National security experts recently charged the nation with securing its telecommunications infrastructure by building a single, nationalized 5G network. Is there a call to action for a single, secure system within the health IT infrastructure?
Since 2009, the health information of more than 150 million Americans has been exposed due to data breaks. In the past year, the health insurance company Anthem agreed to a $115 million dollar settlement for its 2015 data breach that impacted 80 million of their customers. Public opinion calls out in concern over privacy and security with about 7 in 10 Americans feels very or somewhat concerned about the privacy and security of their medical records, according to a 2015 report by The Office of the National Coordinator for Health Information Technology (ONC). The high profile breaches in other sectors such as Equifax, Yahoo, and eBay add to the urgency surrounding data security.
The ‘Spine’ solution
In England, as part of the National Health Service Digital Initiative, there is a single, nationalized system for basic health IT infrastructure called ‘The Spine.’ The Spine is a self-contained, end-to-end secure, national server. It is host to several patient services for the approximately 55 million people served by the NHS England. It also serves to validate the professional credentials of all 883,000 clinicians in NHS England. Several key services of the Spine are:
- The Personal Demographics Service (PDS): contains each patient’s demographic information and their NHS identifier number
- The Summary Care Record (SCR): contains key elements of patient’s clinical information, such as allergies and adverse reactions to medicine
- The Secondary Uses Service (SUS): produces which business reports and statistics for research, planning and public health delivery from anatomized data on the Spine.
In the American context
A focus on the urgent need to secure the health data of the nation could balance out the criticism from privacy-focused groups and generate much needed political will for investment. While full interoperability of health IT systems is a goal of the ONC, the political will to implement the strict standards required for meaningful interoperability has not been seen. The ‘Spine’ national network would serve to provide patients with some of the most basic benefits of interoperability, even while full system-wide integration remains elusive.
The American ‘Spine’ would validate professional credentials and prevent fraud. For all certified health professionals in the country, the system would include information about what states they are allowed to practice in, when their licenses expire, and which patient records they are allowed to access. With a system for greater accountability, government savings on fraud could be up to $100 billion a year.
The other key benefit of the system would be the unique patient identifier which would allow for greater privacy and clinical coordination. An analysis by the RAND Corporation concluded that “giving every American a unique patient identifier could reduce errors in retrieving their medical records while improving data sharing and security.” The same analysis estimated savings of $8.5 billion per year related to: 1) more-complete retrieval of medical records, and 2) avoiding adverse drug events.
The NHS contract with BT that delivered core elements of the UK’s health IT infrastructure including the ‘Spine’ and Summary Care Record cost £3.4bn or $4.7 billion. But, a complete cost-benefit analysis in the American context is needed. Of all the stakeholders involved in with the health IT system, policymakers are the only ones positioned to carry this idea forward.
The policy window for bold health data security is open. The benefits are clear. The message to policymaker is, ‘Get to it!’