Secure Cradle to grave Electronic Medical Record WITHOUT disruption, Distributive Ledgers. AKA Blockchain

The latest hack of Hollywood Presbyterian Medical Center again bring to our attention for the need of security in healthcare to be updated.  The Current system is failing! Distributive Ledgers an architecture that supports Bitcoin, which is called Blockchain, could provide the security and control of patient records and providers communication.

 One of the issues with modern Electronic Medical Records (EHR) is the inability to interoperate.  HL7 standards organization has provided protocols for transmitting the information, however that is only a small part of the problem.  Issue such as provenance, Digital Signing, content management, identity and encryption to name a few, inhibit easy sharing of data.   There is now a technology that could eliminate the majority of these issues and provide us with the promise of a Cradle-to-Grave EHR, that is Blockchain.   


Blockchain is the OpenSource technology that support the somewhat infamous Bitcoin.  Regardless of your opinion of Bitcoin, Blockchain technology is a very viable open distributive ledger solution.  Blockchain provide a P2P (point to point) encrypted realtime mesh network, where transactions are timestamped and verified on an open ledger system.  Consensus is the system used to validate the integrity of a message or document, each time a document is altered, a new block is added to the chain providing a linear and reproducible record of access and updates via a hashing function. 

I mentioned "without disruption" in the title because, health organizations have suffered a lot of disruption in the last few years with the advent of the EHR requirements.  I believe there is a better way to design, using an adjunct processor solution, i.e.,  by providing interfaces to the EHR via HL7 FHIR and providing a Blockchain API, the EHR can use a Blockchain without significantly disrupting their EHR installation.  

To answer the question of the Blockchain records, there are many solutions already available for storing records on open Blockchain, the Bitcoin chain. however, even thought blocks do not contain readable data, it may be optimal to store the records on private Permission networks, such as hospital networks and validate via consensus process or Paxos, such as, Practical Byzantine Fault tolerance used by Hyperledger, 

The following are some of the feature that would be provided to a medical record using Blockchain:

• Data Provenance

• Non-repudiation 

• Digital Signing of charts/records

• Linear chronological tracking, Audits records 

• PKI cryptography/encryption 

• Distributed decentralized, encrypted P2P messaging network 

• Identity management

• OpenSource

• Ubiquitous sharing of data

• No Single Point of Failure 

• Realtime transaction

• Content Management

• Public Records - Birth to Death longitudinal record 

• Uses ‘Proof-of-Work’ technology 

• time-stamping 
• 
  
• Private or public chains
• 
  
• Distributed databases

Interoperability, it is more than a set of interfaces.

Last week I had the pleasure of meeting Dan Pettus, VP of Connectivity at CareFusion, we were part of a Panel on The Future of Interoperability at the BIOMEDevice conference in San Jose, CA.  During our  prep for our discussion, Dan provided his view of interoperability, he said that it is more than an technical interface, but the relationship between two systems to communication on multiple layers as well being in sync with each other to the extent that if one side is not working the peer will be affected.   He provided an example,  let’s say that you have an infusion pump that is connected to an EHR and you receive a formulary update in the EHR, the infusion pump(s) must be updated ASAP.  Intelligence must be built into the system to recognize that the update must be sent downstream to the pumps and that the pumps themselves need to be aware of required updates when they comes online.

I had never really thought of interoperability this way, before our conversation.  Endpoint devices do have more than a technical interface,  the easy part of interoperability.  We must consider what other systems are affected when one side of the interface is updated.  We must also take into account how workflows may be affected with peer updates

 When we plan integrations of devices or systems we need to think about the unintended  consequences of interoperability.

“Secure by Design”, IoT in health

Though my subject is Medical Security, this post  extends to devices within our home, auto and our pocket.  If the device is connected we need security to insure privacy.

The most important step to ensuring our privacy and protecting our data starts long before you purchase a device or a new connected devices is added to a hospital or doctors office network.

Security starts in the design of the device and is based on software best practice, many that are not known or enforced in to coder community today. The practice is called  Secure Software Development Life Cycle (S-SDLC) an is taught in the first semester of most Computer Science college curriculum.  This is where I normally lose the Agile designers, but wait, this will work for Agile as well  We just need to consider the sprints as smaller circles/life cycles, more about this later.

There is one large caveat to designing medical software, if it fall under the FDA definition of a medical device it must follow IEC 62304, which is waterfall design, at least for the documentation.  Not all software for medical use need FDA approved, e.g., EHR Electronic Health Records do not fall under FDA jurisdiction, why?  Good question, however we will leave this for another discussion.

One issue software faces today is the lack of Computer Scientists,  there are many great coders doing good work, however the oversight seems to be lax.  Oversight is the responsibility of the vendor that owns the software and the customer who purchases the software, e.g., a hospital purchase a solution to store PHI, something goes wrong and the data is compromised.  It is the hospital responsibility to report and most likely compensate the patient's that have been damaged by the breach.    

S-SDLC

Secure SDLC is based on SDLC, a best practice for designing and delivering robust software.

A series of steps starting at the top of the circle describing the life cycle of the development.
S-SDLC  takes into account security at every step of the cycle, e.g., Requirements phase, add Security requirements.

One of the most important parts of the cycle is testing,  it is the last chance to catch a problem before it gets to the customer.  Because of the emphasis placed on iterations and quick to deliver, many coder today do not agree.

There is a V-Model for SDLC that stresses the testing phase, by including 5 levels of testing.  Many in the Agile community feel that this model is to close to Waterfall design,  I do not wish to debate, however I did want to show the testing phases that must be implemented in-order to protect data.

• 
  

• Unit testing
• Integration testing
• System testing
• User acceptance testing
• 
  

User Acceptance Testing is one of the most important phases because it test in a way that the customer will use the system.  I suggest that organization perform this testing themselves to make sure they are getting the protection and operation that was sold to them.

As IoT solutions become more available in healthcare, we will need to be more diligent in protecting our privacy and the privacy of our patients.  We can no longer except that notion that a product, service or vendor is secure, we must follow through and be sure.

Security isn't something that you can buy as much as it is a way of thinking, designing testing and implementing.   Organization must train their people to think about security first, in everything they do.  We also must implement system that allow employees to report suspected security problem without repercussions, i.e., shooting the messaging .  Security is a team effort, both strategic and tactical.

First Open mHealth Summit, a success for mobile health

I was lucky enough to be invited to the Open mHealth Summit event in San Francisco to witness the unveiling of the latest mobile framework and protocol for healthcare. I have been talking with Dr Ida Sim of UCSF for a few years about there Open mHealth (OMH) project.  We both agreed that there is a need for a protocol/standard to transport data between wireless smart devices without the overhead of the land based HL7 standards such as CDA or CCDA.  Several years before meeting Dr Sim I decided to quit complaining about HL7, so I joined and started try to bring about change in mHealth from within.  When I first read about Graham Grieve's FHIR, a Restful API interface to supplement or replace the CCDA I was thrilled, and implemented a version in a project before HL7 got a hold of it.  HL7 FHIR attempted to solve some of the mobile issues but fell short IMHO by implementing XML and retaining  some of the legacy overhead from the CDA.  FHIR, is good solution for web based solutions that need to communicate directly with and EHR or mobile with 4G, however much of the world including the US doesn’t have 4G and the overhead is still quite high and many solutions do not need to communicate directly with and EHR. 

Dr Sim and her colleagues have a dream to simplify the sharing of health data and there are well on their way to doing it.  If what I saw yesterday is any indication of the future, Open mHealth is the direction to follow.   Open mHealth as it names states is open source, it is not a standard, however most standards do not guarantee interoperability and never will.  The solution is Restfull APIs with “standard” clinical templates to share meaningful data.  OMH already has many supporter that are helping to extend the platform.  Catalyst has a solution that converts OMH into HL7 V2 (circa 1989) the most widely used protocol of healthcare and back again,  now that is interoperability.  There is also a project, Granola to serialize Apple healthKit and that alone is worth the effort to check out OMH.  

OMH doesn’t solve all the Interoperability issues and they are not really trying to, however they are solving the problem of sharing health data and reducing the amount of payload that is transmitted with a mobile smartphone.  Getting the EHR Vendors to except the data or to share their patient data that is locked in their silos is still an issue. 

I am very hopeful and excited about the work OmH has done to date.  

Insurance companies don't get it, yet. There is a lot to learn about Aetna's CarePass failure.

I was very excited to see the rollout of Aetna's Carepass at the mHealth Summit several years ago.  I seem to be a great idea, however it never got any real traction.  I spoke to some of the people on the team and there was a lot of excitement.  I envisioned a platform to connect to their providers, patients and EHR but that never happen.  Like so many health platforms on the market, they took the safe easy way out,  providing support to patient facing apps,  WHO CARES,  let me reiterate WHO CARES!

Some of these supported apps are great, but it is proven that most are downloaded used once or twice and abandoned.  The only way to get patient to really use apps is for doctors to prescribe them and then have a facility to transmit and store the patient provided data to the provider's EHR.  However, that is still somewhat of a dream, which there is yet to be a standard to support.

In order for a platform to be successful it must be connected to the healthcare eco-system, that is, the provider's EHRs.  However not happening, most of the EHR cannot communicate with themselves.  This is where Aetna had a chance to make things different, they could have demanded interoperability and communication with patient facing apps.  Yes, there are a lot of issues around this but I believe they were well positioned as a payor to bring about change.

One of the hurdles that I did see with Carepass is getting other Payers or providers outside of the Aetna network to use their platform.  I don't think that this going to happen for a while.  Which is a shame,  we need healthcare organization to work together if we are going to get true interoperability.   We also need companies such as Aetna to keep innovating pushing the old school status quo.

Change will come, it has to.

Jeff Brandt
www.dekaG.com

The passwords have met their match

Yesterday, it was announced that a Russian Crime syndicate has stolen 1.2 billion identities.  As of the next day it is was still not known where or who’s IDs were stolen.  The media is suggesting that we change all usernames and passwords.  I like many, have at least one hundred usernames and password and this would be no small feat to change them and most likely won't.  Many times it is difficult or impossible to change usernames.

One of the primary issues leading to all of these cyber attacks is that millions of places that passwords are stored.  Each website keeps your username and password on their systems.  There are systems (OAuth) that allow sites like Google and Facebook to share credentials with other sites to allow access to their systems without setting up new credentials, however that means you have to trust sites like Facebook to store your credentials.  Since these companies make their money from selling information via advertising, well you get it.

We must ask why these passwords were not encrypted? It was poor design and oversight.  Data at rest is always vulnerable; it is the “edge” that gets hacked, i.e., data can be sent over a secure links, such as SSL but when it is moved or temporarily stored during processing it vulnerable and if the data is not encrypted when stored, it remains vulnerable to thief.  Credit Card data before PCI compliance rules had the same issues.  Compliance, however isn’t a law such as HIPAA, but maybe it is time for legislation for all password data.

There needs to be a better system for identification and authorization.  Usernames and passwords have met their match, the well funded, sophisticated hacker, the new cyber criminal.

Jeff Brandt

www.deKaG.com

What's your recipe for a great mHealth App? Sean Broomhead previously posted on Linkedin

Knowing what problem you are trying to solve is the most important part of any product. The next is having a team that understands the problem and how to solve it or find solutions for it.

One of the biggest problem that I have run into is that lack of understanding from both the clinical and technical side of the solution. Many technical people attempt to solve healthcare without domain expertise. Yes, we are all patients, the main reason you see so many patient facing apps, however if you want to build medical apps you will need clinical domain experts. Then you have doctors that want to build apps without having technical knowledge or don't understand the software process. Both roads can quickly lead to failure. It takes BOTH technical and clinical to build mHealth apps or systems.

Systems, apps are mostly worthless without a link into the ecosystem of healthcare. you must think of an app as just the client of the system, it is like the steering wheel of a car. You shouldn't care if it is a iPhone or Android, that is the endusers decision, app developers need to support what the market wants. The system is what is important in mHealth, how you connect, interoperate with providers, family, and patients.

Jeff Brandt