Posts tagged interoperability
The Doorbell Paradox: How Do You Deal with Your Front Door?

By Ruby Raley, Director of Healthcare Solutions, Axway

Let’s imagine two scenarios:

  1. Expecting company while you’re in your backyard one afternoon, out of earshot of your doorbell, you decided to leave your front door open for a few hours, only to discover later that some property is missing.
  2. Someone rings your doorbell one evening, and you assume it’s your neighbor who visits at this time each week, but before you open the door, you still feel the need to ask, “Who is it?”

A health IT network has equivalents to these scenarios. Its front door may be left wide open, letting anyone come and go at will. Or the credentials of a person attempting to access the network may be checked routinely, no matter how many times that person has been granted access in the past.

But with today’s pressure to interoperate, enable mobile devices, collaborate with cloud apps, move data to the cloud, and tighten our relationships with our community trading partners, these scenarios simply won’t do. We have to own the edge of the enterprise without leaving the front door open, and without asking for ID every time.

This calls for governance — appropriately and securely connecting business and clinical users, as well as community, patient, and member partners — over the connections and services we offer (e.g., cloud and mobile applications), all while:

  • Ensuring only authorized personnel use these connections and services
  • Preserving our ability to monitor their traffic
  • Defining channels, patterns, and standard capability sets and matching them with the demand

We should strive to build a bridge between our current identity management solutions and the new world of cloud and mobile by:

  • Using identity management solutions that prevent us from disclosing user IDs and passwords when the connection is inefficient or insecure (e.g., Attribute Based Access Control [ABAC], SAML, and OAuth)
  • Ensuring that we provide enough information to an authorized user — that we don’t disclose too much or too little — and that we monitor to ensure that traffic is flowing correctly
  • Verifying that we’re not being attacked or hacked in any way, producing audit reports, and proving that our actions reflect our policies

With these simple methods for securing the front door, we can rest assured that we won’t have to leave it wide open for users to come and go at will, without our knowledge, nor will we have to drop what we’re doing and answer it every time the doorbell rings.

Do these predicaments sound familiar to you? Do you feel you have strong governance over the connections and services you offer? I’d love to hear your comments!

Interoperability at the edge of your secure network

Leading a healthcare organization (e.g., a provider, a health plan, etc.) and implementing the patient portal of the future in the age of Meaningful Use Stage 2 — all while serving your members, helping them manage their health, and encouraging them to take responsibility — demands that we ask some important questions about three key areas: data, behavior, and security.

Data 

Does your organization allow redundant data? It’s valuable because it:

  • Keeps our clinical records from search-and-query exposure and security risks (e.g., patient information being transmitted to the wrong recipient)
  • Enhances performance quality
  • Gives you the option to:
    • Push standardized sets of information in bulk or on a per-event basis
    • Cache standardized sets safely in a member portal

Behavior 

How are you going to ensure that your patient portal works the same whether the data is viewed in a doctor’s office, a clinic in your network, or a hospital within an integrated delivery network; or on any device, like a desktop or mobile phone?

While your patient portal goal for Meaningful Use Stage 2 includes providing view/download/transport capabilities, your overall goals may include adding follow-up appointments, reminders, and health tips, which makes it very important that the services you typically use are provided consistently, no matter how the patient accesses them. Being consistent will require reusing existing services (i.e., application interfaces), like physician collaboration, so that you can accommodate every scenario, whether it’s a patient using their iPhone to cancel an appointment or a doctor using an iPad to present test results.

Security 

How are you going to (1) implement a centralized management tool that provides login information to users, and (2) tie it to a consistent identity management program? Remember, if you have separate logins for your enterprise, member portal, and mobile devices, changing one login requires changing all logins — a messy endeavor, to say the least.

So now that we’ve asked these questions, what guiding principles can we bring into our internal planning sessions that might help us find some answers?

Again, I can think of three: consistency, mash-up capability, and policy.

Consistency

You must give your users a consistent experience — allow them to see the same information and have the same capabilities you do — because it fosters engagement and alignment while ensuring they’re receiving good, solid information.

Mash-up capability

You must be able to put a patient record in the portal and add services like appointment scheduling, email collaboration with healthcare providers, health tips, and even blog-post subscriptions — using technology that’s already in place. If you can’t afford to provide these services separately, reuse is essential.

Policy

You must demand a policy-aligned, security-oriented member-and-patient portal. That way you can ensure that only authorized information — never redacted or blocked information — flows to recipients downstream. Policy automation is your best protection from the bad guys, unfortunate accidents, and good, old-fashioned carelessness.

Leading a healthcare organization while implementing the patient portal of the future is a daunting task, but there are ways to make it easier. By factoring in the key areas and guiding principles mentioned here, you’ll be able to move ahead confidently into your planning sessions; assemble the right view/download/transport solution set for your enterprise, patients, and members; and free up your organization to effectively deliver all the quality healthcare services your training and experience allows.