahead.